Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.01.2014, 11:10   #1
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Hallo,

habe eine Zweitinstallation von Windows 7 auf meiner neuen SSD gemacht. Seitdem bringt AntiVir die oben genannte Meldung.

Nachdem ich hier einige Postings gefunden habe, habe ich bereits mBar installiert und den PC gecleant. Momentan kommt keine Fehlermeldung mehr. Aber so wie ich es verstanden habe muss das noch nicht alles sein, deswegen eröffne ich ein neues Thema. Die Logfiles poste ich in der Reihenfolge wie sie erstellt wurden.

1.mbar:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Erich :: ERICH-PC [administrator]

04.01.2014 10:53:31
mbar-log-2014-01-04 (10-53-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 211952
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 1
Physical Sector #703277505 on Drive #0 (Rootkit.Alureon.E.VBR) -> Replace on reboot.

(end)
         
Nach einem Neustart ein zweites MAl:

2.mbar:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Erich :: ERICH-PC [administrator]

04.01.2014 11:06:05
mbar-log-2014-01-04 (11-06-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 211387
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Seitdem startet Avira AntiVir Echtzeit-Scanner nicht mehr.

Nun habe ich nach der Themeneröffnungsanleitung defogger ausgeführt.

Als nächstes FSRT.txt.:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Erich (administrator) on ERICH-PC on 04-01-2014 11:57:29
Running from F:\Desktop\Reinigung
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
() C:\Windows\System32\authServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CE\CovenantEyes.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Microsoft Corporation) C:\Users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Dropbox, Inc.) C:\Users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Covenant Eyes] - C:\Program Files\CE\CovenantEyes.exe [7065104 2013-12-05] ()
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKCU\...\Run: [SkyDrive] - C:\Users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2014-01-03] (Microsoft Corporation)
MountPoints2: {3eb36303-7461-11e3-bfd7-806e6f6e6963} - G:\setup.exe
Startup: C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF8319B656F08CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Covenant Eyes for Internet Explorer - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.0.dll (Covenant Eyes)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog9 01 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 23 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi
FF Extension: Adblock Plus - C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF Extension: Covenant Eyes for Firefox - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 Auth Service; C:\Windows\system32\authServer.exe [3204104 2013-12-05] ()
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [4510240 2013-12-05] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [3654168 2013-10-04] (CovenantEyes)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 cewd32; C:\Windows\system32\Drivers\cewd32.sys [26624 2013-10-04] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 _____ C:\Users\Erich\defogger_reenable
2014-01-04 10:53 - 2014-01-04 11:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 10:53 - 2014-01-04 11:06 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:53 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 10:51 - 2014-01-04 10:51 - 00000000 ____D C:\FRST
2014-01-04 10:50 - 2014-01-04 11:20 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 10:31 - 2014-01-04 10:32 - 00002562 _____ C:\Windows\diagwrn.xml
2014-01-04 10:31 - 2014-01-04 10:32 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-03 14:30 - 2014-01-03 15:01 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Swiss Academic Software
2014-01-03 14:19 - 2014-01-03 14:19 - 00000040 _____ C:\Autoconfig.ini
2014-01-03 14:19 - 2014-01-03 14:19 - 00000000 ____D C:\ProgramData\Samsung
2014-01-03 14:18 - 2014-01-03 14:18 - 00000000 ____D C:\Program Files\Samsung
2014-01-03 14:18 - 2013-06-01 06:13 - 01571160 ____N C:\Windows\TotalUninstaller.exe
2014-01-03 14:18 - 2013-05-10 10:48 - 00162136 _____ C:\Windows\system32\spe__ci.exe
2014-01-03 14:18 - 2012-11-17 09:29 - 00000363 _____ C:\Windows\system32\spe__l.smt
2014-01-03 14:18 - 2011-04-11 06:26 - 00024064 _____ () C:\Windows\system32\spe__l.dll
2014-01-03 14:18 - 2010-10-20 09:49 - 00065536 _____ (SS) C:\Windows\system32\spe__ci.dll
2014-01-03 14:16 - 2014-01-03 14:16 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2014-01-03 14:15 - 2014-01-03 14:15 - 00000000 ____D C:\Program Files\Citavi 4
2014-01-03 14:11 - 2014-01-03 14:11 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-03 14:11 - 2009-09-17 09:12 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNC640L.dll
2014-01-03 14:11 - 2009-04-03 16:00 - 01310720 _____ (CANON INC.) C:\Windows\system32\CNC640C.dll
2014-01-03 14:11 - 2009-04-03 15:59 - 00110592 _____ (CANON INC.) C:\Windows\system32\CNC640I.dll
2014-01-03 14:11 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC640U.dll
2014-01-03 14:11 - 2008-12-25 16:23 - 00013312 _____ C:\Windows\system32\CNC173FD.TBL
2014-01-03 14:11 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2014-01-03 14:10 - 2014-01-03 14:10 - 00000000 ____D C:\Windows\system32\STRING
2014-01-03 14:10 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2014-01-03 14:10 - 2012-06-14 17:18 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2014-01-03 13:18 - 2014-01-04 11:55 - 00000000 ___RD C:\Users\Erich\Dropbox
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Windows\system32\Lang
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Program Files\Intel
2014-01-03 13:15 - 2009-09-23 11:50 - 00398336 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2014-01-03 13:15 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2014-01-03 13:15 - 2009-09-23 11:47 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2014-01-03 13:14 - 2014-01-03 13:14 - 00000000 ____D C:\ProgramData\CovenantEyes
2014-01-03 12:51 - 2014-01-03 12:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-03 12:50 - 2014-01-04 11:55 - 00000000 ___RD C:\Users\Erich\SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00002180 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2014-01-03 12:49 - 2014-01-04 11:55 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Dropbox
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-03 12:47 - 2010-04-24 05:00 - 00272384 _____ (CANON INC.) C:\Windows\system32\CNMLMA2.DLL
2014-01-03 12:47 - 2009-03-18 09:09 - 00178176 _____ (CANON INC.) C:\Windows\system32\CNMIUA2.DLL
2014-01-03 12:46 - 2014-01-03 14:11 - 00000000 ____D C:\Program Files\Canon
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Avira
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\APN
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Avira
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\Program Files\Avira
2014-01-03 12:31 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\ALM
2014-01-03 12:19 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Macromedia
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-03 12:14 - 2014-01-03 13:15 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Adobe
2014-01-03 12:14 - 2014-01-03 12:32 - 00000000 ____D C:\Program Files\Adobe
2014-01-03 12:14 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\Adobe
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-03 12:08 - 2014-01-03 15:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Program Files\capella-software
2014-01-03 11:51 - 2014-01-03 12:04 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 11:46 - 2014-01-03 14:13 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-03 11:46 - 2013-11-26 12:25 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-03 11:40 - 2014-01-04 11:54 - 00005848 _____ C:\Windows\system32\CovenantEyesProxy.ini
2014-01-03 11:40 - 2014-01-04 11:54 - 00003096 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2014-01-03 11:40 - 2014-01-03 13:14 - 00000000 ____D C:\Program Files\CE
2014-01-03 11:40 - 2014-01-03 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-03 11:40 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 11:40 - 2014-01-03 11:40 - 00009626 _____ C:\ceInstall.log
2014-01-03 11:40 - 2014-01-03 11:40 - 00000794 __RSH C:\ProgramData\ntuser.pol
2014-01-03 11:40 - 2014-01-03 11:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-03 11:40 - 2013-12-05 10:32 - 03204104 _____ C:\Windows\system32\authServer.exe
2014-01-03 11:40 - 2013-10-04 13:19 - 00322584 _____ (CovenantEyes) C:\Windows\system32\CovenantEyesProxy.dll
2014-01-03 11:40 - 2013-10-04 13:19 - 00026624 _____ C:\Windows\system32\Drivers\cewd32.sys
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 __RHD C:\MSOCache
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 ____D C:\Windows\system32\x64
2014-01-03 11:39 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2014-01-03 11:38 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-01-03 11:38 - 2012-02-17 05:14 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-01-03 11:38 - 2012-02-17 05:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-01-03 11:34 - 2014-01-03 11:34 - 00001413 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-03 11:34 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-03 11:34 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-01-03 11:34 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-03 11:34 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-03 11:34 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-03 11:34 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-03 11:33 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Erich
2014-01-03 11:33 - 2014-01-03 11:33 - 00000020 ___SH C:\Users\Erich\ntuser.ini
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 __SHD C:\Recovery
2014-01-03 11:33 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-03 11:33 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-03 11:31 - 2014-01-04 11:32 - 02070071 _____ C:\Windows\WindowsUpdate.log
2014-01-03 11:25 - 2014-01-03 11:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-03 11:24 - 2014-01-03 11:33 - 00000000 ____D C:\Windows\Panther
2014-01-03 11:24 - 2014-01-03 11:26 - 00001355 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2014-01-04 11:55 - 2014-01-03 13:18 - 00000000 ___RD C:\Users\Erich\Dropbox
2014-01-04 11:55 - 2014-01-03 12:50 - 00000000 ___RD C:\Users\Erich\SkyDrive
2014-01-04 11:55 - 2014-01-03 12:49 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Dropbox
2014-01-04 11:54 - 2014-01-03 11:40 - 00005848 _____ C:\Windows\system32\CovenantEyesProxy.ini
2014-01-04 11:54 - 2014-01-03 11:40 - 00003096 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2014-01-04 11:54 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 11:54 - 2009-07-14 05:39 - 00001085 _____ C:\Windows\setupact.log
2014-01-04 11:32 - 2014-01-03 11:31 - 02070071 _____ C:\Windows\WindowsUpdate.log
2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 _____ C:\Users\Erich\defogger_reenable
2014-01-04 11:26 - 2014-01-03 11:33 - 00000000 ____D C:\Users\Erich
2014-01-04 11:20 - 2014-01-04 10:50 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 11:14 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 11:12 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 11:12 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 11:10 - 2010-11-20 22:01 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 11:06 - 2014-01-04 10:53 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:53 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 10:51 - 2014-01-04 10:51 - 00000000 ____D C:\FRST
2014-01-04 10:32 - 2014-01-04 10:31 - 00002562 _____ C:\Windows\diagwrn.xml
2014-01-04 10:32 - 2014-01-04 10:31 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-04 10:31 - 2009-07-14 05:39 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 23:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2014-01-03 23:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-03 15:11 - 2014-01-03 12:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-03 15:04 - 2010-11-20 22:48 - 00108404 _____ C:\Windows\PFRO.log
2014-01-03 15:01 - 2014-01-03 14:30 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Swiss Academic Software
2014-01-03 14:19 - 2014-01-03 14:19 - 00000040 _____ C:\Autoconfig.ini
2014-01-03 14:19 - 2014-01-03 14:19 - 00000000 ____D C:\ProgramData\Samsung
2014-01-03 14:18 - 2014-01-03 14:18 - 00000000 ____D C:\Program Files\Samsung
2014-01-03 14:16 - 2014-01-03 14:16 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2014-01-03 14:15 - 2014-01-03 14:15 - 00000000 ____D C:\Program Files\Citavi 4
2014-01-03 14:13 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-03 14:11 - 2014-01-03 14:11 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-03 14:11 - 2014-01-03 12:46 - 00000000 ____D C:\Program Files\Canon
2014-01-03 14:11 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\twain_32
2014-01-03 14:11 - 2009-07-14 03:37 - 00000000 __RSD C:\Windows\Media
2014-01-03 14:10 - 2014-01-03 14:10 - 00000000 ____D C:\Windows\system32\STRING
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Windows\system32\Lang
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Program Files\Intel
2014-01-03 13:15 - 2014-01-03 12:14 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Adobe
2014-01-03 13:14 - 2014-01-03 13:14 - 00000000 ____D C:\ProgramData\CovenantEyes
2014-01-03 13:14 - 2014-01-03 11:40 - 00000000 ____D C:\Program Files\CE
2014-01-03 13:14 - 2009-07-14 05:33 - 02278184 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 13:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2014-01-03 12:51 - 2014-01-03 12:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-03 12:50 - 2014-01-03 12:50 - 00002180 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Avira
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\APN
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-03 12:32 - 2014-01-03 12:14 - 00000000 ____D C:\Program Files\Adobe
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Avira
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\Program Files\Avira
2014-01-03 12:30 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\ALM
2014-01-03 12:19 - 2014-01-03 12:14 - 00000000 ____D C:\ProgramData\Adobe
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Macromedia
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Program Files\capella-software
2014-01-03 12:04 - 2014-01-03 11:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 11:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-03 11:47 - 2014-01-03 11:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-03 11:46 - 2014-01-03 11:40 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 11:40 - 2014-01-03 11:40 - 00009626 _____ C:\ceInstall.log
2014-01-03 11:40 - 2014-01-03 11:40 - 00000794 __RSH C:\ProgramData\ntuser.pol
2014-01-03 11:40 - 2014-01-03 11:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-03 11:40 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\ShellNew
2014-01-03 11:40 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-03 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-03 11:40 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 __RHD C:\MSOCache
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 ____D C:\Windows\system32\x64
2014-01-03 11:34 - 2014-01-03 11:34 - 00001413 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-03 11:34 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\restore
2014-01-03 11:33 - 2014-01-03 11:33 - 00000020 ___SH C:\Users\Erich\ntuser.ini
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 __SHD C:\Recovery
2014-01-03 11:33 - 2014-01-03 11:24 - 00000000 ____D C:\Windows\Panther
2014-01-03 11:33 - 2010-11-20 21:57 - 00000000 ____D C:\Users\Administrator
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Recovery
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Windows NT
2014-01-03 11:26 - 2014-01-03 11:24 - 00001355 _____ C:\Windows\TSSysprep.log
2014-01-03 11:25 - 2014-01-03 11:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-03 11:24 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\CSC
2014-01-03 11:24 - 2009-07-14 05:34 - 00002790 _____ C:\Windows\DtcInstall.log
2014-01-03 11:23 - 2009-07-14 05:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2014-01-03 11:23 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-12-09 11:37 - 2014-01-03 12:31 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-05 10:32 - 2014-01-03 11:40 - 03204104 _____ C:\Windows\system32\authServer.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
         
und die Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by Erich at 2014-01-04 11:57:55
Running from F:\Desktop\Reinigung
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.2.443 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (Version: 12.10.0.2951 - APN, LLC)
Canon Easy-PhotoPrint EX (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scan Utility (Version:  - )
Canon IJ Network Tool (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.0 (Version:  - )
Canon MP640 series MP Drivers (Version:  - Canon Inc.)
capella 2008 (Version: 6.00.9001 - capella-software)
Citavi 4 (Version: 4.2.0.11 - Swiss Academic Software)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Covenant Eyes (Version: 5.0.4.49 - Covenant Eyes, Inc.)
Dropbox (Version: 2.4.11 - Dropbox, Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (Version:  - Intel Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SkyDrive (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Samsung Universal Print Driver 2 (Version: 2.50.03.00 - Samsung Electronics Co., Ltd.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============
         
GMER habe ich gestarte, aber dann ist der PC eingefroren und hat gar nicht mehr reagiert. Deswegen habe ich es erst einmal gelassen.

Wie gesagt, der Echtzeit-Scanner von Avira startet nicht mehr, deswegen kann es sein, dass deswegen die Meldung nicht mehr kommt.

Was wäre als nächstes zu tun?

Geändert von uagla (04.01.2014 um 11:53 Uhr) Grund: Fehler im Titel

Alt 04.01.2014, 12:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Hallo und

Zitat:
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Ist das ein gewerblich genutztes System?
Wenn nicht, wozu dann CS4, Professional Windows und Office?
__________________

__________________

Alt 04.01.2014, 12:33   #3
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Nein privat genutzt. Ich arbeit ehrenamtlich im Verlag von Zuhause aus. CS4 ist eine Studenten Version. Windows 7 Professional habe ich von der Uni kostenlos bezogen.
__________________

Alt 04.01.2014, 12:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Ok...dann mach mal nen Log mit dem TDSS-Tool von Kaspersky

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2014, 13:05   #5
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



TDSS Killer:

Code:
ATTFilter
13:58:02.0222 0x1288  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
13:58:06.0936 0x1288  ============================================================
13:58:06.0936 0x1288  Current date / time: 2014/01/04 13:58:06.0936
13:58:06.0936 0x1288  SystemInfo:
13:58:06.0936 0x1288  
13:58:06.0936 0x1288  OS Version: 6.1.7601 ServicePack: 1.0
13:58:06.0936 0x1288  Product type: Workstation
13:58:06.0937 0x1288  ComputerName: ERICH-PC
13:58:06.0937 0x1288  UserName: Erich
13:58:06.0937 0x1288  Windows directory: C:\Windows
13:58:06.0937 0x1288  System windows directory: C:\Windows
13:58:06.0937 0x1288  Processor architecture: Intel x86
13:58:06.0937 0x1288  Number of processors: 4
13:58:06.0937 0x1288  Page size: 0x1000
13:58:06.0937 0x1288  Boot type: Normal boot
13:58:06.0937 0x1288  ============================================================
13:58:07.0012 0x1288  KLMD registered as C:\Windows\system32\drivers\45415290.sys
13:58:07.0095 0x1288  System UUID: {05C356DA-F0DB-28F9-9D87-00542ABC9A36}
13:58:07.0617 0x1288  Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0x19A85, SectorsPerTrack: 0x1C, TracksPerCylinder: 0xEF, Type 'K0', Flags 0x00000050
13:58:07.0618 0x1288  Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
13:58:07.0637 0x1288  ============================================================
13:58:07.0637 0x1288  \Device\Harddisk0\DR0:
13:58:07.0642 0x1288  MBR partitions:
13:58:07.0642 0x1288  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x292B12C
13:58:07.0642 0x1288  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x292B92C, BlocksNum 0x69E8BAC
13:58:07.0642 0x1288  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9314580, BlocksNum 0x20B9E441
13:58:07.0642 0x1288  \Device\Harddisk1\DR1:
13:58:07.0642 0x1288  MBR partitions:
13:58:07.0642 0x1288  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:58:07.0643 0x1288  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
13:58:07.0643 0x1288  ============================================================
13:58:07.0644 0x1288  C: <-> \Device\Harddisk1\DR1\Partition2
13:58:07.0666 0x1288  D: <-> \Device\Harddisk0\DR0\Partition2
13:58:07.0698 0x1288  E: <-> \Device\Harddisk0\DR0\Partition1
13:58:07.0724 0x1288  F: <-> \Device\Harddisk0\DR0\Partition3
13:58:07.0724 0x1288  ============================================================
13:58:07.0724 0x1288  Initialize success
13:58:07.0724 0x1288  ============================================================
13:58:42.0833 0x16a0  ============================================================
13:58:42.0833 0x16a0  Scan started
13:58:42.0833 0x16a0  Mode: Manual; SigCheck; TDLFS; 
13:58:42.0833 0x16a0  ============================================================
13:58:42.0833 0x16a0  KSN ping started
13:58:57.0544 0x16a0  KSN ping finished: true
13:58:57.0957 0x16a0  ================ Scan system memory ========================
13:58:57.0957 0x16a0  System memory - ok
13:58:57.0957 0x16a0  ================ Scan services =============================
13:58:58.0009 0x16a0  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
13:58:58.0099 0x16a0  1394ohci - ok
13:58:58.0121 0x16a0  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:58:58.0145 0x16a0  ACPI - ok
13:58:58.0152 0x16a0  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:58:58.0183 0x16a0  AcpiPmi - ok
13:58:58.0199 0x16a0  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:58:58.0236 0x16a0  adp94xx - ok
13:58:58.0249 0x16a0  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:58:58.0280 0x16a0  adpahci - ok
13:58:58.0289 0x16a0  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:58:58.0313 0x16a0  adpu320 - ok
13:58:58.0322 0x16a0  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:58:58.0383 0x16a0  AeLookupSvc - ok
13:58:58.0397 0x16a0  [ 1151FD4FB0216CFED887BFDE29EBD516, 673C2B498744C7EB846F6BD4FDC852B0A9722377D75FD694F7F78E727ADF4563 ] AFD             C:\Windows\system32\drivers\afd.sys
13:58:58.0450 0x16a0  AFD - ok
13:58:58.0456 0x16a0  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:58:58.0478 0x16a0  agp440 - ok
13:58:58.0484 0x16a0  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:58:58.0509 0x16a0  aic78xx - ok
13:58:58.0515 0x16a0  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
13:58:58.0546 0x16a0  ALG - ok
13:58:58.0551 0x16a0  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:58:58.0570 0x16a0  aliide - ok
13:58:58.0576 0x16a0  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:58:58.0597 0x16a0  amdagp - ok
13:58:58.0601 0x16a0  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:58:58.0620 0x16a0  amdide - ok
13:58:58.0626 0x16a0  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:58:58.0653 0x16a0  AmdK8 - ok
13:58:58.0658 0x16a0  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:58:58.0685 0x16a0  AmdPPM - ok
13:58:58.0691 0x16a0  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:58:58.0714 0x16a0  amdsata - ok
13:58:58.0722 0x16a0  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:58:58.0746 0x16a0  amdsbs - ok
13:58:58.0752 0x16a0  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:58:58.0772 0x16a0  amdxata - ok
13:58:58.0791 0x16a0  [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:58:58.0832 0x16a0  AntiVirSchedulerService - ok
13:58:58.0846 0x16a0  [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:58:58.0870 0x16a0  AntiVirService - ok
13:58:58.0898 0x16a0  [ 8D69B1551F51E18AE12E01DE6A2050EA, E1BF3E1AB82E90DC32811C934933D761340DAE44B7ACDF3B9C19725465BE3590 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
13:58:58.0943 0x16a0  AntiVirWebService - ok
13:58:58.0953 0x16a0  [ B342CD9AA44E4AE99E2368EBDBC2E17A, C3081358313A982F53CAD54C214AFECAD9660A59FB4A3DDFE068724E83041AF8 ] APNMCP          C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
13:58:58.0968 0x16a0  APNMCP - ok
13:58:58.0973 0x16a0  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
13:58:59.0009 0x16a0  AppID - ok
13:58:59.0014 0x16a0  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:58:59.0057 0x16a0  AppIDSvc - ok
13:58:59.0062 0x16a0  [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo         C:\Windows\System32\appinfo.dll
13:58:59.0107 0x16a0  Appinfo - ok
13:58:59.0115 0x16a0  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:58:59.0153 0x16a0  AppMgmt - ok
13:58:59.0161 0x16a0  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
13:58:59.0185 0x16a0  arc - ok
13:58:59.0191 0x16a0  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:58:59.0219 0x16a0  arcsas - ok
13:58:59.0237 0x16a0  [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:58:59.0253 0x16a0  aspnet_state - ok
13:58:59.0260 0x16a0  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:58:59.0316 0x16a0  AsyncMac - ok
13:58:59.0322 0x16a0  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:58:59.0337 0x16a0  atapi - ok
13:58:59.0353 0x16a0  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:58:59.0417 0x16a0  AudioEndpointBuilder - ok
13:58:59.0432 0x16a0  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:58:59.0479 0x16a0  Audiosrv - ok
13:58:59.0563 0x16a0  [ 4C152B2B811F26C1B30EC25AB2E363AB, 45E95FF015C46C84A07AAC086D6C49EAED69B09C72244DA5866842F461505589 ] Auth Service    C:\Windows\system32\authServer.exe
13:58:59.0694 0x16a0  Auth Service - ok
13:58:59.0709 0x16a0  [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:58:59.0763 0x16a0  avgntflt - ok
13:58:59.0772 0x16a0  [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:58:59.0796 0x16a0  avipbb - ok
13:58:59.0802 0x16a0  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:58:59.0829 0x16a0  avkmgr - ok
13:58:59.0838 0x16a0  [ 444E1CF85DD54019DC6CBB73C0875728, DC0BC6EDE0E81E7F062C173F6D6B22B207504CF5274F88ABEB3FA521E4A51E01 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
13:58:59.0859 0x16a0  avnetflt - ok
13:58:59.0866 0x16a0  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:58:59.0911 0x16a0  AxInstSV - ok
13:58:59.0926 0x16a0  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
13:58:59.0974 0x16a0  b06bdrv - ok
13:58:59.0985 0x16a0  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:59:00.0019 0x16a0  b57nd60x - ok
13:59:00.0027 0x16a0  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
13:59:00.0068 0x16a0  BDESVC - ok
13:59:00.0072 0x16a0  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:59:00.0107 0x16a0  Beep - ok
13:59:00.0124 0x16a0  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
13:59:00.0182 0x16a0  BFE - ok
13:59:00.0201 0x16a0  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
13:59:00.0393 0x16a0  BITS - ok
13:59:00.0399 0x16a0  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:59:00.0424 0x16a0  blbdrive - ok
13:59:00.0429 0x16a0  [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:59:00.0468 0x16a0  bowser - ok
13:59:00.0473 0x16a0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:59:00.0501 0x16a0  BrFiltLo - ok
13:59:00.0506 0x16a0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:59:00.0534 0x16a0  BrFiltUp - ok
13:59:00.0541 0x16a0  [ 6E11F33D14D020F58D5E02E4D67DFA19, 9563E4E8CE769B7619745F6F6DE618389A1595785023BF1F295AD8301B27F0AF ] Browser         C:\Windows\System32\browser.dll
13:59:00.0595 0x16a0  Browser - ok
13:59:00.0607 0x16a0  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:59:00.0648 0x16a0  Brserid - ok
13:59:00.0655 0x16a0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:59:00.0685 0x16a0  BrSerWdm - ok
13:59:00.0690 0x16a0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:59:00.0717 0x16a0  BrUsbMdm - ok
13:59:00.0723 0x16a0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:59:00.0749 0x16a0  BrUsbSer - ok
13:59:00.0755 0x16a0  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:59:00.0786 0x16a0  BTHMODEM - ok
13:59:00.0794 0x16a0  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
13:59:00.0848 0x16a0  bthserv - ok
13:59:00.0854 0x16a0  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:59:00.0896 0x16a0  cdfs - ok
13:59:00.0903 0x16a0  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:59:00.0936 0x16a0  cdrom - ok
13:59:00.0943 0x16a0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:59:00.0996 0x16a0  CertPropSvc - ok
13:59:01.0002 0x16a0  [ A75038E709CE20CDABF491C486F5C631, D4161A4B5C8980A611CDE45FD16ECCC8444BC5AFD167D8DC53362D1538549FF9 ] cewd32          C:\Windows\system32\Drivers\cewd32.sys
13:59:01.0007 0x16a0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cewd32.sys. md5: A75038E709CE20CDABF491C486F5C631, sha256: D4161A4B5C8980A611CDE45FD16ECCC8444BC5AFD167D8DC53362D1538549FF9
13:59:01.0007 0x16a0  cewd32 - detected LockedFile.Multi.Generic ( 1 )
13:59:03.0522 0x16a0  cewd32 ( LockedFile.Multi.Generic ) - warning
13:59:03.0522 0x16a0  Force sending object to P2P due to detect: C:\Windows\system32\Drivers\cewd32.sys
13:59:06.0801 0x16a0  Object send P2P result: true
13:59:09.0174 0x16a0  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:59:09.0209 0x16a0  circlass - ok
13:59:09.0220 0x16a0  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
13:59:09.0268 0x16a0  CLFS - ok
13:59:09.0276 0x16a0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:59:09.0306 0x16a0  clr_optimization_v2.0.50727_32 - ok
13:59:09.0312 0x16a0  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:59:09.0339 0x16a0  clr_optimization_v4.0.30319_32 - ok
13:59:09.0345 0x16a0  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:59:09.0371 0x16a0  CmBatt - ok
13:59:09.0377 0x16a0  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:59:09.0398 0x16a0  cmdide - ok
13:59:09.0411 0x16a0  [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG             C:\Windows\system32\Drivers\cng.sys
13:59:09.0453 0x16a0  CNG - ok
13:59:09.0459 0x16a0  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:59:09.0481 0x16a0  Compbatt - ok
13:59:09.0486 0x16a0  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:59:09.0515 0x16a0  CompositeBus - ok
13:59:09.0520 0x16a0  COMSysApp - ok
13:59:09.0639 0x16a0  [ F6315EACDCECC0924970CAF2FE22367B, E6C6CFAEA6042E3E1DF2DB8DEE424A2398D9338A02E71D9954C4B827592E1CDA ] CovenantEyesCommService C:\Program Files\CE\CovenantEyesCommService.exe
13:59:09.0785 0x16a0  CovenantEyesCommService - ok
13:59:09.0885 0x16a0  [ 85A285B1365120E06ADC040526B07717, 7809F8258D503BD91F72BEA227B04B9311FCBBC5F9593E29F5C860C69BB65D83 ] CovenantEyesProxy C:\Program Files\CE\CovenantEyesProxy.exe
13:59:10.0002 0x16a0  CovenantEyesProxy - ok
13:59:10.0017 0x16a0  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:59:10.0039 0x16a0  crcdisk - ok
13:59:10.0049 0x16a0  [ A585BEBF7D054BD9618EDA0922D5484A, 340DF730E88F8B6A4EF542F620EBA2A720546AFAB4DFFA00F066B7610A1026C5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:59:10.0114 0x16a0  CryptSvc - ok
13:59:10.0128 0x16a0  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
13:59:10.0173 0x16a0  CSC - ok
13:59:10.0192 0x16a0  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
13:59:10.0252 0x16a0  CscService - ok
13:59:10.0268 0x16a0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:59:10.0460 0x16a0  DcomLaunch - ok
13:59:10.0471 0x16a0  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
13:59:10.0557 0x16a0  defragsvc - ok
13:59:10.0564 0x16a0  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:59:10.0605 0x16a0  DfsC - ok
13:59:10.0615 0x16a0  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:59:10.0692 0x16a0  Dhcp - ok
13:59:10.0698 0x16a0  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
13:59:10.0739 0x16a0  discache - ok
13:59:10.0745 0x16a0  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
13:59:10.0769 0x16a0  Disk - ok
13:59:10.0775 0x16a0  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:59:10.0805 0x16a0  dmvsc - ok
13:59:10.0813 0x16a0  [ 2FE30D71919C51131405797620E0A714, 16060DDC32EF95EB6E37B91D50A96AB53CB0DEBB3DFDCB31975D16361092ABA5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:59:10.0896 0x16a0  Dnscache - ok
13:59:10.0906 0x16a0  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:59:10.0996 0x16a0  dot3svc - ok
13:59:11.0005 0x16a0  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
13:59:11.0083 0x16a0  DPS - ok
13:59:11.0088 0x16a0  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:59:11.0114 0x16a0  drmkaud - ok
13:59:11.0136 0x16a0  [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:59:11.0189 0x16a0  DXGKrnl - ok
13:59:11.0197 0x16a0  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
13:59:11.0287 0x16a0  EapHost - ok
13:59:11.0365 0x16a0  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
13:59:11.0499 0x16a0  ebdrv - ok
13:59:11.0515 0x16a0  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS             C:\Windows\System32\lsass.exe
13:59:11.0639 0x16a0  EFS - ok
13:59:11.0657 0x16a0  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:59:11.0709 0x16a0  ehRecvr - ok
13:59:11.0716 0x16a0  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
13:59:11.0748 0x16a0  ehSched - ok
13:59:11.0764 0x16a0  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:59:11.0806 0x16a0  elxstor - ok
13:59:11.0812 0x16a0  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:59:11.0841 0x16a0  ErrDev - ok
13:59:11.0855 0x16a0  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
13:59:11.0946 0x16a0  EventSystem - ok
13:59:11.0955 0x16a0  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:59:12.0001 0x16a0  exfat - ok
13:59:12.0010 0x16a0  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:59:12.0057 0x16a0  fastfat - ok
13:59:12.0075 0x16a0  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
13:59:12.0167 0x16a0  Fax - ok
13:59:12.0173 0x16a0  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
13:59:12.0202 0x16a0  fdc - ok
13:59:12.0206 0x16a0  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
13:59:12.0293 0x16a0  fdPHost - ok
13:59:12.0298 0x16a0  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:59:12.0386 0x16a0  FDResPub - ok
13:59:12.0392 0x16a0  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:59:12.0419 0x16a0  FileInfo - ok
13:59:12.0424 0x16a0  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:59:12.0465 0x16a0  Filetrace - ok
13:59:12.0484 0x16a0  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:59:12.0524 0x16a0  FLEXnet Licensing Service - ok
13:59:12.0530 0x16a0  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:59:12.0559 0x16a0  flpydisk - ok
13:59:12.0567 0x16a0  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:59:12.0600 0x16a0  FltMgr - ok
13:59:12.0624 0x16a0  [ FA6C66E4364D7DA57AADE5DCC03BB999, 9C0D0A04D2558CF60B7F7185CC9B369CDDD3B1C625960910CECF07611F288378 ] FontCache       C:\Windows\system32\FntCache.dll
13:59:12.0742 0x16a0  FontCache - ok
13:59:12.0750 0x16a0  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:59:12.0768 0x16a0  FontCache3.0.0.0 - ok
13:59:12.0773 0x16a0  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:59:12.0800 0x16a0  FsDepends - ok
13:59:12.0804 0x16a0  [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:59:12.0830 0x16a0  Fs_Rec - ok
13:59:12.0841 0x16a0  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:59:12.0877 0x16a0  fvevol - ok
13:59:12.0883 0x16a0  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:59:12.0910 0x16a0  gagp30kx - ok
13:59:12.0928 0x16a0  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:59:13.0035 0x16a0  gpsvc - ok
13:59:13.0042 0x16a0  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:59:13.0074 0x16a0  hcw85cir - ok
13:59:13.0085 0x16a0  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:59:13.0130 0x16a0  HdAudAddService - ok
13:59:13.0137 0x16a0  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:59:13.0165 0x16a0  HDAudBus - ok
13:59:13.0170 0x16a0  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:59:13.0199 0x16a0  HidBatt - ok
13:59:13.0205 0x16a0  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:59:13.0240 0x16a0  HidBth - ok
13:59:13.0245 0x16a0  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:59:13.0277 0x16a0  HidIr - ok
13:59:13.0282 0x16a0  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
13:59:13.0382 0x16a0  hidserv - ok
13:59:13.0388 0x16a0  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:59:13.0418 0x16a0  HidUsb - ok
13:59:13.0424 0x16a0  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:59:13.0550 0x16a0  hkmsvc - ok
13:59:13.0559 0x16a0  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:59:13.0682 0x16a0  HomeGroupListener - ok
13:59:13.0693 0x16a0  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:59:13.0869 0x16a0  HomeGroupProvider - ok
13:59:13.0879 0x16a0  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:59:13.0911 0x16a0  HpSAMD - ok
13:59:13.0934 0x16a0  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:59:14.0010 0x16a0  HTTP - ok
13:59:14.0018 0x16a0  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:59:14.0045 0x16a0  hwpolicy - ok
13:59:14.0054 0x16a0  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:59:14.0092 0x16a0  i8042prt - ok
13:59:14.0106 0x16a0  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:59:14.0147 0x16a0  iaStorV - ok
13:59:14.0174 0x16a0  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:59:14.0236 0x16a0  idsvc - ok
13:59:14.0358 0x16a0  [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:59:14.0549 0x16a0  igfx - ok
13:59:14.0565 0x16a0  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:59:14.0594 0x16a0  iirsp - ok
13:59:14.0614 0x16a0  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:59:14.0747 0x16a0  IKEEXT - ok
13:59:14.0753 0x16a0  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:59:14.0780 0x16a0  intelide - ok
13:59:14.0785 0x16a0  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:59:14.0814 0x16a0  intelppm - ok
13:59:14.0820 0x16a0  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:59:14.0931 0x16a0  IPBusEnum - ok
13:59:14.0937 0x16a0  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:59:14.0983 0x16a0  IpFilterDriver - ok
13:59:14.0998 0x16a0  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:59:15.0130 0x16a0  iphlpsvc - ok
13:59:15.0137 0x16a0  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:59:15.0169 0x16a0  IPMIDRV - ok
13:59:15.0177 0x16a0  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:59:15.0225 0x16a0  IPNAT - ok
13:59:15.0230 0x16a0  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:59:15.0274 0x16a0  IRENUM - ok
13:59:15.0292 0x16a0  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:59:15.0327 0x16a0  isapnp - ok
13:59:15.0339 0x16a0  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:59:15.0384 0x16a0  iScsiPrt - ok
13:59:15.0395 0x16a0  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:59:15.0427 0x16a0  kbdclass - ok
13:59:15.0433 0x16a0  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:59:15.0473 0x16a0  kbdhid - ok
13:59:15.0481 0x16a0  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso          C:\Windows\system32\lsass.exe
13:59:15.0594 0x16a0  KeyIso - ok
13:59:15.0605 0x16a0  [ 412CEA1AA78CC02A447F5C9E62B32FF1, E06859E2CE2AFA3CE521851F8810778ED1748B812E601A58786605096AACEA81 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:59:15.0640 0x16a0  KSecDD - ok
13:59:15.0652 0x16a0  [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:59:15.0693 0x16a0  KSecPkg - ok
13:59:15.0707 0x16a0  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:59:15.0873 0x16a0  KtmRm - ok
13:59:15.0885 0x16a0  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:59:16.0098 0x16a0  LanmanServer - ok
13:59:16.0106 0x16a0  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:59:16.0340 0x16a0  LanmanWorkstation - ok
13:59:16.0348 0x16a0  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:59:16.0404 0x16a0  lltdio - ok
13:59:16.0413 0x16a0  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:59:16.0553 0x16a0  lltdsvc - ok
13:59:16.0559 0x16a0  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:59:16.0697 0x16a0  lmhosts - ok
13:59:16.0709 0x16a0  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:59:16.0742 0x16a0  LSI_FC - ok
13:59:16.0751 0x16a0  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:59:16.0789 0x16a0  LSI_SAS - ok
13:59:16.0797 0x16a0  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:59:16.0827 0x16a0  LSI_SAS2 - ok
13:59:16.0834 0x16a0  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:59:16.0864 0x16a0  LSI_SCSI - ok
13:59:16.0871 0x16a0  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:59:16.0919 0x16a0  luafv - ok
13:59:16.0926 0x16a0  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:59:17.0053 0x16a0  Mcx2Svc - ok
13:59:17.0061 0x16a0  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:59:17.0096 0x16a0  megasas - ok
13:59:17.0113 0x16a0  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:59:17.0156 0x16a0  MegaSR - ok
13:59:17.0164 0x16a0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
13:59:17.0314 0x16a0  MMCSS - ok
13:59:17.0323 0x16a0  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
13:59:17.0380 0x16a0  Modem - ok
13:59:17.0387 0x16a0  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:59:17.0418 0x16a0  monitor - ok
13:59:17.0425 0x16a0  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:59:17.0455 0x16a0  mouclass - ok
13:59:17.0461 0x16a0  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:59:17.0493 0x16a0  mouhid - ok
13:59:17.0501 0x16a0  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:59:17.0532 0x16a0  mountmgr - ok
13:59:17.0538 0x16a0  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:59:17.0552 0x16a0  MozillaMaintenance - ok
13:59:17.0561 0x16a0  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:59:17.0594 0x16a0  mpio - ok
13:59:17.0600 0x16a0  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:59:17.0645 0x16a0  mpsdrv - ok
13:59:17.0665 0x16a0  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:59:17.0847 0x16a0  MpsSvc - ok
13:59:17.0858 0x16a0  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:59:17.0909 0x16a0  MRxDAV - ok
13:59:17.0919 0x16a0  [ B272B4C3E085EA860C12F2E4FAF2FFA2, DA99D8223D9FB7BFA52E66B73D1E1AA47B76B45A649400F7898E8D65D8672E52 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:59:17.0982 0x16a0  mrxsmb - ok
13:59:17.0994 0x16a0  [ 9AC33EF26C8A3AD0F117D00EB7301D03, 403445B07DC55F9DF98CA11AC87D4231187A2472A4E107786A5845B213355F0A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:59:18.0059 0x16a0  mrxsmb10 - ok
13:59:18.0071 0x16a0  [ E0ABDB5ED7E199E242A7D028E76C1D3A, 4014A1F0720F6D15A2FB0CF4F1F970595BC29929F92F461CDD68E4513F49563E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:59:18.0124 0x16a0  mrxsmb20 - ok
13:59:18.0131 0x16a0  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:59:18.0161 0x16a0  msahci - ok
13:59:18.0168 0x16a0  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:59:18.0202 0x16a0  msdsm - ok
13:59:18.0210 0x16a0  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
13:59:18.0358 0x16a0  MSDTC - ok
13:59:18.0373 0x16a0  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:59:18.0423 0x16a0  Msfs - ok
13:59:18.0428 0x16a0  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:59:18.0481 0x16a0  mshidkmdf - ok
13:59:18.0488 0x16a0  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:59:18.0518 0x16a0  msisadrv - ok
13:59:18.0525 0x16a0  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:59:18.0639 0x16a0  MSiSCSI - ok
13:59:18.0645 0x16a0  msiserver - ok
13:59:18.0651 0x16a0  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:59:18.0695 0x16a0  MSKSSRV - ok
13:59:18.0700 0x16a0  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:59:18.0745 0x16a0  MSPCLOCK - ok
13:59:18.0751 0x16a0  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:59:18.0796 0x16a0  MSPQM - ok
13:59:18.0806 0x16a0  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:59:18.0843 0x16a0  MsRPC - ok
13:59:18.0850 0x16a0  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:59:18.0876 0x16a0  mssmbios - ok
13:59:18.0880 0x16a0  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:59:18.0925 0x16a0  MSTEE - ok
13:59:18.0931 0x16a0  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:59:18.0964 0x16a0  MTConfig - ok
13:59:18.0970 0x16a0  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:59:19.0001 0x16a0  Mup - ok
13:59:19.0015 0x16a0  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
13:59:19.0200 0x16a0  napagent - ok
13:59:19.0212 0x16a0  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:59:19.0263 0x16a0  NativeWifiP - ok
13:59:19.0286 0x16a0  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:59:19.0332 0x16a0  NDIS - ok
13:59:19.0339 0x16a0  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:59:19.0386 0x16a0  NdisCap - ok
13:59:19.0391 0x16a0  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:59:19.0436 0x16a0  NdisTapi - ok
13:59:19.0441 0x16a0  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:59:19.0488 0x16a0  Ndisuio - ok
13:59:19.0495 0x16a0  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:59:19.0543 0x16a0  NdisWan - ok
13:59:19.0548 0x16a0  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:59:19.0593 0x16a0  NDProxy - ok
13:59:19.0599 0x16a0  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:59:19.0646 0x16a0  NetBIOS - ok
13:59:19.0654 0x16a0  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:59:19.0708 0x16a0  NetBT - ok
13:59:19.0712 0x16a0  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon        C:\Windows\system32\lsass.exe
13:59:19.0821 0x16a0  Netlogon - ok
13:59:19.0833 0x16a0  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
13:59:19.0989 0x16a0  Netman - ok
13:59:19.0995 0x16a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0024 0x16a0  NetMsmqActivator - ok
13:59:20.0031 0x16a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0058 0x16a0  NetPipeActivator - ok
13:59:20.0070 0x16a0  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
13:59:20.0243 0x16a0  netprofm - ok
13:59:20.0249 0x16a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0276 0x16a0  NetTcpActivator - ok
13:59:20.0282 0x16a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0309 0x16a0  NetTcpPortSharing - ok
13:59:20.0315 0x16a0  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:59:20.0346 0x16a0  nfrd960 - ok
13:59:20.0356 0x16a0  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:59:20.0511 0x16a0  NlaSvc - ok
13:59:20.0517 0x16a0  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:59:20.0563 0x16a0  Npfs - ok
13:59:20.0569 0x16a0  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
13:59:20.0731 0x16a0  nsi - ok
13:59:20.0735 0x16a0  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:59:20.0779 0x16a0  nsiproxy - ok
13:59:20.0814 0x16a0  [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:59:20.0886 0x16a0  Ntfs - ok
13:59:20.0894 0x16a0  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
13:59:20.0938 0x16a0  Null - ok
13:59:20.0945 0x16a0  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:59:20.0982 0x16a0  nvraid - ok
13:59:20.0989 0x16a0  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:59:21.0026 0x16a0  nvstor - ok
13:59:21.0032 0x16a0  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:59:21.0068 0x16a0  nv_agp - ok
13:59:21.0083 0x16a0  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:59:21.0110 0x16a0  odserv - ok
13:59:21.0116 0x16a0  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:59:21.0155 0x16a0  ohci1394 - ok
13:59:21.0162 0x16a0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:59:21.0174 0x16a0  ose - ok
13:59:21.0187 0x16a0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:59:21.0361 0x16a0  p2pimsvc - ok
13:59:21.0374 0x16a0  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:59:21.0542 0x16a0  p2psvc - ok
13:59:21.0548 0x16a0  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:59:21.0587 0x16a0  Parport - ok
13:59:21.0593 0x16a0  [ BF8F6AF06DA75B336F07E23AEF97D93B, 2F2C4314872732550A112BFF2F803484D4A3D697F0D69D352350CE208FD8A1A4 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:59:21.0627 0x16a0  partmgr - ok
13:59:21.0631 0x16a0  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:59:21.0665 0x16a0  Parvdm - ok
13:59:21.0673 0x16a0  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:59:21.0838 0x16a0  PcaSvc - ok
13:59:21.0847 0x16a0  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
13:59:21.0884 0x16a0  pci - ok
13:59:21.0889 0x16a0  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:59:21.0921 0x16a0  pciide - ok
13:59:21.0929 0x16a0  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:59:21.0968 0x16a0  pcmcia - ok
13:59:21.0974 0x16a0  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:59:22.0007 0x16a0  pcw - ok
13:59:22.0025 0x16a0  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:59:22.0100 0x16a0  PEAUTH - ok
13:59:22.0129 0x16a0  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:59:22.0324 0x16a0  PeerDistSvc - ok
13:59:22.0373 0x16a0  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
13:59:22.0602 0x16a0  pla - ok
13:59:22.0617 0x16a0  [ 92DC6E68D2C856C5C2F21AE9E22112B8, EFAA27886A05E57E629A9EFC3671D9D64144795EDF55438A676F5B43E59BE3FC ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:59:22.0833 0x16a0  PlugPlay - ok
13:59:22.0839 0x16a0  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:59:23.0001 0x16a0  PNRPAutoReg - ok
13:59:23.0012 0x16a0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:59:23.0173 0x16a0  PNRPsvc - ok
13:59:23.0187 0x16a0  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:59:23.0308 0x16a0  PolicyAgent - ok
13:59:23.0317 0x16a0  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
13:59:23.0536 0x16a0  Power - ok
13:59:23.0542 0x16a0  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:59:23.0594 0x16a0  PptpMiniport - ok
13:59:23.0600 0x16a0  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
13:59:23.0639 0x16a0  Processor - ok
13:59:23.0647 0x16a0  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:59:23.0818 0x16a0  ProfSvc - ok
13:59:23.0824 0x16a0  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:59:23.0934 0x16a0  ProtectedStorage - ok
13:59:23.0941 0x16a0  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:59:23.0994 0x16a0  Psched - ok
13:59:24.0032 0x16a0  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:59:24.0107 0x16a0  ql2300 - ok
13:59:24.0118 0x16a0  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:59:24.0154 0x16a0  ql40xx - ok
13:59:24.0163 0x16a0  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
13:59:24.0343 0x16a0  QWAVE - ok
13:59:24.0349 0x16a0  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:59:24.0387 0x16a0  QWAVEdrv - ok
13:59:24.0391 0x16a0  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:59:24.0439 0x16a0  RasAcd - ok
13:59:24.0445 0x16a0  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:59:24.0480 0x16a0  RasAgileVpn - ok
13:59:24.0486 0x16a0  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
13:59:24.0671 0x16a0  RasAuto - ok
13:59:24.0677 0x16a0  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:59:24.0728 0x16a0  Rasl2tp - ok
13:59:24.0739 0x16a0  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
13:59:24.0934 0x16a0  RasMan - ok
13:59:24.0940 0x16a0  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:59:24.0991 0x16a0  RasPppoe - ok
13:59:24.0997 0x16a0  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:59:25.0047 0x16a0  RasSstp - ok
13:59:25.0057 0x16a0  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:59:25.0115 0x16a0  rdbss - ok
13:59:25.0120 0x16a0  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:59:25.0156 0x16a0  rdpbus - ok
13:59:25.0160 0x16a0  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:59:25.0206 0x16a0  RDPCDD - ok
13:59:25.0215 0x16a0  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:59:25.0256 0x16a0  RDPDR - ok
13:59:25.0261 0x16a0  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:59:25.0306 0x16a0  RDPENCDD - ok
13:59:25.0312 0x16a0  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:59:25.0359 0x16a0  RDPREFMP - ok
13:59:25.0367 0x16a0  [ 244C83332F44589AE98FC347F11B2693, 857B15FDB1163AD2A6770473E891E2BBCFBD3B9AA6FCC0D31023F9BE536F3B36 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:59:25.0411 0x16a0  RDPWD - ok
13:59:25.0419 0x16a0  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:59:25.0458 0x16a0  rdyboost - ok
13:59:25.0464 0x16a0  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:59:25.0604 0x16a0  RemoteAccess - ok
13:59:25.0611 0x16a0  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:59:25.0803 0x16a0  RemoteRegistry - ok
13:59:25.0808 0x16a0  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:59:25.0997 0x16a0  RpcEptMapper - ok
13:59:26.0003 0x16a0  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
13:59:26.0117 0x16a0  RpcLocator - ok
13:59:26.0130 0x16a0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
13:59:26.0323 0x16a0  RpcSs - ok
13:59:26.0330 0x16a0  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:59:26.0384 0x16a0  rspndr - ok
13:59:26.0392 0x16a0  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
13:59:26.0435 0x16a0  RTL8167 - ok
13:59:26.0441 0x16a0  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:59:26.0484 0x16a0  s3cap - ok
13:59:26.0490 0x16a0  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs           C:\Windows\system32\lsass.exe
13:59:26.0600 0x16a0  SamSs - ok
13:59:26.0607 0x16a0  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:59:26.0646 0x16a0  sbp2port - ok
13:59:26.0654 0x16a0  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:59:26.0853 0x16a0  SCardSvr - ok
13:59:26.0858 0x16a0  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:59:26.0908 0x16a0  scfilter - ok
13:59:26.0932 0x16a0  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
13:59:27.0154 0x16a0  Schedule - ok
13:59:27.0163 0x16a0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:59:27.0208 0x16a0  SCPolicySvc - ok
13:59:27.0216 0x16a0  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:59:27.0404 0x16a0  SDRSVC - ok
13:59:27.0409 0x16a0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:59:27.0460 0x16a0  secdrv - ok
13:59:27.0465 0x16a0  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
13:59:27.0657 0x16a0  seclogon - ok
13:59:27.0663 0x16a0  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
13:59:27.0851 0x16a0  SENS - ok
13:59:27.0856 0x16a0  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:59:28.0038 0x16a0  SensrSvc - ok
13:59:28.0043 0x16a0  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:59:28.0082 0x16a0  Serenum - ok
13:59:28.0087 0x16a0  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:59:28.0129 0x16a0  Serial - ok
13:59:28.0134 0x16a0  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:59:28.0172 0x16a0  sermouse - ok
13:59:28.0184 0x16a0  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:59:28.0383 0x16a0  SessionEnv - ok
13:59:28.0387 0x16a0  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:59:28.0426 0x16a0  sffdisk - ok
13:59:28.0430 0x16a0  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:59:28.0469 0x16a0  sffp_mmc - ok
13:59:28.0473 0x16a0  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:59:28.0514 0x16a0  sffp_sd - ok
13:59:28.0519 0x16a0  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:59:28.0562 0x16a0  sfloppy - ok
13:59:28.0573 0x16a0  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:59:28.0697 0x16a0  SharedAccess - ok
13:59:28.0711 0x16a0  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:59:28.0916 0x16a0  ShellHWDetection - ok
13:59:28.0923 0x16a0  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:59:28.0959 0x16a0  sisagp - ok
13:59:28.0965 0x16a0  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:59:29.0000 0x16a0  SiSRaid2 - ok
13:59:29.0006 0x16a0  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:59:29.0045 0x16a0  SiSRaid4 - ok
13:59:29.0051 0x16a0  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:59:29.0108 0x16a0  Smb - ok
13:59:29.0117 0x16a0  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:59:29.0302 0x16a0  SNMPTRAP - ok
13:59:29.0308 0x16a0  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:59:29.0344 0x16a0  spldr - ok
13:59:29.0356 0x16a0  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
13:59:29.0576 0x16a0  Spooler - ok
13:59:29.0662 0x16a0  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
13:59:29.0976 0x16a0  sppsvc - ok
13:59:29.0990 0x16a0  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:59:30.0203 0x16a0  sppuinotify - ok
13:59:30.0215 0x16a0  [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:59:30.0277 0x16a0  srv - ok
13:59:30.0290 0x16a0  [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:59:30.0355 0x16a0  srv2 - ok
13:59:30.0364 0x16a0  [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:59:30.0421 0x16a0  srvnet - ok
13:59:30.0431 0x16a0  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:59:30.0645 0x16a0  SSDPSRV - ok
13:59:30.0654 0x16a0  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
13:59:30.0691 0x16a0  ssmdrv - ok
13:59:30.0700 0x16a0  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:59:30.0903 0x16a0  SstpSvc - ok
13:59:30.0908 0x16a0  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:59:30.0944 0x16a0  stexstor - ok
13:59:30.0960 0x16a0  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:59:31.0228 0x16a0  StiSvc - ok
13:59:31.0241 0x16a0  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:59:31.0291 0x16a0  storflt - ok
13:59:31.0302 0x16a0  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
13:59:31.0517 0x16a0  StorSvc - ok
13:59:31.0524 0x16a0  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:59:31.0560 0x16a0  storvsc - ok
13:59:31.0565 0x16a0  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:59:31.0601 0x16a0  swenum - ok
13:59:31.0613 0x16a0  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
13:59:31.0855 0x16a0  swprv - ok
13:59:31.0906 0x16a0  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
13:59:32.0179 0x16a0  SysMain - ok
13:59:32.0194 0x16a0  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:59:32.0406 0x16a0  TabletInputService - ok
13:59:32.0421 0x16a0  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:59:32.0650 0x16a0  TapiSrv - ok
13:59:32.0657 0x16a0  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
13:59:32.0877 0x16a0  TBS - ok
13:59:32.0921 0x16a0  [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:59:33.0014 0x16a0  Tcpip - ok
13:59:33.0066 0x16a0  [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:59:33.0136 0x16a0  TCPIP6 - ok
13:59:33.0156 0x16a0  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:59:33.0209 0x16a0  tcpipreg - ok
13:59:33.0216 0x16a0  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:59:33.0256 0x16a0  TDPIPE - ok
13:59:33.0261 0x16a0  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:59:33.0301 0x16a0  TDTCP - ok
13:59:33.0307 0x16a0  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:59:33.0370 0x16a0  tdx - ok
13:59:33.0380 0x16a0  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:59:33.0424 0x16a0  TermDD - ok
13:59:33.0446 0x16a0  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
13:59:33.0695 0x16a0  TermService - ok
13:59:33.0703 0x16a0  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
13:59:33.0904 0x16a0  Themes - ok
13:59:33.0910 0x16a0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:59:34.0039 0x16a0  THREADORDER - ok
13:59:34.0048 0x16a0  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
13:59:34.0263 0x16a0  TrkWks - ok
13:59:34.0272 0x16a0  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:59:34.0306 0x16a0  TrustedInstaller - ok
13:59:34.0314 0x16a0  [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:59:34.0372 0x16a0  tssecsrv - ok
13:59:34.0379 0x16a0  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:59:34.0430 0x16a0  TsUsbFlt - ok
13:59:34.0441 0x16a0  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:59:34.0488 0x16a0  TsUsbGD - ok
13:59:34.0497 0x16a0  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:59:34.0560 0x16a0  tunnel - ok
13:59:34.0573 0x16a0  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:59:34.0614 0x16a0  uagp35 - ok
13:59:34.0626 0x16a0  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:59:34.0690 0x16a0  udfs - ok
13:59:34.0706 0x16a0  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:59:34.0930 0x16a0  UI0Detect - ok
13:59:34.0940 0x16a0  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:59:34.0984 0x16a0  uliagpkx - ok
13:59:34.0992 0x16a0  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:59:35.0042 0x16a0  umbus - ok
13:59:35.0050 0x16a0  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:59:35.0098 0x16a0  UmPass - ok
13:59:35.0109 0x16a0  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:59:35.0323 0x16a0  UmRdpService - ok
13:59:35.0335 0x16a0  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
13:59:35.0580 0x16a0  upnphost - ok
13:59:35.0587 0x16a0  [ 7E72E7D7E0757D59481D530FD2B0BFAE, 288CAC9F4AC09DEB2B30C6E3A6ACF8D62A75576F62F0EC159D5E1B257419E9DC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:59:35.0637 0x16a0  usbccgp - ok
13:59:35.0647 0x16a0  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:59:35.0702 0x16a0  usbcir - ok
13:59:35.0712 0x16a0  [ CFBCE999C057D78979A181C9C60F208E, D60698EAA8A085214D5945818B0863976CF116EBE523046C344AF4E9392FDF80 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:59:35.0762 0x16a0  usbehci - ok
13:59:35.0775 0x16a0  [ 9D22AAD9AC6A07C691A1113E5F860868, AC34D36DBB5649650FCD873A792CA1387AE841D4C46781C63C0D29834F9B58E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:59:35.0827 0x16a0  usbhub - ok
13:59:35.0833 0x16a0  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:59:35.0875 0x16a0  usbohci - ok
13:59:35.0880 0x16a0  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:59:35.0922 0x16a0  usbprint - ok
13:59:35.0930 0x16a0  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:59:35.0982 0x16a0  USBSTOR - ok
13:59:35.0991 0x16a0  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:59:36.0037 0x16a0  usbuhci - ok
13:59:36.0045 0x16a0  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
13:59:36.0272 0x16a0  UxSms - ok
13:59:36.0277 0x16a0  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc        C:\Windows\system32\lsass.exe
13:59:36.0387 0x16a0  VaultSvc - ok
13:59:36.0394 0x16a0  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:59:36.0432 0x16a0  vdrvroot - ok
13:59:36.0449 0x16a0  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
13:59:36.0689 0x16a0  vds - ok
13:59:36.0696 0x16a0  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:59:36.0739 0x16a0  vga - ok
13:59:36.0745 0x16a0  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:59:36.0798 0x16a0  VgaSave - ok
13:59:36.0808 0x16a0  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:59:36.0852 0x16a0  vhdmp - ok
13:59:36.0859 0x16a0  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:59:36.0896 0x16a0  viaagp - ok
13:59:36.0903 0x16a0  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:59:36.0949 0x16a0  ViaC7 - ok
13:59:36.0954 0x16a0  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:59:36.0992 0x16a0  viaide - ok
13:59:37.0002 0x16a0  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:59:37.0049 0x16a0  vmbus - ok
13:59:37.0055 0x16a0  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:59:37.0098 0x16a0  VMBusHID - ok
13:59:37.0104 0x16a0  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:59:37.0145 0x16a0  volmgr - ok
13:59:37.0157 0x16a0  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:59:37.0210 0x16a0  volmgrx - ok
13:59:37.0221 0x16a0  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:59:37.0271 0x16a0  volsnap - ok
13:59:37.0280 0x16a0  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:59:37.0324 0x16a0  vsmraid - ok
13:59:37.0352 0x16a0  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
13:59:37.0601 0x16a0  VSS - ok
13:59:37.0607 0x16a0  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:59:37.0653 0x16a0  vwifibus - ok
13:59:37.0664 0x16a0  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
13:59:37.0899 0x16a0  W32Time - ok
13:59:37.0906 0x16a0  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:59:37.0949 0x16a0  WacomPen - ok
13:59:37.0955 0x16a0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:59:38.0024 0x16a0  WANARP - ok
13:59:38.0028 0x16a0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:59:38.0078 0x16a0  Wanarpv6 - ok
13:59:38.0111 0x16a0  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
13:59:38.0367 0x16a0  wbengine - ok
13:59:38.0379 0x16a0  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:59:38.0603 0x16a0  WbioSrvc - ok
13:59:38.0616 0x16a0  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:59:38.0840 0x16a0  wcncsvc - ok
13:59:38.0847 0x16a0  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:59:39.0057 0x16a0  WcsPlugInService - ok
13:59:39.0062 0x16a0  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:59:39.0102 0x16a0  Wd - ok
13:59:39.0118 0x16a0  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:59:39.0177 0x16a0  Wdf01000 - ok
13:59:39.0184 0x16a0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:59:39.0407 0x16a0  WdiServiceHost - ok
13:59:39.0411 0x16a0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:59:39.0618 0x16a0  WdiSystemHost - ok
13:59:39.0629 0x16a0  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
13:59:39.0855 0x16a0  WebClient - ok
13:59:39.0864 0x16a0  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:59:40.0094 0x16a0  Wecsvc - ok
13:59:40.0100 0x16a0  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:59:40.0321 0x16a0  wercplsupport - ok
13:59:40.0329 0x16a0  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
13:59:40.0554 0x16a0  WerSvc - ok
13:59:40.0560 0x16a0  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:59:40.0614 0x16a0  WfpLwf - ok
13:59:40.0619 0x16a0  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:59:40.0659 0x16a0  WIMMount - ok
13:59:40.0678 0x16a0  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:59:40.0730 0x16a0  WinDefend - ok
13:59:40.0738 0x16a0  WinHttpAutoProxySvc - ok
13:59:40.0751 0x16a0  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:59:40.0810 0x16a0  Winmgmt - ok
13:59:40.0844 0x16a0  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
13:59:41.0126 0x16a0  WinRM - ok
13:59:41.0157 0x16a0  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:59:41.0413 0x16a0  Wlansvc - ok
13:59:41.0420 0x16a0  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:59:41.0462 0x16a0  WmiAcpi - ok
13:59:41.0472 0x16a0  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:59:41.0524 0x16a0  wmiApSrv - ok
13:59:41.0558 0x16a0  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:59:41.0612 0x16a0  WMPNetworkSvc - ok
13:59:41.0620 0x16a0  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:59:41.0844 0x16a0  WPCSvc - ok
13:59:41.0850 0x16a0  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:59:42.0079 0x16a0  WPDBusEnum - ok
13:59:42.0084 0x16a0  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:59:42.0139 0x16a0  ws2ifsl - ok
13:59:42.0145 0x16a0  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:59:42.0375 0x16a0  wscsvc - ok
13:59:42.0379 0x16a0  WSearch - ok
13:59:42.0431 0x16a0  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:59:42.0700 0x16a0  wuauserv - ok
13:59:42.0711 0x16a0  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:59:42.0767 0x16a0  WudfPf - ok
13:59:42.0775 0x16a0  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:59:42.0833 0x16a0  WUDFRd - ok
13:59:42.0839 0x16a0  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:59:43.0079 0x16a0  wudfsvc - ok
13:59:43.0088 0x16a0  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:59:43.0326 0x16a0  WwanSvc - ok
13:59:43.0330 0x16a0  ================ Scan global ===============================
13:59:43.0335 0x16a0  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:59:43.0363 0x16a0  [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
13:59:43.0578 0x16a0  [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
13:59:43.0779 0x16a0  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:59:43.0963 0x16a0  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
13:59:44.0129 0x16a0  [ Global ] - ok
13:59:44.0129 0x16a0  ================ Scan MBR ==================================
13:59:44.0141 0x16a0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:59:44.0335 0x16a0  \Device\Harddisk0\DR0 - ok
13:59:44.0340 0x16a0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:59:44.0445 0x16a0  \Device\Harddisk1\DR1 - ok
13:59:44.0445 0x16a0  ================ Scan VBR ==================================
13:59:44.0470 0x16a0  [ 7F60F662D9FBBCF35BF6F7FF55A22659 ] \Device\Harddisk0\DR0\Partition1
13:59:44.0471 0x16a0  \Device\Harddisk0\DR0\Partition1 - ok
13:59:44.0483 0x16a0  [ 0D3D3A9B36E09F3B8EAC6E05455A9F20 ] \Device\Harddisk0\DR0\Partition2
13:59:44.0484 0x16a0  \Device\Harddisk0\DR0\Partition2 - ok
13:59:44.0503 0x16a0  [ EF7CE2F3C22C6221CBDF4A082833F795 ] \Device\Harddisk0\DR0\Partition3
13:59:44.0504 0x16a0  \Device\Harddisk0\DR0\Partition3 - ok
13:59:44.0508 0x16a0  [ 8709EB6D266B68A71A019AFC6BB5F0D3 ] \Device\Harddisk1\DR1\Partition1
13:59:44.0510 0x16a0  \Device\Harddisk1\DR1\Partition1 - ok
13:59:44.0513 0x16a0  [ 18F20D63B3D5A02FC35F467B2C24F6FF ] \Device\Harddisk1\DR1\Partition2
13:59:44.0515 0x16a0  \Device\Harddisk1\DR1\Partition2 - ok
13:59:44.0516 0x16a0  Waiting for KSN requests completion. In queue: 30
13:59:45.0516 0x16a0  Waiting for KSN requests completion. In queue: 30
13:59:46.0516 0x16a0  Waiting for KSN requests completion. In queue: 30
13:59:47.0541 0x16a0  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.2.234 ), 0x41000 ( enabled : updated )
13:59:47.0550 0x16a0  Win FW state via NFP2: enabled
13:59:49.0865 0x16a0  ============================================================
13:59:49.0865 0x16a0  Scan finished
13:59:49.0865 0x16a0  ============================================================
13:59:49.0865 0x13c0  Detected object count: 1
13:59:49.0865 0x13c0  Actual detected object count: 1
14:00:08.0310 0x13c0  cewd32 ( LockedFile.Multi.Generic ) - skipped by user
14:00:08.0310 0x13c0  cewd32 ( LockedFile.Multi.Generic ) - User select action: Skip 
14:00:14.0004 0x0ee0  Deinitialize success
         
Übrigens:

Mittlerweile läuft Avira AntiVir wieder normal und es kommt keine Fehlermeldung mehr


Alt 04.01.2014, 13:06   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Zitat:
14:00:08.0310 0x13c0 cewd32 ( LockedFile.Multi.Generic ) - skipped by user
14:00:08.0310 0x13c0 cewd32 ( LockedFile.Multi.Generic ) - User select action: Skip
Das Teil sieht merkwprdig aus. Bitte mal ein Log mit CF machen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte

Alt 04.01.2014, 13:24   #7
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Combofix:

Code:
ATTFilter
ComboFix 14-01-04.03 - Erich 04.01.2014  14:10:35.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3318.2171 [GMT 1:00]
ausgeführt von:: f:\desktop\Reinigung\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\catchme.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-04 bis 2014-01-04  ))))))))))))))))))))))))))))))
.
.
2014-01-04 13:18 . 2014-01-04 13:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-04 11:48 . 2014-01-04 11:48	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2014-01-04 09:53 . 2014-01-04 09:53	--------	d-----w-	c:\programdata\Malwarebytes
2014-01-04 09:53 . 2014-01-04 10:14	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-04 09:53 . 2014-01-04 10:06	104664	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 09:51 . 2014-01-04 09:51	--------	d-----w-	C:\FRST
2014-01-04 09:50 . 2014-01-04 10:20	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-01-04 09:39 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2014-01-03 13:19 . 2014-01-03 13:19	--------	d-----w-	c:\programdata\Samsung
2014-01-03 13:18 . 2013-02-05 02:28	29184	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\spe__pc.dll
2014-01-03 13:18 . 2014-01-03 13:18	--------	d-----w-	c:\program files\Samsung
2014-01-03 13:18 . 2013-06-01 05:13	1571160	------w-	c:\windows\TotalUninstaller.exe
2014-01-03 13:18 . 2013-05-10 09:48	162136	----a-w-	c:\windows\system32\spe__ci.exe
2014-01-03 13:18 . 2011-04-11 05:26	24064	----a-w-	c:\windows\system32\spe__l.dll
2014-01-03 13:18 . 2010-10-20 08:49	65536	----a-w-	c:\windows\system32\spe__ci.dll
2014-01-03 13:16 . 2014-01-03 13:16	--------	d-----w-	c:\programdata\Swiss Academic Software
2014-01-03 13:15 . 2014-01-03 13:15	--------	d-----w-	c:\program files\Citavi 4
2014-01-03 13:11 . 2014-01-03 13:11	--------	d-----w-	c:\programdata\Canon IJ Network Tool
2014-01-03 13:11 . 2009-09-17 08:12	303104	----a-w-	c:\windows\system32\CNC640L.dll
2014-01-03 13:11 . 2009-04-03 15:00	1310720	----a-w-	c:\windows\system32\CNC640C.dll
2014-01-03 13:11 . 2009-04-03 14:59	110592	----a-w-	c:\windows\system32\CNC640I.dll
2014-01-03 13:11 . 2009-04-03 14:57	106496	----a-w-	c:\windows\system32\CNC640U.dll
2014-01-03 13:11 . 2008-08-25 17:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2014-01-03 13:10 . 2014-01-03 13:10	--------	d-----w-	c:\windows\system32\STRING
2014-01-03 13:10 . 2012-06-14 16:18	35840	----a-w-	c:\windows\system32\CNMNPUI.DLL
2014-01-03 13:10 . 2012-06-14 16:18	366592	----a-w-	c:\windows\system32\CNMNPPM.DLL
2014-01-03 12:15 . 2014-01-03 12:15	--------	d-----w-	c:\windows\system32\Lang
2014-01-03 12:15 . 2014-01-03 12:15	--------	d-----w-	c:\program files\Intel
2014-01-03 12:15 . 2009-09-23 10:50	398336	----a-w-	c:\windows\system32\TVWizudlg.exe
2014-01-03 12:15 . 2009-09-23 10:49	140288	----a-w-	c:\windows\system32\igfxtvcx.dll
2014-01-03 12:14 . 2014-01-03 12:14	--------	d-----w-	c:\programdata\CovenantEyes
2014-01-03 11:51 . 2014-01-03 11:51	--------	d-----w-	C:\SkyDriveTemp
2014-01-03 11:50 . 2014-01-03 11:50	--------	d-----w-	c:\program files\Microsoft SkyDrive
2014-01-03 11:50 . 2014-01-03 11:50	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2014-01-03 11:47 . 2014-01-03 11:47	--------	d--h--w-	c:\programdata\CanonBJ
2014-01-03 11:47 . 2010-04-24 04:00	70656	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA2.DLL
2014-01-03 11:47 . 2010-04-24 04:00	27648	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA2.DLL
2014-01-03 11:47 . 2014-01-03 11:47	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2014-01-03 11:47 . 2010-04-24 04:00	272384	----a-w-	c:\windows\system32\CNMLMA2.DLL
2014-01-03 11:47 . 2009-03-18 08:09	178176	----a-w-	c:\windows\system32\CNMIUA2.DLL
2014-01-03 11:46 . 2014-01-03 13:11	--------	d-----w-	c:\program files\Canon
2014-01-03 11:33 . 2014-01-03 11:33	--------	d-----w-	c:\programdata\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33	--------	d-----w-	c:\program files\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33	--------	d-----w-	c:\programdata\APN
2014-01-03 11:31 . 2013-12-09 10:37	69240	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-01-03 11:31 . 2013-12-09 10:37	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-01-03 11:31 . 2013-12-09 10:37	90400	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-01-03 11:31 . 2013-12-09 10:37	135648	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-01-03 11:31 . 2014-01-03 11:31	--------	d-----w-	c:\programdata\Avira
2014-01-03 11:31 . 2014-01-03 11:31	--------	d-----w-	c:\program files\Avira
2014-01-03 11:19 . 2014-01-03 11:19	--------	d-----w-	c:\programdata\ALM
2014-01-03 11:19 . 2008-04-07 04:38	22872	----a-r-	c:\windows\system32\AdobePDFUI.dll
2014-01-03 11:16 . 2014-01-03 11:16	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2014-01-03 11:13 . 2014-01-03 11:13	--------	d-----w-	c:\windows\system32\Macromed
2014-01-03 11:13 . 2014-01-03 11:13	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2014-01-03 11:08 . 2014-01-03 14:11	--------	d-----w-	c:\program files\Common Files\Adobe
2014-01-03 11:05 . 2014-01-03 11:05	--------	d-----w-	c:\program files\capella-software
2014-01-03 10:51 . 2014-01-03 10:51	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-01-03 10:46 . 2013-12-16 00:54	7760024	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF684748-C367-4271-B7E3-F3E02099ABE7}\mpengine.dll
2014-01-03 10:46 . 2013-11-26 11:25	230048	------w-	c:\windows\system32\MpSigStub.exe
2014-01-03 10:46 . 2014-01-03 10:46	--------	d-----w-	c:\program files\Microsoft Works
2014-01-03 10:46 . 2014-01-03 13:13	--------	d-----w-	c:\program files\Microsoft.NET
2014-01-03 10:46 . 2014-01-03 10:46	--------	d-----w-	c:\windows\PCHEALTH
2014-01-03 10:40 . 2013-10-04 12:19	26624	----a-w-	c:\windows\system32\drivers\cewd32.sys
2014-01-03 10:40 . 2013-10-04 12:19	322584	----a-w-	c:\windows\system32\CovenantEyesProxy.dll
2014-01-03 10:40 . 2014-01-04 11:52	--------	d-----w-	c:\programdata\Microsoft Help
2014-01-03 10:40 . 2014-01-04 11:57	--------	d-sh--w-	c:\windows\Installer
2014-01-03 10:40 . 2013-12-05 09:32	3204104	----a-w-	c:\windows\system32\authServer.exe
2014-01-03 10:40 . 2014-01-03 12:14	--------	d-----w-	c:\program files\CE
2014-01-03 10:40 . 2014-01-03 10:40	--------	d--h--w-	c:\program files\InstallShield Installation Information
2014-01-03 10:39 . 2014-01-03 10:39	--------	d-----w-	c:\windows\system32\x64
2014-01-03 10:39 . 2009-09-23 18:30	1002008	----a-w-	c:\windows\system32\igxpun.exe
2014-01-03 10:39 . 2014-01-03 10:39	--------	d-----r-	C:\MSOCache
2014-01-03 10:38 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2014-01-03 10:38 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2014-01-03 10:38 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2014-01-03 10:34 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2014-01-03 10:34 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2014-01-03 10:34 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2014-01-03 10:34 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2014-01-03 10:34 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2014-01-03 10:34 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2014-01-03 10:34 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2014-01-03 10:34 . 2012-06-02 14:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2014-01-03 10:34 . 2012-06-02 14:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2014-01-03 10:24 . 2014-01-03 10:33	--------	d-----w-	c:\windows\Panther
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02	12240	----a-w-	c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2013-12-05 09:32	1650696	----a-w-	c:\program files\CE\extensions\ie\x86\ceie-0.7.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-03 11:50	222832	----a-w-	c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-03 11:50	222832	----a-w-	c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-03 11:50	222832	----a-w-	c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-01-03 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Covenant Eyes"="c:\program files\CE\CovenantEyes.exe" [2013-12-05 7065104]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
.
c:\users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
S1 cewd32;cewd32 service;c:\windows\system32\Drivers\cewd32.sys [2013-10-04 26624]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-09 440376]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-12-09 1011768]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-20 166352]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2013-12-05 3204104]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-09 69240]
S2 CovenantEyesCommService;Covenant Eyes Communication Service;c:\program files\CE\CovenantEyesCommService.exe [2013-12-05 4510240]
S2 CovenantEyesProxy;CovenantEyesProxy;c:\program files\CE\CovenantEyesProxy.exe [2013-10-04 3654168]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 06583437
*Deregistered* - 06583437
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
LSP: c:\windows\system32\CovenantEyesProxy.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-cewd32.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-04  14:19:39
ComboFix-quarantined-files.txt  2014-01-04 13:19
.
Vor Suchlauf: 6 Verzeichnis(se), 94.861.004.800 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 94.865.956.864 Bytes frei
.
- - End Of File - - 38F7CEF0397675442FA6485068FABEFA
A36C5E4F47E84449FF07ED3517B43A31
         
Wäre es vielleicht sinnvoll diese ganzen Untersuchungen im anderen Windows 7 System zu machen, das schon etwas länger läuft und nicht frisch installiert wurde? Ich vermute mal, dass der Fehler daherrührt. Auf dem System hatte ich schon mit AdAware einiges entfernt.

Alt 04.01.2014, 13:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Filelook::
    c:\windows\system32\drivers\cewd32.sys
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2014, 13:52   #9
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Ich war vorhin kurz im anderen System. Habe da einen Bluescreen erhalten: Memory Error.
Ich weiß nicht ob das von Belang ist.

Habe eben deinen Auftrag im frischen System auf der SSD ausgeführt. Leider wurde ComboFix bei Stufe 49 mit einem Bluescreen beendet und der PC sofort neugestartet. Ich konnte nicht sehen was der Fehler war. Es wurde keine Logdatei erstellt.
Soll ich es noch einmal starten?

Statdessen habe ich nun eine Combofix Datei auf C:\ die als "Arbeitsplatz" angezeigt wird und auch direkt dorthin führt bzw. beim Rechtsklick auch die Verwaltungseigenschaften des "Arbeitsplatz" aufweist.
Heißt aber nicht "Computer" sondern "ComboFix"

Ich hänge mal die Minidumps von Windows an.

Geändert von uagla (04.01.2014 um 14:02 Uhr)

Alt 04.01.2014, 14:09   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2014, 14:24   #11
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Diesmal hat es geklappt:

Code:
ATTFilter
ComboFix 14-01-04.03 - Erich 04.01.2014  15:14:37.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3318.2203 [GMT 1:00]
ausgeführt von:: f:\desktop\ComboFix.exe
Benutzte Befehlsschalter :: f:\desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\catchme.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-04 bis 2014-01-04  ))))))))))))))))))))))))))))))
.
.
2014-01-04 14:21 . 2014-01-04 14:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-04 14:21 . 2014-01-04 14:21	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-01-04 14:04 . 2014-01-04 14:05	--------	d-----w-	c:\program files\WhoCrashed
2014-01-04 14:04 . 2014-01-04 14:04	--------	d-----w-	c:\program files\NirSoft
2014-01-04 13:59 . 2014-01-04 13:59	--------	d-----w-	c:\program files\7-Zip
2014-01-04 11:48 . 2014-01-04 11:48	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2014-01-04 09:53 . 2014-01-04 09:53	--------	d-----w-	c:\programdata\Malwarebytes
2014-01-04 09:53 . 2014-01-04 10:14	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-04 09:53 . 2014-01-04 10:06	104664	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 09:51 . 2014-01-04 09:51	--------	d-----w-	C:\FRST
2014-01-04 09:50 . 2014-01-04 10:20	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-01-04 09:39 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2014-01-03 13:19 . 2014-01-03 13:19	--------	d-----w-	c:\programdata\Samsung
2014-01-03 13:18 . 2013-02-05 02:28	29184	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\spe__pc.dll
2014-01-03 13:18 . 2014-01-03 13:18	--------	d-----w-	c:\program files\Samsung
2014-01-03 13:18 . 2013-06-01 05:13	1571160	------w-	c:\windows\TotalUninstaller.exe
2014-01-03 13:18 . 2013-05-10 09:48	162136	----a-w-	c:\windows\system32\spe__ci.exe
2014-01-03 13:18 . 2011-04-11 05:26	24064	----a-w-	c:\windows\system32\spe__l.dll
2014-01-03 13:18 . 2010-10-20 08:49	65536	----a-w-	c:\windows\system32\spe__ci.dll
2014-01-03 13:16 . 2014-01-03 13:16	--------	d-----w-	c:\programdata\Swiss Academic Software
2014-01-03 13:15 . 2014-01-03 13:15	--------	d-----w-	c:\program files\Citavi 4
2014-01-03 13:11 . 2014-01-03 13:11	--------	d-----w-	c:\programdata\Canon IJ Network Tool
2014-01-03 13:11 . 2009-09-17 08:12	303104	----a-w-	c:\windows\system32\CNC640L.dll
2014-01-03 13:11 . 2009-04-03 15:00	1310720	----a-w-	c:\windows\system32\CNC640C.dll
2014-01-03 13:11 . 2009-04-03 14:59	110592	----a-w-	c:\windows\system32\CNC640I.dll
2014-01-03 13:11 . 2009-04-03 14:57	106496	----a-w-	c:\windows\system32\CNC640U.dll
2014-01-03 13:11 . 2008-08-25 17:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2014-01-03 13:10 . 2014-01-03 13:10	--------	d-----w-	c:\windows\system32\STRING
2014-01-03 13:10 . 2012-06-14 16:18	35840	----a-w-	c:\windows\system32\CNMNPUI.DLL
2014-01-03 13:10 . 2012-06-14 16:18	366592	----a-w-	c:\windows\system32\CNMNPPM.DLL
2014-01-03 12:15 . 2014-01-03 12:15	--------	d-----w-	c:\windows\system32\Lang
2014-01-03 12:15 . 2014-01-03 12:15	--------	d-----w-	c:\program files\Intel
2014-01-03 12:15 . 2009-09-23 10:50	398336	----a-w-	c:\windows\system32\TVWizudlg.exe
2014-01-03 12:15 . 2009-09-23 10:49	140288	----a-w-	c:\windows\system32\igfxtvcx.dll
2014-01-03 12:14 . 2014-01-03 12:14	--------	d-----w-	c:\programdata\CovenantEyes
2014-01-03 11:51 . 2014-01-03 11:51	--------	d-----w-	C:\SkyDriveTemp
2014-01-03 11:50 . 2014-01-03 11:50	--------	d-----w-	c:\program files\Microsoft SkyDrive
2014-01-03 11:50 . 2014-01-03 11:50	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2014-01-03 11:47 . 2014-01-03 11:47	--------	d--h--w-	c:\programdata\CanonBJ
2014-01-03 11:47 . 2010-04-24 04:00	70656	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA2.DLL
2014-01-03 11:47 . 2010-04-24 04:00	27648	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA2.DLL
2014-01-03 11:47 . 2014-01-03 11:47	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2014-01-03 11:47 . 2010-04-24 04:00	272384	----a-w-	c:\windows\system32\CNMLMA2.DLL
2014-01-03 11:47 . 2009-03-18 08:09	178176	----a-w-	c:\windows\system32\CNMIUA2.DLL
2014-01-03 11:46 . 2014-01-03 13:11	--------	d-----w-	c:\program files\Canon
2014-01-03 11:33 . 2014-01-03 11:33	--------	d-----w-	c:\programdata\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33	--------	d-----w-	c:\program files\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33	--------	d-----w-	c:\programdata\APN
2014-01-03 11:31 . 2013-12-09 10:37	69240	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-01-03 11:31 . 2013-12-09 10:37	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-01-03 11:31 . 2013-12-09 10:37	90400	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-01-03 11:31 . 2013-12-09 10:37	135648	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-01-03 11:31 . 2014-01-03 11:31	--------	d-----w-	c:\programdata\Avira
2014-01-03 11:31 . 2014-01-03 11:31	--------	d-----w-	c:\program files\Avira
2014-01-03 11:19 . 2014-01-03 11:19	--------	d-----w-	c:\programdata\ALM
2014-01-03 11:19 . 2008-04-07 04:38	22872	----a-r-	c:\windows\system32\AdobePDFUI.dll
2014-01-03 11:16 . 2014-01-03 11:16	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2014-01-03 11:13 . 2014-01-03 11:13	--------	d-----w-	c:\windows\system32\Macromed
2014-01-03 11:13 . 2014-01-03 11:13	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2014-01-03 11:08 . 2014-01-03 14:11	--------	d-----w-	c:\program files\Common Files\Adobe
2014-01-03 11:05 . 2014-01-03 11:05	--------	d-----w-	c:\program files\capella-software
2014-01-03 10:51 . 2014-01-03 10:51	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-01-03 10:46 . 2013-12-16 00:54	7760024	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF684748-C367-4271-B7E3-F3E02099ABE7}\mpengine.dll
2014-01-03 10:46 . 2013-11-26 11:25	230048	------w-	c:\windows\system32\MpSigStub.exe
2014-01-03 10:46 . 2014-01-03 10:46	--------	d-----w-	c:\program files\Microsoft Works
2014-01-03 10:46 . 2014-01-03 13:13	--------	d-----w-	c:\program files\Microsoft.NET
2014-01-03 10:46 . 2014-01-03 10:46	--------	d-----w-	c:\windows\PCHEALTH
2014-01-03 10:40 . 2013-10-04 12:19	26624	----a-w-	c:\windows\system32\drivers\cewd32.sys
2014-01-03 10:40 . 2013-10-04 12:19	322584	----a-w-	c:\windows\system32\CovenantEyesProxy.dll
2014-01-03 10:40 . 2014-01-04 11:52	--------	d-----w-	c:\programdata\Microsoft Help
2014-01-03 10:40 . 2014-01-04 11:57	--------	d-sh--w-	c:\windows\Installer
2014-01-03 10:40 . 2013-12-05 09:32	3204104	----a-w-	c:\windows\system32\authServer.exe
2014-01-03 10:40 . 2014-01-03 12:14	--------	d-----w-	c:\program files\CE
2014-01-03 10:40 . 2014-01-03 10:40	--------	d--h--w-	c:\program files\InstallShield Installation Information
2014-01-03 10:39 . 2014-01-03 10:39	--------	d-----w-	c:\windows\system32\x64
2014-01-03 10:39 . 2009-09-23 18:30	1002008	----a-w-	c:\windows\system32\igxpun.exe
2014-01-03 10:39 . 2014-01-03 10:39	--------	d-----r-	C:\MSOCache
2014-01-03 10:38 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2014-01-03 10:38 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2014-01-03 10:38 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2014-01-03 10:34 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2014-01-03 10:34 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2014-01-03 10:34 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2014-01-03 10:34 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2014-01-03 10:34 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2014-01-03 10:34 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2014-01-03 10:34 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2014-01-03 10:34 . 2012-06-02 14:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2014-01-03 10:34 . 2012-06-02 14:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2014-01-03 10:24 . 2014-01-03 10:33	--------	d-----w-	c:\windows\Panther
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\cewd32.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 26624
Created time: 2014-01-03 10:40
Modified time: 2013-10-04 12:19
MD5: !HASH: COULD NOT OPEN FILE !!!!!
SHA1: !HASH: COULD NOT OPEN FILE !!!!!
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02	12240	----a-w-	c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2013-12-05 09:32	1650696	----a-w-	c:\program files\CE\extensions\ie\x86\ceie-0.7.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-03 11:50	222832	----a-w-	c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-03 11:50	222832	----a-w-	c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-03 11:50	222832	----a-w-	c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-01-03 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Covenant Eyes"="c:\program files\CE\CovenantEyes.exe" [2013-12-05 7065104]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
.
c:\users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
S1 cewd32;cewd32 service;c:\windows\system32\Drivers\cewd32.sys [2013-10-04 26624]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-09 440376]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-12-09 1011768]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-20 166352]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2013-12-05 3204104]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-09 69240]
S2 CovenantEyesCommService;Covenant Eyes Communication Service;c:\program files\CE\CovenantEyesCommService.exe [2013-12-05 4510240]
S2 CovenantEyesProxy;CovenantEyesProxy;c:\program files\CE\CovenantEyesProxy.exe [2013-10-04 3654168]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
LSP: c:\windows\system32\CovenantEyesProxy.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-04  15:23:28
ComboFix-quarantined-files.txt  2014-01-04 14:23
ComboFix2.txt  2014-01-04 13:19
.
Vor Suchlauf: 11 Verzeichnis(se), 94.726.447.104 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 94.704.709.632 Bytes frei
.
- - End Of File - - 9D45DF74B2C39F0715BDF334AD0770AE
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 05.01.2014, 00:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Ich glaube du hast ein handfestes Problem. Aus welchen Quellen stammt die Software, die du unter dieser Windows-Installation installiert hast?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2014, 10:50   #13
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Alles originale Quellen:

Windows von dem Microsoft Dreamspark Programm
Von Office habe ich die Original CD
Von Adobe CS4 auch

Citavi, Dropbox, Skydrive und Skype sind von der Original Hersteller Seite. Avira auch.

Würde es helfen die Partition mit der alten Windows 7 Installation zu formatieren?
Ich habe den Virus nämlich schon länger, aber erst in den letzen Tagen kam die Fehlermeldung, dass der Virus in der anderen Partition ist.

Hatte seit dem letzten Combofix-Scan wieder einen Bluescreen. Hänge ihn mal an

Seit neuestem stürzt Firefox dauernd ab.
Und im Explorer funktioneren einige Verknüpfungen nicht mehr.

Alt 05.01.2014, 18:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Zitat:
Würde es helfen die Partition mit der alten Windows 7 Installation zu formatieren?
Natürlich Neuinstallation kannst du immer machen wenn dir das sicherer ist.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2014, 20:15   #15
uagla
 
BOO /TDss.O  im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte



Aber ist dadurch das Windows 7 System auf der SSD Festplatte clean? Die würde ich nicht unbedingt noch einmal installieren wollen.

Wie gesagt, ich habe momentan zwei Windows 7 Systeme. Eines was ich bisher genutzt habe auf der HDD Platte (dies würde ich neu installieren) und eines was ich jetzt auf der neuen SSD Platte installiert habe und auf dem alle bisherigen Untersuchungen gelaufen sind.

KAnnst du was zum Bluescreen sagen? Ich habe nämlich gleichzeitig mit der neuen Festplatte neuen Arbeitsspeicher eingebaut. Könnte das damit zusammenhängen, weil es ja ein Memory-Cache Error war, oder ist es wahrscheinlich, dass das mit dem Trojaner zusammenhängt?

Antwort

Themen zu BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte
adblock, adobe, antivir, antivirus, avira, browser, defender, desktop, excel, explorer, fehlermeldung, festplatte, firefox, flash player, installation, mozilla, neustart, photoshop, registry, security, services.exe, software, svchost.exe, system, tv wizard, windows, winlogon.exe



Ähnliche Themen: BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte


  1. Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.09.2014 (24)
  2. Windows 7 nach Installation einer Freeware infiziert
    Plagegeister aller Art und deren Bekämpfung - 06.07.2014 (39)
  3. Windows 7: Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.05.2014 (33)
  4. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (3)
  5. BOO/TDss.O im Masterbootsektor
    Log-Analyse und Auswertung - 17.04.2014 (11)
  6. Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden
    Log-Analyse und Auswertung - 22.01.2014 (23)
  7. Windows 7: BOO/TDss.O in Masterbootsektor nach Formatierung
    Log-Analyse und Auswertung - 17.11.2013 (6)
  8. BOO/TDss.M in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (22)
  9. BOO/TDss.m Masterbootsektor verseucht! versuch zu bereinigen gescheitert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (27)
  10. vermute virus nach installation einer .exe datei aus nicht 100%sicherer Quelle.
    Log-Analyse und Auswertung - 07.12.2011 (7)
  11. BOO/TDss.M im Masterbootsektor gefunden.(Antivir) Auch nach Systemrücksetzung mit Samsung Recovery
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (36)
  12. Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden
    Log-Analyse und Auswertung - 30.09.2011 (30)
  13. Masterbootsektor HD0 Virus BOO/TDss.D
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (35)
  14. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (27)
  15. BOO/TDss.M im Masterbootsektor gefunden - wie entfernen?
    Log-Analyse und Auswertung - 20.05.2011 (26)
  16. Masterbootsektor mit BOO/TDss.M vereucht
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (32)
  17. Probleme mit der zweiten Festplatte
    Alles rund um Windows - 23.02.2006 (7)

Zum Thema BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Hallo, habe eine Zweitinstallation von Windows 7 auf meiner neuen SSD gemacht. Seitdem bringt AntiVir die oben genannte Meldung. Nachdem ich hier einige Postings gefunden habe, habe ich bereits mBar - BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte...
Archiv
Du betrachtest: BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.