| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Groupon EmailWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2013, 13:17
| #1 |
 |  Groupon Email Hallo, ich habe folgendes Problem; Leider habe ich den Anhang einer gefälschten Groupon Rechnung geöffnet  Ich weiß man sollte nie solche Anhänge öffnen gerade wenn sie wie bei mir auch noch im Spam Ordner sind.Naja nun ist es passiert...Weiß jetzt leider nicht wie ich mich verhalten soll,habe mein Antivieren Programm mehrmals durchlaufen lassen,aber es findet nichts.Soweit läuft mein Notebook ( Sony Vaio VGN N31S/W) auch ohne Auffälligkeiten.Manchmal hängt sich mein Notebook zwar auf aber das Problem hatte ich auch schon vorher. Wie ich in diversen Foren lesen konnte wäre es wohl das beste das Notebook neu zu formatieren,habe nur leider keine Recovery-CD. Bringt denke ich nichts diese jetzt zu erstellen....Sony möchte 60€ für eine solche Cd,was ich sehr unverschähmt finde,nur mal am Rande. Gibt es denn jetzt eine Möglichkeit das ganze ohne Cd zu machen? Wenn ja,wie? Ich bin jetzt auch kein Experte und kenne mich mit "solchen" Sachen nicht wirklich aus Woran würde ich erkennen das ich mir den Trojaner überhaupt eingefangen habe? Bin für jede Hilfe dankbar=) |
|
08.03.2013, 15:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Groupon Email Hallo Kim und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
08.03.2013, 18:25
| #3 |
| | Groupon Email Hallo,danke schonmal für die Hilfe=)
__________________Also ich habe jetzt genau das gemacht,wie du es oben beschrieben hast. Nach dem Scan öffnete sich der Editor mit irgendwelchen Dateien o.Ä. Sind das die Logfiles? Ist eine laaange Liste. Ich kopiere einfach mal alles was im Editor steht in den Thread,hoffe das ist ok so. Sorry falls ich etwas unverständlich schreibe,aber hab nicht so die Ahnung=)) Also hier dann das was nach dem Scan im Editor erschien:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.03.2013 17:57:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dirk\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,45 Mb Total Physical Memory | 210,25 Mb Available Physical Memory | 20,75% Memory free
2,24 Gb Paging File | 1,01 Gb Available in Paging File | 45,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,85 Gb Total Space | 35,67 Gb Free Space | 42,55% Space Free | Partition Type: NTFS
Computer Name: KIM | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1708E1AF-939F-4EC0-83D5-7F39E7B7EE59}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{29DB5AB5-670E-44DF-8725-5907A143EE87}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{45965F10-961E-41D5-8DEE-CA343BA4C24D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F90FF52-38AC-426F-A05E-1B08B9A7A865}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77051FC2-219D-4B36-B2BB-6CA2A1AA56D2}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7C9DDA84-39BD-489E-8948-69D834B8E77B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A65CA1E7-FE6C-4CFB-9D51-CCCB7C044A83}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D4399B49-FFF1-4DFF-AD16-1779541E8742}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{D84F9B45-DA15-4151-85B2-E649328EA555}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DBFC3EE1-2263-4D48-B5ED-B20C722F02C1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{0A97C4F6-CDF7-41C0-95F1-07539F0DCE11}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{74D628BF-3AF5-4B0A-A358-3C188789B088}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BEFFA63D-A125-42CB-8167-CE0E91FE1771}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
"TCP Query User{DAD96FD6-CBB6-4DCA-9AB2-FF98A17B330F}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
"UDP Query User{14A75411-BEEB-455B-B833-CD2A770B1E0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{488D551D-D2FA-462C-8FAC-06925F941D1E}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
"UDP Query User{E0983026-D74D-4FAD-AA89-B752352506CB}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{FDDD45BF-262A-4B66-B27F-DE94A77AAC5A}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0AAE6279-45D3-4E87-A8C5-0E6F29BC2C32}" = VAIO Content Importer VAIO Content Exporter
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{6473B3D0-B05C-4D2F-A7EC-BECB512FCB14}" = EmptyInstaller2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"qmiwo" = Favorit
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.03.2013 20:41:21 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
Error - 07.03.2013 20:41:36 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.03.2013 20:41:36 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32152
Error - 07.03.2013 20:41:37 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32152
Error - 08.03.2013 08:24:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.03.2013 08:24:08 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585
Error - 08.03.2013 08:24:08 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585
Error - 08.03.2013 12:32:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.03.2013 12:32:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14895022
Error - 08.03.2013 12:32:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14895022
[ OSession Events ]
Error - 14.11.2011 06:22:47 | Computer Name = Kim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.01.2012 06:02:19 | Computer Name = Kim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.03.2013 19:50:56 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description =
Error - 06.03.2013 06:46:31 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description =
Error - 06.03.2013 13:12:14 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description =
Error - 06.03.2013 15:39:37 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description =
Error - 07.03.2013 05:40:25 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description =
Error - 07.03.2013 08:09:07 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description =
Error - 08.03.2013 07:42:21 | Computer Name = Kim | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.03.2013 um 12:40:22 unerwartet heruntergefahren.
Error - 08.03.2013 07:43:41 | Computer Name = Kim | Source = Service Control Manager | ID = 7000
Description =
Error - 08.03.2013 08:00:24 | Computer Name = Kim | Source = DCOM | ID = 10010
Description =
Error - 08.03.2013 12:32:26 | Computer Name = Kim | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4351&SUBSYS_8212104D&REV_16\4&dbe6b62&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
Ich sehe grad das sich noch ein Editor Fenster geöffnet hat,das meintest du wahrscheinlich mich 2 Logfiles... Hier noch das 2. OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.03.2013 17:57:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dirk\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,45 Mb Total Physical Memory | 210,25 Mb Available Physical Memory | 20,75% Memory free 2,24 Gb Paging File | 1,01 Gb Available in Paging File | 45,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83,85 Gb Total Space | 35,67 Gb Free Space | 42,55% Space Free | Partition Type: NTFS Computer Name: KIM | User Name: Dirk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dirk\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Windows\System32\hccutils.dll () MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll () MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll () ========== Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe (Sony Corporation) SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe () SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} IE - HKLM\..\SearchScopes\{47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=05f47d86-239e-4a66-928f-80b6a9c940e8&apn_sauid=9F85E6BD-1958-400F-966F-8F5A8C8AF79D IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{9F2360B4-CD6B-4DB5-BA2E-03753F97F4BA}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{B1472057-0DB3-440B-9B9E-1C205D913293}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{C60E9CA9-DC95-4911-840D-D3049A6DE62B}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{D579859A-5EFF-412D-BDAC-C090F7664935}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{DAFB0E34-2AC5-4BE6-AB6D-17E7D26265D7}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{E6539B18-4B8F-470D-ADE7-4B28112F5FAB}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms} IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "WEB.DE Suche" FF - prefs.js..browser.search.order.2: "amazon.de" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 01:08:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 01:07:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 01:08:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 01:07:52 | 000,000,000 | ---D | M] [2009.03.04 20:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions [2009.03.04 20:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013.02.23 22:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\oywb3tlb.default\extensions [2013.01.30 20:39:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\oywb3tlb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.12.11 16:36:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2010.02.16 17:44:01 | 000,005,591 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\1und1-suche.xml [2010.02.16 17:43:58 | 000,001,371 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\amazonde.xml [2012.07.30 12:52:07 | 000,002,324 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\askcom.xml [2010.02.16 17:43:58 | 000,010,605 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\gmx-suche.xml [2013.03.03 15:06:29 | 000,000,944 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\icqplugin.xml [2009.03.12 15:37:38 | 000,001,632 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\live-search.xml [2011.04.05 20:57:08 | 000,001,420 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\preisvergleich.xml [2009.07.18 22:44:07 | 000,003,915 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\sweetim.xml [2010.02.16 17:43:58 | 000,005,588 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\webde-suche.xml [2013.03.08 01:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.03.08 01:07:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.03.08 01:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.08 01:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 01:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2009.09.01 23:21:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.03.08 01:08:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-845676866-838732798-2609836163-1003..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-845676866-838732798-2609836163-1003..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O7 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75150A78-C350-47D0-A029-3EEC5D8DD586}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 17:53:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe [2013.03.08 01:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.27 13:08:23 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Documents\Meine Scans [2013.02.23 22:31:03 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Printer Info Cache [2013.02.23 22:31:02 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Image Zone Express [2013.02.23 21:58:06 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.23 21:57:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.23 21:57:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.23 21:57:32 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.23 19:43:04 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\Meine Scans [2013.02.23 19:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2013.02.23 19:14:30 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\HP [2013.02.23 19:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY [2013.02.23 19:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.02.23 19:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2013.02.23 19:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2013.02.23 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2013.02.23 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.02.23 18:52:37 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2013.02.23 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.02.23 18:42:55 | 000,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiav1.dll [2013.02.23 18:42:55 | 000,573,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl1.dll [2013.02.23 18:42:55 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll [2013.02.23 18:42:55 | 000,258,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll [2013.02.21 16:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.21 16:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.21 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.21 16:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.14 15:36:40 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 15:35:09 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013.02.14 15:35:09 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.14 15:35:09 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.02.14 15:35:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.02.14 15:35:08 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.14 15:35:08 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 15:35:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.14 15:35:07 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.14 15:35:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.02.14 15:35:02 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.02.14 15:34:46 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 15:34:45 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.08 16:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ========== Files - Modified Within 30 Days ========== [2013.03.08 18:00:18 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job [2013.03.08 17:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.08 17:53:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe [2013.03.08 17:39:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 17:32:48 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.08 17:32:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 17:32:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 17:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 12:42:14 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2013.03.07 01:03:57 | 000,001,652 | ---- | M] () -- C:\Users\Dirk\Desktop\Disk Cleanup.lnk [2013.02.27 11:57:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.27 11:57:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.26 18:11:21 | 000,014,220 | ---- | M] () -- C:\Users\Dirk\Documents\Absageschreiben Kindergeldkasse.odt [2013.02.24 13:22:37 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.23 21:57:15 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.23 21:57:12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.23 21:57:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.23 21:57:11 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.02.23 21:57:11 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.23 21:57:11 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.23 19:25:48 | 000,000,000 | ---- | M] () -- C:\Windows\hpqEmlSz.INI [2013.02.23 19:16:31 | 000,164,310 | ---- | M] () -- C:\Windows\hpoins19.dat [2013.02.23 19:13:13 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2013.02.23 19:12:13 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk [2013.02.23 19:07:47 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2013.02.23 19:05:46 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013.02.21 16:54:08 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.14 16:15:02 | 000,322,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.14 15:53:21 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.14 15:53:21 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.14 15:53:21 | 000,150,754 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.14 15:53:21 | 000,122,560 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.03.07 01:03:57 | 000,001,652 | ---- | C] () -- C:\Users\Dirk\Desktop\Disk Cleanup.lnk [2013.02.23 19:25:48 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI [2013.02.23 19:13:13 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2013.02.23 19:12:36 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2013.02.23 19:12:13 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk [2013.02.23 19:07:47 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2013.02.23 19:05:46 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013.02.23 18:43:30 | 000,164,310 | ---- | C] () -- C:\Windows\hpoins19.dat [2013.02.23 18:42:50 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2013.02.21 16:54:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2009.06.09 00:33:36 | 000,322,036 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo_nav.dat [2009.06.09 00:33:06 | 000,002,986 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo.dat [2009.06.09 00:33:06 | 000,000,332 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo_navps.dat [2009.06.09 00:33:06 | 000,000,087 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo.bat [2009.04.15 18:55:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.01.30 13:36:10 | 000,000,680 | ---- | C] () -- C:\Users\Dirk\AppData\Local\d3d9caps.dat [2008.04.24 09:04:07 | 000,178,579 | ---- | C] () -- C:\Users\Dirk\AppData\Roaming\UserTile.png [2008.03.16 22:10:55 | 000,010,240 | ---- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
08.03.2013, 19:20
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Email Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.03.2013, 19:58
| #5 |
| | Groupon Email Also GMER ist 2 mal abgestürzt Wollte jetzt Malwarebytes Laden aber weiß nicht so richtig was in der Anleitung mit entpacken gemeint ist. Wie mache ich das? Also wenn ich auf Update klicke bekomm ich die Meldung failed: Host Not found Geändert von Kim1988 (08.03.2013 um 20:07 Uhr) Grund: Hab das entpacken hinbekommen mache jetzt weiter und poste dann... |
|
08.03.2013, 20:20
| #6 |
| | Groupon Email Hab im Anhang mal ein Foto gemacht. Ist glaub ich praktischer |
|
08.03.2013, 20:43
| #7 |
| |  Groupon Email Ich war nicht mit dem Internet verbunden jetzt funktioniert es |
|
08.03.2013, 21:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Email Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 21:29
| #9 |
| | Groupon Email Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.08.15 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Dirk :: KIM [administrator] 08.03.2013 20:54:43 mbar-log-2013-03-08 (20-54-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27610 Time elapsed: 11 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot. HKCU\SOFTWARE\fcn (Rogue.Residue) -> Delete on reboot. HKLM\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Users\Dirk\Downloads\flash_player_updater.exe (Malware.Packer.SGX2) -> Delete on reboot. (end) Sorry hatte vergessen als Code Tag. Hier nochmal richtig: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.08.15
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Dirk :: KIM [administrator]
08.03.2013 20:54:43
mbar-log-2013-03-08 (20-54-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27610
Time elapsed: 11 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCU\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Delete on reboot.
HKLM\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\Dirk\Downloads\flash_player_updater.exe (Malware.Packer.SGX2) -> Delete on reboot.
(end)
|
|
08.03.2013, 23:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Email Probier bitte nochmal GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.03.2013, 02:40
| #11 |
| | Groupon Email Hat funktioniert. Hier die Logfile Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-09 02:36:56
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 TOSHIBA_MK1034GSX rev.AH201A 93,16GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Dirk\AppData\Local\Temp\pxldqpow.sys
---- System - GMER 2.1 ----
SSDT 88208C5E ZwCreateSection
SSDT 88208C68 ZwRequestWaitReplyPort
SSDT 88208C63 ZwSetContextThread
SSDT 88208C6D ZwSetSecurityObject
SSDT 88208C72 ZwSystemDebugControl
SSDT 88208BFF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81EB08D8 4 Bytes [5E, 8C, 20, 88]
.text ntkrnlpa.exe!KeSetEvent + 539 81EB0BFC 4 Bytes [68, 8C, 20, 88]
.text ntkrnlpa.exe!KeSetEvent + 56D 81EB0C30 4 Bytes [63, 8C, 20, 88]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81EB0C94 4 Bytes [6D, 8C, 20, 88]
.text ntkrnlpa.exe!KeSetEvent + 619 81EB0CDC 4 Bytes [72, 8C, 20, 88]
.text ...
---- Devices - GMER 2.1 ----
Device \Driver\ti21sony \Device\Dev_ffffffff856c6c60 8489B0DC
Device \Driver\atapi \Device\Dev_ffffffff8430fb98 84953140
Device \Driver\ti21sony \Device\Dev_ffffffff8562e968 8489B0DC
---- Modules - GMER 2.1 ----
Module (noname) (*** hidden *** ) 84869000-84935000 (835584 bytes)
Module (noname) (*** hidden *** ) 8493D000-8495B000 (122880 bytes)
Module (noname) (*** hidden *** ) 84935000-8493D000 (32768 bytes)
---- EOF - GMER 2.1 ----
|
|
10.03.2013, 15:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Email aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2013, 17:59
| #13 |
| | Groupon Email Das sind die Logfiles aswMBR.exe Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 17:27:47
-----------------------------
17:27:47.874 OS Version: Windows 6.0.6002 Service Pack 2
17:27:47.874 Number of processors: 2 586 0xF02
17:27:47.874 ComputerName: KIM UserName:
17:28:09.995 Initialize success
17:30:55.654 AVAST engine defs: 13031000
17:31:19.678 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
17:31:19.694 Disk 0 Vendor: TOSHIBA_MK1034GSX AH201A Size: 95396MB BusType: 3
17:31:19.694 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005e
17:31:19.694 Disk 1 Vendor: ( Size: 95396MB BusType: 0
17:31:19.694 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000005f
17:31:19.694 Disk 2 Vendor: ( Size: 95396MB BusType: 0
17:31:19.756 Disk 0 MBR read successfully
17:31:19.756 Disk 0 MBR scan
17:31:19.865 Disk 0 Windows VISTA default MBR code
17:31:19.881 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9536 MB offset 2048
17:31:19.912 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 85858 MB offset 19531776
17:31:19.959 Disk 0 scanning sectors +195369520
17:31:20.193 Disk 0 scanning C:\Windows\system32\drivers
17:31:58.429 Service scanning
17:32:49.971 Modules scanning
17:33:52.527 Disk 0 trace - called modules:
17:33:52.621 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
17:33:52.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84973ac8]
17:33:52.621 3 CLASSPNP.SYS[863ac8b3] -> nt!IofCallDriver -> [0x8430d328]
17:33:52.636 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8430fb98]
17:33:53.011 AVAST engine scan C:\Windows
17:34:20.857 AVAST engine scan C:\Windows\system32
17:39:15.400 AVAST engine scan C:\Windows\system32\drivers
17:39:55.196 AVAST engine scan C:\Users\Dirk
17:48:37.464 AVAST engine scan C:\ProgramData
17:53:30.901 Scan finished successfully
17:56:40.847 Disk 0 MBR has been saved successfully to "C:\Users\Dirk\Desktop\MBR.dat"
17:56:40.847 The log file has been saved successfully to "C:\Users\Dirk\Desktop\aswMBR.txt"
Es wurden 153 threats gefunden,hinter jedem steht skip. Und ganz unten continue,wie speicher ich das jetzt? Die Logfiles habe ich jetzt gefunden=) Aber ich kann sie nicht in einem Posten,da sie zu lang sind,sagt Trojaner Board. Ich poste sie jetzt aufgeteilt. Hier der erste Abschnitt: Code:
ATTFilter 18:05:11.0878 0888 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:05:12.0206 0888 ============================================================
18:05:12.0206 0888 Current date / time: 2013/03/10 18:05:12.0206
18:05:12.0206 0888 SystemInfo:
18:05:12.0206 0888
18:05:12.0206 0888 OS Version: 6.0.6002 ServicePack: 2.0
18:05:12.0206 0888 Product type: Workstation
18:05:12.0206 0888 ComputerName: KIM
18:05:12.0206 0888 UserName: Dirk
18:05:12.0206 0888 Windows directory: C:\Windows
18:05:12.0206 0888 System windows directory: C:\Windows
18:05:12.0206 0888 Processor architecture: Intel x86
18:05:12.0206 0888 Number of processors: 2
18:05:12.0206 0888 Page size: 0x1000
18:05:12.0206 0888 Boot type: Normal boot
18:05:12.0206 0888 ============================================================
18:05:13.0984 0888 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:05:14.0015 0888 ============================================================
18:05:14.0015 0888 \Device\Harddisk0\DR0:
18:05:14.0047 0888 MBR partitions:
18:05:14.0047 0888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A0800, BlocksNum 0xA7B1230
18:05:14.0047 0888 ============================================================
18:05:14.0125 0888 C: <-> \Device\Harddisk0\DR0\Partition1
18:05:14.0187 0888 ============================================================
18:05:14.0187 0888 Initialize success
18:05:14.0187 0888 ============================================================
18:05:44.0014 5312 ============================================================
18:05:44.0014 5312 Scan started
18:05:44.0014 5312 Mode: Manual; SigCheck; TDLFS;
18:05:44.0014 5312 ============================================================
18:05:44.0498 5312 ================ Scan system memory ========================
18:05:44.0498 5312 System memory - ok
18:05:44.0498 5312 ================ Scan services =============================
18:05:44.0638 5312 [ 1C46DB7455C8BAA1CDA105BE636EA2BD ] ACPI C:\Windows\system32\drivers\acpi.sys
18:05:44.0669 5312 Suspicious file (Forged): C:\Windows\system32\drivers\acpi.sys. Real md5: 1C46DB7455C8BAA1CDA105BE636EA2BD, Fake md5: 82B296AE1892FE3DBEE00C9CF92F8AC7
18:05:44.0669 5312 ACPI ( ForgedFile.Multi.Generic ) - warning
18:05:44.0669 5312 ACPI - detected ForgedFile.Multi.Generic (1)
18:05:44.0794 5312 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:05:44.0950 5312 AdobeARMservice - ok
18:05:45.0028 5312 [ DBBDE6BC8995ABC5DBBD3C8874A6AA4C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:45.0028 5312 Suspicious file (Forged): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: DBBDE6BC8995ABC5DBBD3C8874A6AA4C, Fake md5: 9942DC4CC265CDA00486504444EF521D
18:05:45.0028 5312 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - warning
18:05:45.0028 5312 AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic (1)
18:05:45.0059 5312 [ 180296C9364B330492245C6A906DFD21 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:05:45.0075 5312 Suspicious file (Forged): C:\Windows\system32\drivers\adp94xx.sys. Real md5: 180296C9364B330492245C6A906DFD21, Fake md5: 2EDC5BBAC6C651ECE337BDE8ED97C9FB
18:05:45.0091 5312 adp94xx ( ForgedFile.Multi.Generic ) - warning
18:05:45.0091 5312 adp94xx - detected ForgedFile.Multi.Generic (1)
18:05:45.0091 5312 [ F583BF71EEBE44D9D68EE1E2C95FA182 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:05:45.0122 5312 Suspicious file (Forged): C:\Windows\system32\drivers\adpahci.sys. Real md5: F583BF71EEBE44D9D68EE1E2C95FA182, Fake md5: B84088CA3CDCA97DA44A984C6CE1CCAD
18:05:45.0122 5312 adpahci ( ForgedFile.Multi.Generic ) - warning
18:05:45.0122 5312 adpahci - detected ForgedFile.Multi.Generic (1)
18:05:45.0137 5312 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:05:45.0153 5312 adpu160m - ok
18:05:45.0169 5312 [ 6B6E34A9C063B2F426C4C635B6A224BE ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:05:45.0184 5312 Suspicious file (Forged): C:\Windows\system32\drivers\adpu320.sys. Real md5: 6B6E34A9C063B2F426C4C635B6A224BE, Fake md5: 9AE713F8E30EFC2ABCCD84904333DF4D
18:05:45.0184 5312 adpu320 ( ForgedFile.Multi.Generic ) - warning
18:05:45.0184 5312 adpu320 - detected ForgedFile.Multi.Generic (1)
18:05:45.0231 5312 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:05:45.0590 5312 AeLookupSvc - ok
18:05:45.0637 5312 [ C9C34C252C2DE3DCAB88D01562FDB965 ] AFD C:\Windows\system32\drivers\afd.sys
18:05:45.0668 5312 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: C9C34C252C2DE3DCAB88D01562FDB965, Fake md5: 3911B972B55FEA0478476B2E777B29FA
18:05:45.0668 5312 AFD ( ForgedFile.Multi.Generic ) - warning
18:05:45.0668 5312 AFD - detected ForgedFile.Multi.Generic (1)
18:05:45.0715 5312 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:05:45.0730 5312 agp440 - ok
18:05:45.0777 5312 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:05:45.0793 5312 aic78xx - ok
18:05:45.0824 5312 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:05:45.0980 5312 ALG - ok
18:05:45.0995 5312 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:05:46.0011 5312 aliide - ok
18:05:46.0058 5312 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:05:46.0073 5312 amdagp - ok
18:05:46.0089 5312 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:05:46.0105 5312 amdide - ok
18:05:46.0136 5312 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:05:46.0432 5312 AmdK7 - ok
18:05:46.0463 5312 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:05:46.0557 5312 AmdK8 - ok
18:05:46.0666 5312 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:05:46.0713 5312 AntiVirSchedulerService - ok
18:05:46.0744 5312 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:05:46.0760 5312 AntiVirService - ok
18:05:46.0807 5312 [ 370197CD43319BA40CCE4FC6DDF047B7 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:05:46.0822 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\Apfiltr.sys. Real md5: 370197CD43319BA40CCE4FC6DDF047B7, Fake md5: 7C2F57BCE81FA74933F0E1C84A97C9DB
18:05:46.0822 5312 ApfiltrService ( ForgedFile.Multi.Generic ) - warning
18:05:46.0822 5312 ApfiltrService - detected ForgedFile.Multi.Generic (1)
18:05:46.0869 5312 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:05:46.0947 5312 Appinfo - ok
18:05:47.0243 5312 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:05:47.0259 5312 Apple Mobile Device - ok
18:05:47.0306 5312 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:05:47.0321 5312 arc - ok
18:05:47.0353 5312 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:05:47.0368 5312 arcsas - ok
18:05:47.0415 5312 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:47.0493 5312 AsyncMac - ok
18:05:47.0540 5312 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:05:47.0555 5312 atapi - ok
18:05:47.0602 5312 [ 13673718FB38F2049FFA8E23CB5B9D82 ] athr C:\Windows\system32\DRIVERS\athr.sys
18:05:47.0649 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\athr.sys. Real md5: 13673718FB38F2049FFA8E23CB5B9D82, Fake md5: 7FA516FC81DD5931F389B56279A27A3E
18:05:47.0649 5312 athr ( ForgedFile.Multi.Generic ) - warning
18:05:47.0649 5312 athr - detected ForgedFile.Multi.Generic (1)
18:05:47.0696 5312 [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:47.0711 5312 Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:05:47.0711 5312 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - warning
18:05:47.0711 5312 AudioEndpointBuilder - detected ForgedFile.Multi.Generic (1)
18:05:47.0727 5312 [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:05:47.0727 5312 Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:05:47.0727 5312 Audiosrv ( ForgedFile.Multi.Generic ) - warning
18:05:47.0727 5312 Audiosrv - detected ForgedFile.Multi.Generic (1)
18:05:47.0774 5312 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:05:47.0821 5312 avgntflt - ok
18:05:47.0836 5312 [ 56E83EEDA5468D29B74B14F4CCCC27F2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:05:47.0867 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\avipbb.sys. Real md5: 56E83EEDA5468D29B74B14F4CCCC27F2, Fake md5: 37B854C7D1F477E66C5B49C7700C47CC
18:05:47.0867 5312 avipbb ( ForgedFile.Multi.Generic ) - warning
18:05:47.0867 5312 avipbb - detected ForgedFile.Multi.Generic (1)
18:05:47.0899 5312 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:05:47.0914 5312 avkmgr - ok
18:05:47.0977 5312 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:05:48.0055 5312 Beep - ok
18:05:48.0101 5312 [ 4F99C5E39834F98AD426DCE8F4FD50EA ] BFE C:\Windows\System32\bfe.dll
18:05:48.0117 5312 Suspicious file (Forged): C:\Windows\System32\bfe.dll. Real md5: 4F99C5E39834F98AD426DCE8F4FD50EA, Fake md5: C789AF0F724FDA5852FB9A7D3A432381
18:05:48.0117 5312 BFE ( ForgedFile.Multi.Generic ) - warning
18:05:48.0117 5312 BFE - detected ForgedFile.Multi.Generic (1)
18:05:48.0164 5312 [ 2C17A8F1C97593B30DA4771F66B9D9FA ] BITS C:\Windows\System32\qmgr.dll
18:05:48.0211 5312 Suspicious file (Forged): C:\Windows\System32\qmgr.dll. Real md5: 2C17A8F1C97593B30DA4771F66B9D9FA, Fake md5: 93952506C6D67330367F7E7934B6A02F
18:05:48.0226 5312 BITS ( ForgedFile.Multi.Generic ) - warning
18:05:48.0226 5312 BITS - detected ForgedFile.Multi.Generic (1)
18:05:48.0226 5312 blbdrive - ok
18:05:48.0304 5312 [ 55F1E1F0CCF431207DCBCFE3668E5187 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:05:48.0351 5312 Suspicious file (Forged): C:\Program Files\Bonjour\mDNSResponder.exe. Real md5: 55F1E1F0CCF431207DCBCFE3668E5187, Fake md5: DB5BEA73EDAF19AC68B2C0FAD0F92B1A
18:05:48.0351 5312 Bonjour Service ( ForgedFile.Multi.Generic ) - warning
18:05:48.0351 5312 Bonjour Service - detected ForgedFile.Multi.Generic (1)
18:05:48.0382 5312 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:05:48.0460 5312 bowser - ok
18:05:48.0507 5312 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:05:48.0538 5312 BrFiltLo - ok
18:05:48.0569 5312 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:05:48.0632 5312 BrFiltUp - ok
18:05:48.0679 5312 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:05:48.0741 5312 Browser - ok
18:05:48.0772 5312 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:05:48.0835 5312 Brserid - ok
18:05:48.0881 5312 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:05:48.0944 5312 BrSerWdm - ok
18:05:48.0959 5312 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:05:49.0037 5312 BrUsbMdm - ok
18:05:49.0115 5312 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:05:49.0193 5312 BrUsbSer - ok
18:05:49.0225 5312 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:05:49.0271 5312 BTHMODEM - ok
18:05:49.0365 5312 [ 088C0978203D59425A12B2A53FCCD02B ] camfilt2 C:\Windows\system32\DRIVERS\camfilt2.sys
18:05:49.0427 5312 camfilt2 - ok
18:05:49.0459 5312 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:05:49.0552 5312 cdfs - ok
18:05:49.0615 5312 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:05:49.0677 5312 cdrom - ok
18:05:49.0739 5312 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:05:49.0786 5312 CertPropSvc - ok
18:05:49.0802 5312 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:05:49.0895 5312 circlass - ok
18:05:49.0927 5312 [ B3C3AFFC37D0BCDA8084B0427DEB9201 ] CLFS C:\Windows\system32\CLFS.sys
18:05:49.0958 5312 Suspicious file (Forged): C:\Windows\system32\CLFS.sys. Real md5: B3C3AFFC37D0BCDA8084B0427DEB9201, Fake md5: D7659D3B5B92C31E84E53C1431F35132
18:05:49.0958 5312 CLFS ( ForgedFile.Multi.Generic ) - warning
18:05:49.0958 5312 CLFS - detected ForgedFile.Multi.Generic (1)
18:05:50.0473 5312 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:50.0551 5312 clr_optimization_v2.0.50727_32 - ok
18:05:51.0331 5312 [ B89B6C8262ACA6654AF4C5C96B00EAD4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:51.0440 5312 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe. Real md5: B89B6C8262ACA6654AF4C5C96B00EAD4, Fake md5: C5A75EB48E2344ABDC162BDA79E16841
18:05:51.0440 5312 clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - warning
18:05:51.0440 5312 clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.Generic (1)
18:05:51.0487 5312 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:05:51.0549 5312 CmBatt - ok
18:05:51.0580 5312 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:05:51.0611 5312 cmdide - ok
18:05:51.0643 5312 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:05:51.0674 5312 Compbatt - ok
18:05:51.0674 5312 COMSysApp - ok
18:05:51.0689 5312 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:05:51.0705 5312 crcdisk - ok
18:05:51.0736 5312 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:05:51.0830 5312 Crusoe - ok
18:05:51.0861 5312 [ FD4F06A4D4B35CD18DBE7AE5932BD2BC ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:05:51.0892 5312 Suspicious file (Forged): C:\Windows\system32\cryptsvc.dll. Real md5: FD4F06A4D4B35CD18DBE7AE5932BD2BC, Fake md5: F1E8C34892336D33EDDCDFE44E474F64
18:05:51.0892 5312 CryptSvc ( ForgedFile.Multi.Generic ) - warning
18:05:51.0892 5312 CryptSvc - detected ForgedFile.Multi.Generic (1)
18:05:51.0923 5312 [ 6621476E1926167313D0FE6E95E98E7F ] DcomLaunch C:\Windows\system32\rpcss.dll
18:05:51.0970 5312 Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:05:51.0970 5312 DcomLaunch ( ForgedFile.Multi.Generic ) - warning
18:05:51.0970 5312 DcomLaunch - detected ForgedFile.Multi.Generic (1)
18:05:52.0001 5312 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:05:52.0079 5312 DfsC - ok
18:05:52.0126 5312 [ E64B47ECCBA21C3EB9167C21EF8DFCD6 ] DFSR C:\Windows\system32\DFSR.exe
18:05:52.0235 5312 Suspicious file (Forged): C:\Windows\system32\DFSR.exe. Real md5: E64B47ECCBA21C3EB9167C21EF8DFCD6, Fake md5: 2CC3DCFB533A1035B13DCAB6160AB38B
18:05:52.0251 5312 DFSR ( ForgedFile.Multi.Generic ) - warning
18:05:52.0251 5312 DFSR - detected ForgedFile.Multi.Generic (1)
18:05:52.0313 5312 [ BEE7BF9A9BC8EECF0DAB06823333EB71 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:05:52.0329 5312 Suspicious file (Forged): C:\Windows\System32\dhcpcsvc.dll. Real md5: BEE7BF9A9BC8EECF0DAB06823333EB71, Fake md5: 9028559C132146FB75EB7ACF384B086A
18:05:52.0329 5312 Dhcp ( ForgedFile.Multi.Generic ) - warning
18:05:52.0329 5312 Dhcp - detected ForgedFile.Multi.Generic (1)
18:05:52.0391 5312 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:05:52.0423 5312 disk - ok
18:05:52.0454 5312 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
18:05:52.0469 5312 DMICall - ok
18:05:52.0501 5312 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:05:52.0563 5312 Dnscache - ok
18:05:52.0579 5312 [ 5602860034ED703E783E0AD7DDA6F685 ] dot3svc C:\Windows\System32\dot3svc.dll
18:05:52.0610 5312 Suspicious file (Forged): C:\Windows\System32\dot3svc.dll. Real md5: 5602860034ED703E783E0AD7DDA6F685, Fake md5: 324FD74686B1EF5E7C19A8AF49E748F6
18:05:52.0610 5312 dot3svc ( ForgedFile.Multi.Generic ) - warning
18:05:52.0610 5312 dot3svc - detected ForgedFile.Multi.Generic (1)
18:05:52.0641 5312 [ 310D59BD6E8CDC0F2000AF2010679936 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:05:52.0672 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\Dot4.sys. Real md5: 310D59BD6E8CDC0F2000AF2010679936, Fake md5: 4F59C172C094E1A1D46463A8DC061CBD
18:05:52.0672 5312 Dot4 ( ForgedFile.Multi.Generic ) - warning
18:05:52.0672 5312 Dot4 - detected ForgedFile.Multi.Generic (1)
18:05:52.0719 5312 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:05:52.0766 5312 Dot4Print - ok
18:05:52.0797 5312 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:05:52.0859 5312 dot4usb - ok
18:05:52.0891 5312 [ D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE ] DPS C:\Windows\system32\dps.dll
18:05:52.0922 5312 Suspicious file (Forged): C:\Windows\system32\dps.dll. Real md5: D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, Fake md5: A622E888F8AA2F6B49E9BC466F0E5DEF
18:05:52.0922 5312 DPS ( ForgedFile.Multi.Generic ) - warning
18:05:52.0922 5312 DPS - detected ForgedFile.Multi.Generic (1)
18:05:52.0969 5312 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:05:53.0015 5312 drmkaud - ok
18:05:53.0031 5312 [ BF43DE3D7B7AD1DB3D14B6F6B0168FF4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:05:53.0093 5312 Suspicious file (Forged): C:\Windows\System32\drivers\dxgkrnl.sys. Real md5: BF43DE3D7B7AD1DB3D14B6F6B0168FF4, Fake md5: C68AC676B0EF30CFBB1080ADCE49EB1F
18:05:53.0093 5312 DXGKrnl ( ForgedFile.Multi.Generic ) - warning
18:05:53.0093 5312 DXGKrnl - detected ForgedFile.Multi.Generic (1)
18:05:53.0125 5312 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:05:53.0187 5312 E1G60 - ok
18:05:53.0327 5312 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:05:53.0390 5312 EapHost - ok
18:05:53.0421 5312 [ EB7BB3F702D7B9FA17F02902A26D3102 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:05:53.0452 5312 Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: EB7BB3F702D7B9FA17F02902A26D3102, Fake md5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371
18:05:53.0452 5312 Ecache ( ForgedFile.Multi.Generic ) - warning
18:05:53.0452 5312 Ecache - detected ForgedFile.Multi.Generic (1)
18:05:53.0483 5312 [ A663C89B95F6C823BE98E1A0C23149A1 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:05:53.0515 5312 Suspicious file (Forged): C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys. Real md5: A663C89B95F6C823BE98E1A0C23149A1, Fake md5: E89CC1363CB7F5320AE3B41C1333D0C3
18:05:53.0515 5312 eeCtrl ( ForgedFile.Multi.Generic ) - warning
18:05:53.0515 5312 eeCtrl - detected ForgedFile.Multi.Generic (1)
18:05:53.0561 5312 [ 8BC25F382CE1C37F3462184FD1D8030C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:05:53.0608 5312 Suspicious file (Forged): C:\Windows\ehome\ehRecvr.exe. Real md5: 8BC25F382CE1C37F3462184FD1D8030C, Fake md5: 9BE3744D295A7701EB425332014F0797
18:05:53.0608 5312 ehRecvr ( ForgedFile.Multi.Generic ) - warning
18:05:53.0608 5312 ehRecvr - detected ForgedFile.Multi.Generic (1)
18:05:53.0624 5312 [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] ehSched C:\Windows\ehome\ehsched.exe
18:05:53.0639 5312 Suspicious file (Forged): C:\Windows\ehome\ehsched.exe. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: AD1870C8E5D6DD340C829E6074BF3C3F
18:05:53.0639 5312 ehSched ( ForgedFile.Multi.Generic ) - warning
18:05:53.0639 5312 ehSched - detected ForgedFile.Multi.Generic (1)
18:05:53.0655 5312 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:05:53.0702 5312 ehstart - ok
18:05:53.0733 5312 [ A673FE699A92D5D8543D5169B998866B ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:05:53.0764 5312 Suspicious file (Forged): C:\Windows\system32\drivers\elxstor.sys. Real md5: A673FE699A92D5D8543D5169B998866B, Fake md5: E8F3F21A71720C84BCF423B80028359F
18:05:53.0764 5312 elxstor ( ForgedFile.Multi.Generic ) - warning
18:05:53.0764 5312 elxstor - detected ForgedFile.Multi.Generic (1)
18:05:53.0795 5312 [ 05724A298F2FCAF5F4711D153600379A ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:05:53.0842 5312 Suspicious file (Forged): C:\Windows\system32\emdmgmt.dll. Real md5: 05724A298F2FCAF5F4711D153600379A, Fake md5: 4E6B23DFC917EA39306B529B773950F4
18:05:53.0842 5312 EMDMgmt ( ForgedFile.Multi.Generic ) - warning
18:05:53.0842 5312 EMDMgmt - detected ForgedFile.Multi.Generic (1)
18:05:53.0873 5312 [ 4A37B2EBCE76601F28E88E24E62AE715 ] EventSystem C:\Windows\system32\es.dll
18:05:53.0905 5312 Suspicious file (Forged): C:\Windows\system32\es.dll. Real md5: 4A37B2EBCE76601F28E88E24E62AE715, Fake md5: 67058C46504BC12D821F38CF99B7B28F
18:05:53.0905 5312 EventSystem ( ForgedFile.Multi.Generic ) - warning
18:05:53.0905 5312 EventSystem - detected ForgedFile.Multi.Generic (1)
18:05:53.0951 5312 [ DD5448BF498735A4AF29D9B7A08BAA98 ] exfat C:\Windows\system32\drivers\exfat.sys
18:05:53.0967 5312 Suspicious file (Forged): C:\Windows\system32\drivers\exfat.sys. Real md5: DD5448BF498735A4AF29D9B7A08BAA98, Fake md5: 22B408651F9123527BCEE54B4F6C5CAE
18:05:53.0967 5312 exfat ( ForgedFile.Multi.Generic ) - warning
18:05:53.0967 5312 exfat - detected ForgedFile.Multi.Generic (1)
18:05:53.0998 5312 [ 31478AB932E13E1C1D7B15EA886D4753 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:05:54.0014 5312 Suspicious file (Forged): C:\Windows\system32\drivers\fastfat.sys. Real md5: 31478AB932E13E1C1D7B15EA886D4753, Fake md5: 1E9B9A70D332103C52995E957DC09EF8
18:05:54.0014 5312 fastfat ( ForgedFile.Multi.Generic ) - warning
18:05:54.0014 5312 fastfat - detected ForgedFile.Multi.Generic (1)
18:05:54.0061 5312 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:05:54.0123 5312 fdc - ok
18:05:54.0170 5312 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:05:54.0263 5312 fdPHost - ok
18:05:54.0295 5312 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:05:54.0373 5312 FDResPub - ok
18:05:54.0435 5312 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:05:54.0482 5312 FileInfo - ok
18:05:54.0513 5312 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:05:54.0560 5312 Filetrace - ok
18:05:54.0607 5312 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:05:54.0700 5312 flpydisk - ok
18:05:54.0716 5312 [ 2538353A92BCA8ABF5E0765C025845A0 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:05:54.0747 5312 Suspicious file (Forged): C:\Windows\system32\drivers\fltmgr.sys. Real md5: 2538353A92BCA8ABF5E0765C025845A0, Fake md5: 01334F9EA68E6877C4EF05D3EA8ABB05
18:05:54.0747 5312 FltMgr ( ForgedFile.Multi.Generic ) - warning
18:05:54.0747 5312 FltMgr - detected ForgedFile.Multi.Generic (1)
18:05:54.0794 5312 [ 6F9F3DBF97422A2B4F71F15602830D65 ] FontCache C:\Windows\system32\FntCache.dll
18:05:54.0841 5312 Suspicious file (Forged): C:\Windows\system32\FntCache.dll. Real md5: 6F9F3DBF97422A2B4F71F15602830D65, Fake md5: 8CE364388C8ECA59B14B539179276D44
18:05:54.0856 5312 FontCache ( ForgedFile.Multi.Generic ) - warning
18:05:54.0856 5312 FontCache - detected ForgedFile.Multi.Generic (1)
18:05:54.0934 5312 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:05:54.0965 5312 FontCache3.0.0.0 - ok
18:05:54.0997 5312 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:05:55.0153 5312 Fs_Rec - ok
18:05:55.0199 5312 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:05:55.0215 5312 gagp30kx - ok
18:05:55.0246 5312 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:05:55.0262 5312 GEARAspiWDM - ok
18:05:55.0293 5312 [ 709215724B53CA227C140AD2E45F321E ] gpsvc C:\Windows\System32\gpsvc.dll
18:05:55.0324 5312 Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Real md5: 709215724B53CA227C140AD2E45F321E, Fake md5: CD5D0AEEE35DFD4E986A5AA1500A6E66
18:05:55.0324 5312 gpsvc ( ForgedFile.Multi.Generic ) - warning
18:05:55.0324 5312 gpsvc - detected ForgedFile.Multi.Generic (1)
18:05:55.0433 5312 [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:05:55.0465 5312 Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:05:55.0465 5312 gupdate ( ForgedFile.Multi.Generic ) - warning
18:05:55.0465 5312 gupdate - detected ForgedFile.Multi.Generic (1)
18:05:55.0480 5312 [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:05:55.0480 5312 Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:05:55.0480 5312 gupdatem ( ForgedFile.Multi.Generic ) - warning
18:05:55.0480 5312 gupdatem - detected ForgedFile.Multi.Generic (1)
18:05:55.0511 5312 [ 6C484169033372E257F146D913D603B7 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:55.0527 5312 Suspicious file (Forged): C:\Windows\system32\drivers\HdAudio.sys. Real md5: 6C484169033372E257F146D913D603B7, Fake md5: CB04C744BE0A61B1D648FAED182C3B59
18:05:55.0527 5312 HdAudAddService ( ForgedFile.Multi.Generic ) - warning
18:05:55.0527 5312 HdAudAddService - detected ForgedFile.Multi.Generic (1)
18:05:55.0558 5312 [ 7B0576051613B2B104C13014FE46280B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:05:55.0589 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HDAudBus.sys. Real md5: 7B0576051613B2B104C13014FE46280B, Fake md5: 062452B7FFD68C8C042A6261FE8DFF4A
18:05:55.0589 5312 HDAudBus ( ForgedFile.Multi.Generic ) - warning
18:05:55.0589 5312 HDAudBus - detected ForgedFile.Multi.Generic (1)
18:05:55.0605 5312 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:05:55.0855 5312 HidBth - ok
18:05:55.0901 5312 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:05:55.0995 5312 HidIr - ok
18:05:56.0042 5312 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:05:56.0104 5312 hidserv - ok
18:05:56.0151 5312 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:05:56.0276 5312 HidUsb - ok
18:05:56.0307 5312 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:05:56.0432 5312 hkmsvc - ok
18:05:56.0463 5312 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:05:56.0479 5312 HpCISSs - ok
18:05:56.0666 5312 [ 3E02DA96A403154487761734F342C2C9 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:05:56.0697 5312 Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: FCB563B0A23643E5F80B6FF1E60F610F
18:05:56.0713 5312 hpqcxs08 ( ForgedFile.Multi.Generic ) - warning
18:05:56.0713 5312 hpqcxs08 - detected ForgedFile.Multi.Generic (1)
18:05:56.0728 5312 [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:05:56.0728 5312 Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: 25E443E27165C652723A92D9BDFD4649
18:05:56.0728 5312 hpqddsvc ( ForgedFile.Multi.Generic ) - warning
18:05:56.0728 5312 hpqddsvc - detected ForgedFile.Multi.Generic (1)
18:05:56.0775 5312 [ C55ECAF5DAD25B1ACD51B5087DEBE629 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:05:56.0822 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_DPV.sys. Real md5: C55ECAF5DAD25B1ACD51B5087DEBE629, Fake md5: 53229DCF431D76434816CD29251168A0
18:05:56.0822 5312 HSF_DPV ( ForgedFile.Multi.Generic ) - warning
18:05:56.0822 5312 HSF_DPV - detected ForgedFile.Multi.Generic (1)
18:05:56.0822 5312 [ BDBCD7E0ED72601DD45C5773EBE77624 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:05:56.0853 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSXHWAZL.sys. Real md5: BDBCD7E0ED72601DD45C5773EBE77624, Fake md5: 31F949D452201F2F0AF0C88D7DB512CD
18:05:56.0853 5312 HSXHWAZL ( ForgedFile.Multi.Generic ) - warning
18:05:56.0853 5312 HSXHWAZL - detected ForgedFile.Multi.Generic (1)
18:05:56.0869 5312 [ 5D2F2BE05E2B89926F215648CB978659 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:05:56.0900 5312 Suspicious file (Forged): C:\Windows\system32\drivers\HTTP.sys. Real md5: 5D2F2BE05E2B89926F215648CB978659, Fake md5: F870AA3E254628EBEAFE754108D664DE
18:05:56.0900 5312 HTTP ( ForgedFile.Multi.Generic ) - warning
18:05:56.0900 5312 HTTP - detected ForgedFile.Multi.Generic (1)
18:05:56.0947 5312 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:05:56.0962 5312 i2omp - ok
18:05:57.0025 5312 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:05:57.0181 5312 i8042prt - ok
18:05:57.0212 5312 [ 9DCF37FC5B8F3792267FDE48E9F4C977 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:05:57.0227 5312 Suspicious file (Forged): C:\Windows\system32\drivers\iastorv.sys. Real md5: 9DCF37FC5B8F3792267FDE48E9F4C977, Fake md5: C957BF4B5D80B46C5017BF0101E6C906
18:05:57.0227 5312 iaStorV ( ForgedFile.Multi.Generic ) - warning
18:05:57.0227 5312 iaStorV - detected ForgedFile.Multi.Generic (1)
18:05:57.0290 5312 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:05:57.0337 5312 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:05:57.0337 5312 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:05:57.0383 5312 [ 0CCB927A147D18781E9D1DB3C285B8D9 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:05:57.0446 5312 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 0CCB927A147D18781E9D1DB3C285B8D9, Fake md5: 98477B08E61945F974ED9FDC4CB6BDAB
18:05:57.0446 5312 idsvc ( ForgedFile.Multi.Generic ) - warning
18:05:57.0446 5312 idsvc - detected ForgedFile.Multi.Generic (1)
18:05:57.0477 5312 [ 3BE04D53EBE12B6027374781F8189DB9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:05:57.0539 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\igdkmd32.sys. Real md5: 3BE04D53EBE12B6027374781F8189DB9, Fake md5: A4FBA5B34E69E46315A7C5223A470A17
18:05:57.0555 5312 igfx ( ForgedFile.Multi.Generic ) - warning
18:05:57.0555 5312 igfx - detected ForgedFile.Multi.Generic (1)
18:05:57.0571 5312 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:05:57.0586 5312 iirsp - ok
18:05:57.0617 5312 [ 756645FB1BF7F3A406DD9A4C13CC73C0 ] IKEEXT C:\Windows\System32\ikeext.dll
18:05:57.0649 5312 Suspicious file (Forged): C:\Windows\System32\ikeext.dll. Real md5: 756645FB1BF7F3A406DD9A4C13CC73C0, Fake md5: 9908D8A397B76CD8D31D0D383C5773C9
18:05:57.0649 5312 IKEEXT ( ForgedFile.Multi.Generic ) - warning
18:05:57.0649 5312 IKEEXT - detected ForgedFile.Multi.Generic (1)
18:05:57.0711 5312 [ 568E6FAAF0C70FE1305DFD9A1788EE8E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:05:57.0773 5312 Suspicious file (Forged): C:\Windows\system32\drivers\RTKVHDA.sys. Real md5: 568E6FAAF0C70FE1305DFD9A1788EE8E, Fake md5: C61B3B87F3856CEF0C9F204028C6860D
18:05:57.0789 5312 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
18:05:57.0789 5312 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
18:05:57.0805 5312 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:05:57.0820 5312 intelide - ok
18:05:57.0883 5312 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:05:58.0023 5312 intelppm - ok
18:05:58.0070 5312 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:05:58.0117 5312 IPBusEnum - ok
18:05:58.0148 5312 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:58.0226 5312 IpFilterDriver - ok
18:05:58.0257 5312 [ E4EFE9F0DD1EDCD7769C9423596DABCC ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:05:58.0288 5312 Suspicious file (Forged): C:\Windows\System32\iphlpsvc.dll. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, Fake md5: 1998BD97F950680BB55F55A7244679C2
18:05:58.0288 5312 iphlpsvc ( ForgedFile.Multi.Generic ) - warning
18:05:58.0288 5312 iphlpsvc - detected ForgedFile.Multi.Generic (1)
18:05:58.0288 5312 IpInIp - ok
18:05:58.0335 5312 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:05:58.0585 5312 IPMIDRV - ok
18:05:58.0647 5312 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:05:58.0787 5312 IPNAT - ok
18:05:58.0834 5312 [ B2179A1F99818EFF32BB644A54FB35B7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:05:58.0865 5312 Suspicious file (Forged): C:\Program Files\iPod\bin\iPodService.exe. Real md5: B2179A1F99818EFF32BB644A54FB35B7, Fake md5: E46B17060D3962A384AE484094614788
18:05:58.0881 5312 iPod Service ( ForgedFile.Multi.Generic ) - warning
18:05:58.0881 5312 iPod Service - detected ForgedFile.Multi.Generic (1)
18:05:58.0912 5312 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:05:59.0053 5312 IRENUM - ok
18:05:59.0084 5312 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:05:59.0099 5312 isapnp - ok
18:05:59.0131 5312 [ AB9208FAF0F529FC3EED3B7761029859 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:05:59.0162 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\msiscsi.sys. Real md5: AB9208FAF0F529FC3EED3B7761029859, Fake md5: 232FA340531D940AAC623B121A595034
18:05:59.0162 5312 iScsiPrt ( ForgedFile.Multi.Generic ) - warning
18:05:59.0162 5312 iScsiPrt - detected ForgedFile.Multi.Generic (1)
18:05:59.0177 5312 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:05:59.0193 5312 iteatapi - ok
18:05:59.0209 5312 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:05:59.0224 5312 iteraid - ok
18:05:59.0255 5312 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:05:59.0271 5312 kbdclass - ok
18:05:59.0302 5312 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:05:59.0552 5312 kbdhid - ok
18:05:59.0599 5312 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:05:59.0677 5312 KeyIso - ok
18:05:59.0692 5312 [ 0A433A51020CD61594EE0AB8435B2176 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:05:59.0755 5312 Suspicious file (Forged): C:\Windows\system32\Drivers\ksecdd.sys. Real md5: 0A433A51020CD61594EE0AB8435B2176, Fake md5: 4A1445EFA932A3BAF5BDB02D7131EE20
18:05:59.0755 5312 KSecDD ( ForgedFile.Multi.Generic ) - warning
18:05:59.0755 5312 KSecDD - detected ForgedFile.Multi.Generic (1)
18:05:59.0770 5312 [ C6DCDF88AE75644704F35CAF5337C0B6 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:05:59.0801 5312 Suspicious file (Forged): C:\Windows\system32\msdtckrm.dll. Real md5: C6DCDF88AE75644704F35CAF5337C0B6, Fake md5: 8078F8F8F7A79E2E6B494523A828C585
18:05:59.0801 5312 KtmRm ( ForgedFile.Multi.Generic ) - warning
18:05:59.0801 5312 KtmRm - detected ForgedFile.Multi.Generic (1)
18:05:59.0864 5312 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:05:59.0926 5312 LanmanServer - ok
18:05:59.0942 5312 [ A3D96945791156D3AAF9CF34FEEFA21C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:59.0973 5312 Suspicious file (Forged): C:\Windows\System32\wkssvc.dll. Real md5: A3D96945791156D3AAF9CF34FEEFA21C, Fake md5: 1DB69705B695B987082C8BAEC0C6B34F
18:05:59.0973 5312 LanmanWorkstation ( ForgedFile.Multi.Generic ) - warning
18:05:59.0973 5312 LanmanWorkstation - detected ForgedFile.Multi.Generic (1)
18:06:00.0020 5312 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:06:00.0160 5312 lltdio - ok
18:06:00.0176 5312 [ B98524C2784030C4ECFE3DEA47002A80 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:06:00.0238 5312 Suspicious file (Forged): C:\Windows\System32\lltdsvc.dll. Real md5: B98524C2784030C4ECFE3DEA47002A80, Fake md5: 2D5A428872F1442631D0959A34ABFF63
18:06:00.0238 5312 lltdsvc ( ForgedFile.Multi.Generic ) - warning
18:06:00.0238 5312 lltdsvc - detected ForgedFile.Multi.Generic (1)
18:06:00.0269 5312 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:06:00.0519 5312 lmhosts - ok
18:06:00.0566 5312 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:06:00.0581 5312 LSI_FC - ok
18:06:00.0613 5312 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:06:00.0628 5312 LSI_SAS - ok
18:06:00.0644 5312 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:06:00.0659 5312 LSI_SCSI - ok
18:06:00.0691 5312 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:06:00.0847 5312 luafv - ok
18:06:00.0878 5312 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:06:00.0956 5312 Mcx2Svc - ok
18:06:00.0987 5312 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:06:01.0034 5312 mdmxsdk - ok
18:06:01.0065 5312 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:06:01.0081 5312 megasas - ok
18:06:01.0096 5312 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:06:01.0127 5312 MMCSS - ok
18:06:01.0174 5312 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:06:01.0221 5312 Modem - ok
18:06:01.0268 5312 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:06:01.0330 5312 monitor - ok
18:06:01.0393 5312 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:06:01.0408 5312 mouclass - ok
18:06:01.0439 5312 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:06:01.0471 5312 mouhid - ok
18:06:01.0502 5312 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:06:01.0517 5312 MountMgr - ok
18:06:01.0595 5312 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:06:01.0611 5312 MozillaMaintenance - ok
18:06:01.0658 5312 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:06:01.0673 5312 mpio - ok
18:06:01.0705 5312 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:06:01.0845 5312 mpsdrv - ok
18:06:01.0861 5312 [ C46DF109D49B7827F326885D1367C964 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:06:01.0892 5312 Suspicious file (Forged): C:\Windows\system32\mpssvc.dll. Real md5: C46DF109D49B7827F326885D1367C964, Fake md5: 5DE62C6E9108F14F6794060A9BDECAEC
18:06:01.0892 5312 MpsSvc ( ForgedFile.Multi.Generic ) - warning
18:06:01.0892 5312 MpsSvc - detected ForgedFile.Multi.Generic (1)
18:06:01.0907 5312 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:06:01.0923 5312 Mraid35x - ok
18:06:01.0970 5312 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:06:02.0048 5312 MRxDAV - ok
18:06:02.0079 5312 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:02.0141 5312 mrxsmb - ok
18:06:02.0173 5312 [ B094DB2537AAEDACCB66B3707A5BB91C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:02.0188 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\mrxsmb10.sys. Real md5: B094DB2537AAEDACCB66B3707A5BB91C, Fake md5: 4FCCB34D793B116423209C0F8B7A3B03
18:06:02.0188 5312 mrxsmb10 ( ForgedFile.Multi.Generic ) - warning
18:06:02.0188 5312 mrxsmb10 - detected ForgedFile.Multi.Generic (1)
18:06:02.0204 5312 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:02.0251 5312 mrxsmb20 - ok
18:06:02.0282 5312 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
18:06:02.0313 5312 msahci - ok
18:06:02.0453 5312 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
18:06:02.0485 5312 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:06:02.0485 5312 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:06:02.0500 5312 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:06:02.0516 5312 msdsm - ok
18:06:02.0578 5312 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:06:02.0719 5312 MSDTC - ok
18:06:02.0781 5312 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:06:02.0828 5312 Msfs - ok
18:06:02.0875 5312 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:06:02.0890 5312 msisadrv - ok
18:06:02.0937 5312 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:06:02.0999 5312 MSiSCSI - ok
18:06:03.0015 5312 msiserver - ok
18:06:03.0062 5312 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:06:03.0093 5312 MSKSSRV - ok
18:06:03.0155 5312 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:03.0218 5312 MSPCLOCK - ok
18:06:03.0249 5312 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:06:03.0296 5312 MSPQM - ok
18:06:03.0311 5312 [ 22CDB67DE48B43458FEAF4025CFF9E6A ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:06:03.0343 5312 Suspicious file (Forged): C:\Windows\system32\drivers\MsRPC.sys. Real md5: 22CDB67DE48B43458FEAF4025CFF9E6A, Fake md5: B49456D70555DE905C311BCDA6EC6ADB
18:06:03.0343 5312 MsRPC ( ForgedFile.Multi.Generic ) - warning
18:06:03.0343 5312 MsRPC - detected ForgedFile.Multi.Generic (1)
18:06:03.0374 5312 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:06:03.0389 5312 mssmbios - ok
18:06:03.0452 5312 MSSQL$VAIO_VEDB - ok
18:06:03.0514 5312 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:06:03.0545 5312 MSSQLServerADHelper - ok
18:06:03.0577 5312 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:06:03.0686 5312 MSTEE - ok
18:06:03.0733 5312 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:06:03.0764 5312 Mup - ok
18:06:03.0779 5312 [ BF16B6BE3E81BF3A03898E51FE2BA197 ] napagent C:\Windows\system32\qagentRT.dll
18:06:03.0811 5312 Suspicious file (Forged): C:\Windows\system32\qagentRT.dll. Real md5: BF16B6BE3E81BF3A03898E51FE2BA197, Fake md5: E4EAF0C5C1B41B5C83386CF212CA9584
18:06:03.0811 5312 napagent ( ForgedFile.Multi.Generic ) - warning
18:06:03.0811 5312 napagent - detected ForgedFile.Multi.Generic (1)
18:06:03.0842 5312 [ 0745D9564DDCAC4884B38533C5A9D100 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:06:03.0873 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nwifi.sys. Real md5: 0745D9564DDCAC4884B38533C5A9D100, Fake md5: 85C44FDFF9CF7E72A40DCB7EC06A4416
18:06:03.0873 5312 NativeWifiP ( ForgedFile.Multi.Generic ) - warning
18:06:03.0873 5312 NativeWifiP - detected ForgedFile.Multi.Generic (1)
18:06:03.0904 5312 [ 1E55E310420D50A24403B5FC3902668F ] NDIS C:\Windows\system32\drivers\ndis.sys
18:06:03.0935 5312 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 1E55E310420D50A24403B5FC3902668F, Fake md5: 1357274D1883F68300AEADD15D7BBB42
18:06:03.0935 5312 NDIS ( ForgedFile.Multi.Generic ) - warning
18:06:03.0935 5312 NDIS - detected ForgedFile.Multi.Generic (1)
18:06:03.0998 5312 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:04.0107 5312 NdisTapi - ok
18:06:04.0138 5312 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:04.0263 5312 Ndisuio - ok
18:06:04.0310 5312 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:04.0341 5312 NdisWan - ok
18:06:04.0372 5312 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:06:04.0435 5312 NDProxy - ok
18:06:04.0481 5312 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:06:04.0497 5312 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:06:04.0497 5312 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:06:04.0528 5312 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:06:04.0575 5312 NetBIOS - ok
18:06:04.0606 5312 [ 78E78900E441476A988389AE05503FD9 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:06:04.0622 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 78E78900E441476A988389AE05503FD9, Fake md5: ECD64230A59CBD93C85F1CD1CAB9F3F6
18:06:04.0622 5312 netbt ( ForgedFile.Multi.Generic ) - warning
18:06:04.0622 5312 netbt - detected ForgedFile.Multi.Generic (1)
18:06:04.0653 5312 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:06:04.0684 5312 Netlogon - ok
18:06:04.0700 5312 [ 3DCB0CE00A2ADEE38D7B96AFC169C680 ] Netman C:\Windows\System32\netman.dll
18:06:04.0731 5312 Suspicious file (Forged): C:\Windows\System32\netman.dll. Real md5: 3DCB0CE00A2ADEE38D7B96AFC169C680, Fake md5: C8052711DAECC48B982434C5116CA401
18:06:04.0731 5312 Netman ( ForgedFile.Multi.Generic ) - warning
18:06:04.0731 5312 Netman - detected ForgedFile.Multi.Generic (1)
18:06:04.0762 5312 [ 625E3E643559D386D809FC1F29B94496 ] netprofm C:\Windows\System32\netprofm.dll
18:06:04.0793 5312 Suspicious file (Forged): C:\Windows\System32\netprofm.dll. Real md5: 625E3E643559D386D809FC1F29B94496, Fake md5: 2EF3BBE22E5A5ACD1428EE387A0D0172
18:06:04.0793 5312 netprofm ( ForgedFile.Multi.Generic ) - warning
18:06:04.0793 5312 netprofm - detected ForgedFile.Multi.Generic (1)
18:06:04.0825 5312 [ BC27D9CA87FCCDA85C061271B6A57D02 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:06:04.0840 5312 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe. Real md5: BC27D9CA87FCCDA85C061271B6A57D02, Fake md5: D6C4E4A39A36029AC0813D476FBD0248
18:06:04.0840 5312 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - warning
18:06:04.0840 5312 NetTcpPortSharing - detected ForgedFile.Multi.Generic (1)
18:06:04.0871 5312 [ 7499E08715BE018B7F4CCBDD4861A2F0 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
18:06:04.0949 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\NETw3v32.sys. Real md5: 7499E08715BE018B7F4CCBDD4861A2F0, Fake md5: ACC6170D80C69E50145B370023B64ED3
18:06:04.0965 5312 NETw3v32 ( ForgedFile.Multi.Generic ) - warning
18:06:04.0965 5312 NETw3v32 - detected ForgedFile.Multi.Generic (1)
18:06:04.0996 5312 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:06:05.0012 5312 nfrd960 - ok
18:06:05.0027 5312 [ 1E517742239024F78839DAEE35CB395B ] NlaSvc C:\Windows\System32\nlasvc.dll
18:06:05.0043 5312 Suspicious file (Forged): C:\Windows\System32\nlasvc.dll. Real md5: 1E517742239024F78839DAEE35CB395B, Fake md5: 2997B15415F9BBE05B5A4C1C85E0C6A2
18:06:05.0043 5312 NlaSvc ( ForgedFile.Multi.Generic ) - warning
18:06:05.0043 5312 NlaSvc - detected ForgedFile.Multi.Generic (1)
18:06:05.0074 5312 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:06:05.0199 5312 Npfs - ok
18:06:05.0230 5312 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:06:05.0355 5312 nsi - ok
18:06:05.0386 5312 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:06:05.0449 5312 nsiproxy - ok
18:06:05.0495 5312 [ 943AC7EF323DCA9CE13C2EF3BE9A8715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:06:05.0542 5312 Suspicious file (Forged): C:\Windows\system32\drivers\Ntfs.sys. Real md5: 943AC7EF323DCA9CE13C2EF3BE9A8715, Fake md5: 6A4A98CEE84CF9E99564510DDA4BAA47
18:06:05.0542 5312 Ntfs ( ForgedFile.Multi.Generic ) - warning
18:06:05.0542 5312 Ntfs - detected ForgedFile.Multi.Generic (1)
18:06:05.0589 5312 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:06:05.0854 5312 ntrigdigi - ok
18:06:05.0885 5312 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:06:06.0041 5312 Null - ok
18:06:06.0088 5312 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:06:06.0104 5312 nvraid - ok
18:06:06.0119 5312 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:06:06.0135 5312 nvstor - ok
18:06:06.0151 5312 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:06:06.0166 5312 nv_agp - ok
18:06:06.0182 5312 NwlnkFlt - ok
18:06:06.0182 5312 NwlnkFwd - ok
18:06:06.0275 5312 [ 087DFF37488245EC9717B29C4E818056 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:06:06.0322 5312 Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE. Real md5: 087DFF37488245EC9717B29C4E818056, Fake md5: 785F487A64950F3CB8E9F16253BA3B7B
18:06:06.0322 5312 odserv ( ForgedFile.Multi.Generic ) - warning
18:06:06.0322 5312 odserv - detected ForgedFile.Multi.Generic (1)
18:06:06.0369 5312 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:06:06.0478 5312 ohci1394 - ok
18:06:06.0525 5312 [ 23345305EDC5827EDE315B8491292308 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:06:06.0541 5312 Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE. Real md5: 23345305EDC5827EDE315B8491292308, Fake md5: 5A432A042DAE460ABE7199B758E8606C
18:06:06.0541 5312 ose ( ForgedFile.Multi.Generic ) - warning
18:06:06.0541 5312 ose - detected ForgedFile.Multi.Generic (1)
18:06:06.0572 5312 [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:06:06.0619 5312 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:06.0619 5312 p2pimsvc ( ForgedFile.Multi.Generic ) - warning
18:06:06.0619 5312 p2pimsvc - detected ForgedFile.Multi.Generic (1)
18:06:06.0634 5312 [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2psvc C:\Windows\system32\p2psvc.dll
18:06:06.0634 5312 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:06.0634 5312 p2psvc ( ForgedFile.Multi.Generic ) - warning
18:06:06.0634 5312 p2psvc - detected ForgedFile.Multi.Generic (1)
18:06:06.0665 5312 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
18:06:06.0712 5312 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:06:06.0712 5312 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:06:06.0743 5312 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:06:06.0977 5312 Parport - ok
18:06:07.0040 5312 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:06:07.0055 5312 partmgr - ok
18:06:07.0087 5312 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:06:07.0165 5312 Parvdm - ok
18:06:07.0211 5312 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:06:07.0289 5312 PcaSvc - ok
18:06:07.0305 5312 [ F408E154834EE6CB75FA90E27C4BE3FB ] pci C:\Windows\system32\drivers\pci.sys
18:06:07.0336 5312 Suspicious file (Forged): C:\Windows\system32\drivers\pci.sys. Real md5: F408E154834EE6CB75FA90E27C4BE3FB, Fake md5: 941DC1D19E7E8620F40BBC206981EFDB
18:06:07.0336 5312 pci ( ForgedFile.Multi.Generic ) - warning
18:06:07.0336 5312 pci - detected ForgedFile.Multi.Generic (1)
18:06:07.0352 5312 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:06:07.0367 5312 pciide - ok
18:06:07.0399 5312 [ 7511D48D729354CE8FCD4FAC7E06C8BA ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:06:07.0414 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\pcmcia.sys. Real md5: 7511D48D729354CE8FCD4FAC7E06C8BA, Fake md5: 3BB2244F343B610C29C98035504C9B75
18:06:07.0414 5312 pcmcia ( ForgedFile.Multi.Generic ) - warning
18:06:07.0414 5312 pcmcia - detected ForgedFile.Multi.Generic (1)
18:06:07.0445 5312 [ 1BD9BE9899B531181E5E4634768C97D1 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:06:07.0492 5312 Suspicious file (Forged): C:\Windows\system32\drivers\peauth.sys. Real md5: 1BD9BE9899B531181E5E4634768C97D1, Fake md5: 6349F6ED9C623B44B52EA3C63C831A92
18:06:07.0492 5312 PEAUTH ( ForgedFile.Multi.Generic ) - warning
18:06:07.0492 5312 PEAUTH - detected ForgedFile.Multi.Generic (1)
18:06:07.0539 5312 [ 0BBDA46E800FA755DBF6637A974CAE08 ] pla C:\Windows\system32\pla.dll
18:06:07.0617 5312 Suspicious file (Forged): C:\Windows\system32\pla.dll. Real md5: 0BBDA46E800FA755DBF6637A974CAE08, Fake md5: B1689DF169143F57053F795390C99DB3
18:06:07.0617 5312 pla ( ForgedFile.Multi.Generic ) - warning
18:06:07.0617 5312 pla - detected ForgedFile.Multi.Generic (1)
18:06:07.0648 5312 [ 63369EA0128CAEB9771F59C9F056A4E4 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:06:07.0679 5312 Suspicious file (Forged): C:\Windows\system32\umpnpmgr.dll. Real md5: 63369EA0128CAEB9771F59C9F056A4E4, Fake md5: C5E7F8A996EC0A82D508FD9064A5569E
18:06:07.0679 5312 PlugPlay ( ForgedFile.Multi.Generic ) - warning
18:06:07.0679 5312 PlugPlay - detected ForgedFile.Multi.Generic (1)
18:06:07.0711 5312 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:06:07.0742 5312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:06:07.0742 5312 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:06:07.0757 5312 [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:06:07.0789 5312 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:07.0789 5312 PNRPAutoReg ( ForgedFile.Multi.Generic ) - warning
18:06:07.0789 5312 PNRPAutoReg - detected ForgedFile.Multi.Generic (1)
18:06:07.0804 5312 [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:06:07.0804 5312 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:07.0820 5312 PNRPsvc ( ForgedFile.Multi.Generic ) - warning
18:06:07.0820 5312 PNRPsvc - detected ForgedFile.Multi.Generic (1)
18:06:07.0820 5312 [ 004ED2668CD0E02186B518A76BFA7305 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:06:07.0835 5312 Suspicious file (Forged): C:\Windows\System32\ipsecsvc.dll. Real md5: 004ED2668CD0E02186B518A76BFA7305, Fake md5: D0494460421A03CD5225CCA0059AA146
18:06:07.0851 5312 PolicyAgent ( ForgedFile.Multi.Generic ) - warning
18:06:07.0851 5312 PolicyAgent - detected ForgedFile.Multi.Generic (1)
18:06:07.0882 5312 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:06:08.0007 5312 PptpMiniport - ok
18:06:08.0054 5312 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:06:08.0288 5312 Processor - ok
18:06:08.0303 5312 [ D94085B36C265D5E7F49C6B6E817C992 ] ProfSvc C:\Windows\system32\profsvc.dll
18:06:08.0350 5312 Suspicious file (Forged): C:\Windows\system32\profsvc.dll. Real md5: D94085B36C265D5E7F49C6B6E817C992, Fake md5: 0508FAA222D28835310B7BFCA7A77346
18:06:08.0350 5312 ProfSvc ( ForgedFile.Multi.Generic ) - warning
18:06:08.0350 5312 ProfSvc - detected ForgedFile.Multi.Generic (1)
18:06:08.0366 5312 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:06:08.0397 5312 ProtectedStorage - ok
18:06:08.0444 5312 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:06:08.0569 5312 PSched - ok
18:06:08.0600 5312 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:06:08.0615 5312 PxHelp20 - ok
18:06:08.0647 5312 [ 5AF2613C3656B3CC9BF2395F60E05566 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:06:08.0693 5312 Suspicious file (Forged): C:\Windows\system32\drivers\ql2300.sys. Real md5: 5AF2613C3656B3CC9BF2395F60E05566, Fake md5: CCDAC889326317792480C0A67156A1EC
18:06:08.0693 5312 ql2300 ( ForgedFile.Multi.Generic ) - warning
18:06:08.0693 5312 ql2300 - detected ForgedFile.Multi.Generic (1)
18:06:08.0725 5312 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:06:08.0740 5312 ql40xx - ok
18:06:08.0756 5312 [ 5F04EBF515737B3A3A3E13EAE4FD6339 ] QWAVE C:\Windows\system32\qwave.dll
18:06:08.0787 5312 Suspicious file (Forged): C:\Windows\system32\qwave.dll. Real md5: 5F04EBF515737B3A3A3E13EAE4FD6339, Fake md5: E9ECAE663F47E6CB43962D18AB18890F
18:06:08.0787 5312 QWAVE ( ForgedFile.Multi.Generic ) - warning
18:06:08.0787 5312 QWAVE - detected ForgedFile.Multi.Generic (1)
18:06:08.0818 5312 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:06:08.0865 5312 QWAVEdrv - ok
18:06:08.0912 5312 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:06:09.0052 5312 RasAcd - ok
18:06:09.0083 5312 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:06:09.0146 5312 RasAuto - ok
18:06:09.0193 5312 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:09.0239 5312 Rasl2tp - ok
18:06:09.0271 5312 [ EC87A838931D4D5D2E94A04644788A55 ] RasMan C:\Windows\System32\rasmans.dll
18:06:09.0286 5312 Suspicious file (Forged): C:\Windows\System32\rasmans.dll. Real md5: EC87A838931D4D5D2E94A04644788A55, Fake md5: 75D47445D70CA6F9F894B032FBC64FCF
18:06:09.0286 5312 RasMan ( ForgedFile.Multi.Generic ) - warning
18:06:09.0286 5312 RasMan - detected ForgedFile.Multi.Generic (1)
18:06:09.0317 5312 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:09.0442 5312 RasPppoe - ok
18:06:09.0473 5312 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:06:09.0583 5312 RasSstp - ok
18:06:09.0614 5312 [ 3E02DA96A403154487761734F342C2C9 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:06:09.0661 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rdbss.sys. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: B14C9D5B9ADD2F84F70570BBBFAA7935
18:06:09.0661 5312 rdbss ( ForgedFile.Multi.Generic ) - warning
18:06:09.0661 5312 rdbss - detected ForgedFile.Multi.Generic (1)
18:06:09.0692 5312 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:09.0832 5312 RDPCDD - ok
18:06:09.0863 5312 [ 689CB8A9930F9D6F3838F751619FA22F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:06:09.0879 5312 Suspicious file (Forged): C:\Windows\system32\drivers\rdpdr.sys. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: E8BD98D46F2ED77132BA927FCCB47D8B
18:06:09.0895 5312 rdpdr ( ForgedFile.Multi.Generic ) - warning
18:06:09.0895 5312 rdpdr - detected ForgedFile.Multi.Generic (1)
18:06:09.0910 5312 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:06:09.0988 5312 RDPENCDD - ok
18:06:10.0019 5312 [ 5C8871B41E0604F375A577760391CB24 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:06:10.0051 5312 Suspicious file (Forged): C:\Windows\system32\drivers\RDPWD.sys. Real md5: 5C8871B41E0604F375A577760391CB24, Fake md5: C127EBD5AFAB31524662C48DFCEB773A
18:06:10.0051 5312 RDPWD ( ForgedFile.Multi.Generic ) - warning
18:06:10.0051 5312 RDPWD - detected ForgedFile.Multi.Generic (1)
18:06:10.0113 5312 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:06:10.0238 5312 RemoteAccess - ok
18:06:10.0285 5312 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:06:10.0409 5312 RemoteRegistry - ok
18:06:10.0456 5312 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:06:10.0519 5312 RpcLocator - ok
18:06:10.0534 5312 [ 6621476E1926167313D0FE6E95E98E7F ] RpcSs C:\Windows\system32\rpcss.dll
18:06:10.0565 5312 Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:06:10.0565 5312 RpcSs ( ForgedFile.Multi.Generic ) - warning
18:06:10.0565 5312 RpcSs - detected ForgedFile.Multi.Generic (1)
18:06:10.0612 5312 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:06:10.0753 5312 rspndr - ok
18:06:10.0768 5312 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:06:10.0784 5312 SamSs - ok
18:06:10.0815 5312 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:06:10.0846 5312 sbp2port - ok
18:06:10.0893 5312 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:06:11.0018 5312 SCardSvr - ok
18:06:11.0033 5312 [ 6A325B709D328A46B39F3C8EB55347AF ] Schedule C:\Windows\system32\schedsvc.dll
18:06:11.0080 5312 Suspicious file (Forged): C:\Windows\system32\schedsvc.dll. Real md5: 6A325B709D328A46B39F3C8EB55347AF, Fake md5: 1A58069DB21D05EB2AB58EE5753EBE8D
18:06:11.0080 5312 Schedule ( ForgedFile.Multi.Generic ) - warning
18:06:11.0080 5312 Schedule - detected ForgedFile.Multi.Generic (1)
18:06:11.0127 5312 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:06:11.0174 5312 SCPolicySvc - ok
18:06:11.0205 5312 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:06:11.0299 5312 SDRSVC - ok
18:06:11.0423 5312 [ AC20213C4C2A97DDF091B8FA7C0D5185 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:06:11.0455 5312 Suspicious file (Forged): C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe. Real md5: AC20213C4C2A97DDF091B8FA7C0D5185, Fake md5: 271077B91D7AD1B616F8AFDFE8E3F981
18:06:11.0455 5312 SeaPort ( ForgedFile.Multi.Generic ) - warning
18:06:11.0455 5312 SeaPort - detected ForgedFile.Multi.Generic (1)
18:06:11.0470 5312 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:06:11.0720 5312 secdrv - ok
18:06:11.0751 5312 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:06:11.0876 5312 seclogon - ok
18:06:11.0923 5312 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:06:11.0969 5312 SENS - ok
18:06:12.0016 5312 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:06:12.0079 5312 Serenum - ok
18:06:12.0110 5312 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:06:12.0188 5312 Serial - ok
18:06:12.0235 5312 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:06:12.0266 5312 sermouse - ok
18:06:12.0266 5312 ServiceLayer - ok
18:06:12.0344 5312 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:06:12.0469 5312 SessionEnv - ok
18:06:12.0500 5312 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:06:12.0734 5312 sffdisk - ok
18:06:12.0765 5312 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:06:12.0843 5312 sffp_mmc - ok
18:06:12.0890 5312 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:06:12.0968 5312 sffp_sd - ok
18:06:12.0983 5312 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:06:13.0046 5312 sfloppy - ok
18:06:13.0061 5312 [ BE808F75A548431F70DD63967B466661 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:06:13.0093 5312 Suspicious file (Forged): C:\Windows\System32\ipnathlp.dll. Real md5: BE808F75A548431F70DD63967B466661, Fake md5: E1499BD0FF76B1B2FBBF1AF339D91165
18:06:13.0093 5312 SharedAccess ( ForgedFile.Multi.Generic ) - warning
18:06:13.0093 5312 SharedAccess - detected ForgedFile.Multi.Generic (1)
18:06:13.0124 5312 [ F2F577D6BBA24BD4F1882E289203F358 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:06:13.0139 5312 Suspicious file (Forged): C:\Windows\System32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:06:13.0155 5312 ShellHWDetection ( ForgedFile.Multi.Generic ) - warning
18:06:13.0155 5312 ShellHWDetection - detected ForgedFile.Multi.Generic (1)
18:06:13.0171 5312 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:06:13.0186 5312 sisagp - ok
18:06:13.0202 5312 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:06:13.0217 5312 SiSRaid2 - ok
18:06:13.0249 5312 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:06:13.0264 5312 SiSRaid4 - ok
18:06:13.0311 5312 [ 26C1DCA2184E7E9911D714A55D349CE6 ] slsvc C:\Windows\system32\SLsvc.exe
18:06:13.0436 5312 Suspicious file (Forged): C:\Windows\system32\SLsvc.exe. Real md5: 26C1DCA2184E7E9911D714A55D349CE6, Fake md5: 862BB4CBC05D80C5B45BE430E5EF872F
18:06:13.0451 5312 slsvc ( ForgedFile.Multi.Generic ) - warning
18:06:13.0451 5312 slsvc - detected ForgedFile.Multi.Generic (1)
18:06:13.0498 5312 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:06:13.0623 5312 SLUINotify - ok
18:06:13.0654 5312 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:06:13.0701 5312 Smb - ok
18:06:13.0732 5312 [ DB31D8989B3450569C29780E7FA98C48 ] SNC C:\Windows\system32\Drivers\SonyNC.sys
18:06:13.0795 5312 SNC - ok
18:06:13.0826 5312 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:06:13.0857 5312 SNMPTRAP - ok
18:06:13.0935 5312 [ 8C565651AF9023F2D0616D80BB28D253 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
18:06:14.0341 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\snpstd3.sys. Real md5: 8C565651AF9023F2D0616D80BB28D253, Fake md5: 9CD6FFC9F5B999EB5DF69B9177D9848F
18:06:14.0372 5312 SNPSTD3 ( ForgedFile.Multi.Generic ) - warning
18:06:14.0372 5312 SNPSTD3 - detected ForgedFile.Multi.Generic (1)
18:06:14.0450 5312 [ 86DA2BEFB800D726FEA98A539606553C ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
18:06:14.0481 5312 SonicStage Back-End Service - ok
18:06:14.0512 5312 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:06:14.0528 5312 spldr - ok
18:06:14.0543 5312 [ 05DBBD20D38DEC7598E4AE3E255200AD ] Spooler C:\Windows\System32\spoolsv.exe
18:06:14.0575 5312 Suspicious file (Forged): C:\Windows\System32\spoolsv.exe. Real md5: 05DBBD20D38DEC7598E4AE3E255200AD, Fake md5: 8554097E5136C3BF9F69FE578A1B35F4
18:06:14.0575 5312 Spooler ( ForgedFile.Multi.Generic ) - warning
18:06:14.0575 5312 Spooler - detected ForgedFile.Multi.Generic (1)
18:06:14.0606 5312 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
18:06:14.0606 5312 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:06:14.0606 5312 SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:06:14.0637 5312 [ 0E4F0E65B32CB4132B39A439951342A3 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:06:14.0653 5312 Suspicious file (Forged): C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe. Real md5: 0E4F0E65B32CB4132B39A439951342A3, Fake md5: 86EBD8B1F23E743AAD21F4D5B4D40985
18:06:14.0653 5312 SQLBrowser ( ForgedFile.Multi.Generic ) - warning
18:06:14.0653 5312 SQLBrowser - detected ForgedFile.Multi.Generic (1)
18:06:14.0699 5312 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:06:14.0715 5312 SQLWriter - ok
18:06:14.0731 5312 [ 397039AF02D50D15C70B74088EB8A1CB ] srv C:\Windows\system32\DRIVERS\srv.sys
18:06:14.0777 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv.sys. Real md5: 397039AF02D50D15C70B74088EB8A1CB, Fake md5: 41987F9FC0E61ADF54F581E15029AD91
18:06:14.0777 5312 srv ( ForgedFile.Multi.Generic ) - warning
18:06:14.0777 5312 srv - detected ForgedFile.Multi.Generic (1)
18:06:14.0809 5312 [ 1AA21A40A1067F5BF80513656735A2BF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:06:14.0824 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv2.sys. Real md5: 1AA21A40A1067F5BF80513656735A2BF, Fake md5: FF33AFF99564B1AA534F58868CBE41EF
18:06:14.0824 5312 srv2 ( ForgedFile.Multi.Generic ) - warning
18:06:14.0824 5312 srv2 - detected ForgedFile.Multi.Generic (1)
18:06:14.0840 5312 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:06:14.0902 5312 srvnet - ok
18:06:14.0933 5312 [ 3DABE639076AEA4BE21608FEBC95C1B5 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:06:14.0965 5312 Suspicious file (Forged): C:\Windows\System32\ssdpsrv.dll. Real md5: 3DABE639076AEA4BE21608FEBC95C1B5, Fake md5: 03D50B37234967433A5EA5BA72BC0B62
18:06:14.0965 5312 SSDPSRV ( ForgedFile.Multi.Generic ) - warning
18:06:14.0965 5312 SSDPSRV - detected ForgedFile.Multi.Generic (1)
18:06:15.0011 5312 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:06:15.0027 5312 ssmdrv - ok
18:06:15.0043 5312 [ 6EB13F919D22D5056B4FB66AA3BB497A ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
18:06:15.0058 5312 SSScsiSV - ok
18:06:15.0105 5312 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:06:15.0167 5312 SstpSvc - ok
18:06:15.0214 5312 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
|
|
10.03.2013, 18:44
| #14 |
| | Groupon Email Das ist der 2. Teil: Code:
ATTFilter 18:06:15.0230 5312 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:06:15.0230 5312 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:06:15.0261 5312 [ A89777E9809EC6EA3190114E59C67BCB ] stisvc C:\Windows\System32\wiaservc.dll
18:06:15.0308 5312 Suspicious file (Forged): C:\Windows\System32\wiaservc.dll. Real md5: A89777E9809EC6EA3190114E59C67BCB, Fake md5: 5DE7D67E49B88F5F07F3E53C4B92A352
18:06:15.0308 5312 stisvc ( ForgedFile.Multi.Generic ) - warning
18:06:15.0308 5312 stisvc - detected ForgedFile.Multi.Generic (1)
18:06:15.0339 5312 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:06:15.0355 5312 swenum - ok
18:06:15.0386 5312 [ 6A66D33C6A7B55416D843AEE2FF2BF93 ] swprv C:\Windows\System32\swprv.dll
18:06:15.0417 5312 Suspicious file (Forged): C:\Windows\System32\swprv.dll. Real md5: 6A66D33C6A7B55416D843AEE2FF2BF93, Fake md5: F21FD248040681CCA1FB6C9A03AAA93D
18:06:15.0417 5312 swprv ( ForgedFile.Multi.Generic ) - warning
18:06:15.0417 5312 swprv - detected ForgedFile.Multi.Generic (1)
18:06:15.0448 5312 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:06:15.0464 5312 Symc8xx - ok
18:06:15.0479 5312 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:06:15.0495 5312 Sym_hi - ok
18:06:15.0495 5312 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:06:15.0511 5312 Sym_u3 - ok
18:06:15.0542 5312 [ E3477C4F58312892158CE5963AE18CBA ] SysMain C:\Windows\system32\sysmain.dll
18:06:15.0573 5312 Suspicious file (Forged): C:\Windows\system32\sysmain.dll. Real md5: E3477C4F58312892158CE5963AE18CBA, Fake md5: 9A51B04E9886AA4EE90093586B0BA88D
18:06:15.0573 5312 SysMain ( ForgedFile.Multi.Generic ) - warning
18:06:15.0573 5312 SysMain - detected ForgedFile.Multi.Generic (1)
18:06:15.0604 5312 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:06:15.0667 5312 TabletInputService - ok
18:06:15.0698 5312 [ 689CB8A9930F9D6F3838F751619FA22F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:06:15.0713 5312 Suspicious file (Forged): C:\Windows\System32\tapisrv.dll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: D7673E4B38CE21EE54C59EEEB65E2483
18:06:15.0713 5312 TapiSrv ( ForgedFile.Multi.Generic ) - warning
18:06:15.0713 5312 TapiSrv - detected ForgedFile.Multi.Generic (1)
18:06:15.0745 5312 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:06:15.0885 5312 TBS - ok
18:06:15.0901 5312 [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:06:15.0947 5312 Suspicious file (Forged): C:\Windows\system32\drivers\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:06:15.0947 5312 Tcpip ( ForgedFile.Multi.Generic ) - warning
18:06:15.0947 5312 Tcpip - detected ForgedFile.Multi.Generic (1)
18:06:15.0979 5312 [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:06:15.0979 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:06:15.0994 5312 Tcpip6 ( ForgedFile.Multi.Generic ) - warning
18:06:15.0994 5312 Tcpip6 - detected ForgedFile.Multi.Generic (1)
18:06:16.0041 5312 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:06:16.0150 5312 tcpipreg - ok
18:06:16.0181 5312 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:06:16.0353 5312 TDPIPE - ok
18:06:16.0384 5312 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:06:16.0415 5312 TDTCP - ok
18:06:16.0462 5312 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:06:16.0587 5312 tdx - ok
18:06:16.0603 5312 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:06:16.0618 5312 TermDD - ok
18:06:16.0634 5312 [ 147C8282353639F295A50038CC8033C2 ] TermService C:\Windows\System32\termsrv.dll
18:06:16.0649 5312 Suspicious file (Forged): C:\Windows\System32\termsrv.dll. Real md5: 147C8282353639F295A50038CC8033C2, Fake md5: BB95DA09BEF6E7A131BFF3BA5032090D
18:06:16.0665 5312 TermService ( ForgedFile.Multi.Generic ) - warning
18:06:16.0665 5312 TermService - detected ForgedFile.Multi.Generic (1)
18:06:16.0665 5312 [ F2F577D6BBA24BD4F1882E289203F358 ] Themes C:\Windows\system32\shsvcs.dll
18:06:16.0696 5312 Suspicious file (Forged): C:\Windows\system32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:06:16.0696 5312 Themes ( ForgedFile.Multi.Generic ) - warning
18:06:16.0696 5312 Themes - detected ForgedFile.Multi.Generic (1)
18:06:16.0712 5312 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:06:16.0821 5312 THREADORDER - ok
18:06:16.0837 5312 [ A52733D3CD7D1DC595E8830569F9DE5E ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
18:06:16.0883 5312 Suspicious file (Forged): C:\Windows\system32\drivers\ti21sony.sys. Real md5: A52733D3CD7D1DC595E8830569F9DE5E, Fake md5: 909CD987B54A8179C9AEE874D754721A
18:06:16.0883 5312 ti21sony ( ForgedFile.Multi.Generic ) - warning
18:06:16.0883 5312 ti21sony - detected ForgedFile.Multi.Generic (1)
18:06:16.0915 5312 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:06:17.0055 5312 TrkWks - ok
18:06:17.0133 5312 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:06:17.0242 5312 TrustedInstaller - ok
18:06:17.0289 5312 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:17.0336 5312 tssecsrv - ok
18:06:17.0398 5312 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:06:17.0476 5312 tunmp - ok
18:06:17.0507 5312 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:06:17.0523 5312 tunnel - ok
18:06:17.0554 5312 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:06:17.0585 5312 uagp35 - ok
18:06:17.0601 5312 [ 5542930F3F6E98007EE9B6DF0ADA3300 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:06:17.0632 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\udfs.sys. Real md5: 5542930F3F6E98007EE9B6DF0ADA3300, Fake md5: D9728AF68C4C7693CB100B8441CBDEC6
18:06:17.0632 5312 udfs ( ForgedFile.Multi.Generic ) - warning
18:06:17.0632 5312 udfs - detected ForgedFile.Multi.Generic (1)
18:06:17.0663 5312 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:06:17.0804 5312 UI0Detect - ok
18:06:17.0835 5312 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:06:17.0866 5312 uliagpkx - ok
18:06:17.0866 5312 [ 68871CA1E5BE5A6D5A2C2252D1FD2E52 ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:06:17.0897 5312 Suspicious file (Forged): C:\Windows\system32\drivers\uliahci.sys. Real md5: 68871CA1E5BE5A6D5A2C2252D1FD2E52, Fake md5: 3CD4EA35A6221B85DCC25DAA46313F8D
18:06:17.0897 5312 uliahci ( ForgedFile.Multi.Generic ) - warning
18:06:17.0897 5312 uliahci - detected ForgedFile.Multi.Generic (1)
18:06:17.0929 5312 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:06:17.0944 5312 UlSata - ok
18:06:17.0960 5312 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:06:17.0975 5312 ulsata2 - ok
18:06:18.0007 5312 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:06:18.0131 5312 umbus - ok
18:06:18.0147 5312 [ FB00CD74A5F35E89A7FBDD3C1D05375A ] upnphost C:\Windows\System32\upnphost.dll
18:06:18.0163 5312 Suspicious file (Forged): C:\Windows\System32\upnphost.dll. Real md5: FB00CD74A5F35E89A7FBDD3C1D05375A, Fake md5: 68308183F4AE0BE7BF8ECD07CB297999
18:06:18.0163 5312 upnphost ( ForgedFile.Multi.Generic ) - warning
18:06:18.0163 5312 upnphost - detected ForgedFile.Multi.Generic (1)
18:06:18.0194 5312 upperdev - ok
18:06:18.0241 5312 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:06:18.0272 5312 USBAAPL - ok
18:06:18.0319 5312 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:06:18.0443 5312 usbaudio - ok
18:06:18.0490 5312 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:18.0521 5312 usbccgp - ok
18:06:18.0553 5312 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:06:18.0833 5312 usbcir - ok
18:06:18.0880 5312 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:06:18.0927 5312 usbehci - ok
18:06:18.0927 5312 [ 6C73AB814C9C7902C1F03C63EE3600A5 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:06:18.0958 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbhub.sys. Real md5: 6C73AB814C9C7902C1F03C63EE3600A5, Fake md5: 4673BBCB006AF60E7ABDDBE7A130BA42
18:06:18.0958 5312 usbhub ( ForgedFile.Multi.Generic ) - warning
18:06:18.0958 5312 usbhub - detected ForgedFile.Multi.Generic (1)
18:06:18.0974 5312 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:06:19.0208 5312 usbohci - ok
18:06:19.0255 5312 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:06:19.0379 5312 usbprint - ok
18:06:19.0411 5312 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:06:19.0520 5312 usbscan - ok
18:06:19.0567 5312 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:19.0598 5312 USBSTOR - ok
18:06:19.0629 5312 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:06:19.0676 5312 usbuhci - ok
18:06:19.0723 5312 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:06:19.0769 5312 UxSms - ok
18:06:19.0832 5312 [ 4E9C6BF8D0655BB7538088DC6F2306D9 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:06:19.0847 5312 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:06:19.0847 5312 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:06:19.0894 5312 [ 83928CD1291215AEDEDC2534CA4775D4 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
18:06:19.0910 5312 Suspicious file (Forged): C:\Program Files\sony\VAIO Event Service\VESMgr.exe. Real md5: 83928CD1291215AEDEDC2534CA4775D4, Fake md5: 8A9F18ADAD471402236CA931553BF79B
18:06:19.0925 5312 VAIO Event Service ( ForgedFile.Multi.Generic ) - warning
18:06:19.0925 5312 VAIO Event Service - detected ForgedFile.Multi.Generic (1)
18:06:19.0972 5312 [ 00BC8160BE04FE47673D00165EA8B157 ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
18:06:20.0066 5312 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe. Real md5: 00BC8160BE04FE47673D00165EA8B157, Fake md5: 88DC6B884824A578B0E1E9C3790C105B
18:06:20.0081 5312 VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - warning
18:06:20.0081 5312 VAIOMediaPlatform-IntegratedServer-AppServer - detected ForgedFile.Multi.Generic (1)
18:06:20.0097 5312 [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:06:20.0128 5312 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:06:20.0128 5312 VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0128 5312 VAIOMediaPlatform-IntegratedServer-HTTP - detected ForgedFile.Multi.Generic (1)
18:06:20.0159 5312 [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:06:20.0206 5312 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:06:20.0206 5312 VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0206 5312 VAIOMediaPlatform-IntegratedServer-UPnP - detected ForgedFile.Multi.Generic (1)
18:06:20.0237 5312 [ A751E17CD529631B38B0909D446C2151 ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
18:06:20.0284 5312 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe. Real md5: A751E17CD529631B38B0909D446C2151, Fake md5: 52D4F568FE7D05AE5026B8717EEB59EB
18:06:20.0284 5312 VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - warning
18:06:20.0284 5312 VAIOMediaPlatform-UCLS-AppServer - detected ForgedFile.Multi.Generic (1)
18:06:20.0284 5312 [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:06:20.0300 5312 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:06:20.0300 5312 VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0300 5312 VAIOMediaPlatform-UCLS-HTTP - detected ForgedFile.Multi.Generic (1)
18:06:20.0315 5312 [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:06:20.0315 5312 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:06:20.0315 5312 VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0315 5312 VAIOMediaPlatform-UCLS-UPnP - detected ForgedFile.Multi.Generic (1)
18:06:20.0331 5312 Vcsw - ok
18:06:20.0347 5312 [ 4E418BB00EC74CA23F2CD4285DA2B270 ] vds C:\Windows\System32\vds.exe
18:06:20.0393 5312 Suspicious file (Forged): C:\Windows\System32\vds.exe. Real md5: 4E418BB00EC74CA23F2CD4285DA2B270, Fake md5: CD88D1B7776DC17A119049742EC07EB4
18:06:20.0393 5312 vds ( ForgedFile.Multi.Generic ) - warning
18:06:20.0393 5312 vds - detected ForgedFile.Multi.Generic (1)
18:06:20.0425 5312 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:20.0674 5312 vga - ok
18:06:20.0737 5312 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:06:20.0877 5312 VgaSave - ok
18:06:20.0908 5312 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:06:20.0924 5312 viaagp - ok
18:06:20.0939 5312 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:06:21.0017 5312 ViaC7 - ok
18:06:21.0033 5312 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:06:21.0064 5312 viaide - ok
18:06:21.0080 5312 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:06:21.0095 5312 volmgr - ok
18:06:21.0127 5312 [ 211CB019691759FD10FE37E808E9B0A4 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:06:21.0158 5312 Suspicious file (Forged): C:\Windows\system32\drivers\volmgrx.sys. Real md5: 211CB019691759FD10FE37E808E9B0A4, Fake md5: 23E41B834759917BFD6B9A0D625D0C28
18:06:21.0158 5312 volmgrx ( ForgedFile.Multi.Generic ) - warning
18:06:21.0158 5312 volmgrx - detected ForgedFile.Multi.Generic (1)
18:06:21.0173 5312 [ 7D825B6B001A6BB172AB034144480A99 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:06:21.0205 5312 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 7D825B6B001A6BB172AB034144480A99, Fake md5: 786DB5771F05EF300390399F626BF30A
18:06:21.0205 5312 volsnap ( ForgedFile.Multi.Generic ) - warning
18:06:21.0205 5312 volsnap - detected ForgedFile.Multi.Generic (1)
18:06:21.0220 5312 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:06:21.0236 5312 vsmraid - ok
18:06:21.0267 5312 [ 0C9CD2B425AC2CBE1D403A8F136A926B ] VSS C:\Windows\system32\vssvc.exe
18:06:21.0329 5312 Suspicious file (Forged): C:\Windows\system32\vssvc.exe. Real md5: 0C9CD2B425AC2CBE1D403A8F136A926B, Fake md5: DB3D19F850C6EB32BDCB9BC0836ACDDB
18:06:21.0329 5312 VSS ( ForgedFile.Multi.Generic ) - warning
18:06:21.0329 5312 VSS - detected ForgedFile.Multi.Generic (1)
18:06:21.0361 5312 [ 72389E9E2971CD7227DD5AA2543D6C73 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:06:21.0376 5312 Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe. Real md5: 72389E9E2971CD7227DD5AA2543D6C73, Fake md5: 5FEB20D9ED9A2BD4F234222B0A3BB855
18:06:21.0376 5312 VzCdbSvc ( ForgedFile.Multi.Generic ) - warning
18:06:21.0376 5312 VzCdbSvc - detected ForgedFile.Multi.Generic (1)
18:06:21.0376 5312 [ A1A0E1292171BC39DA88FA48EB208023 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:06:21.0392 5312 Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe. Real md5: A1A0E1292171BC39DA88FA48EB208023, Fake md5: 3757DFD3C07896EF660D4060366E7B4E
18:06:21.0392 5312 VzFw ( ForgedFile.Multi.Generic ) - warning
18:06:21.0392 5312 VzFw - detected ForgedFile.Multi.Generic (1)
18:06:21.0423 5312 [ 4F61A26D5D0A96E6D46B0617192010E3 ] W32Time C:\Windows\system32\w32time.dll
18:06:21.0454 5312 Suspicious file (Forged): C:\Windows\system32\w32time.dll. Real md5: 4F61A26D5D0A96E6D46B0617192010E3, Fake md5: 96EA68B9EB310A69C25EBB0282B2B9DE
18:06:21.0454 5312 W32Time ( ForgedFile.Multi.Generic ) - warning
18:06:21.0454 5312 W32Time - detected ForgedFile.Multi.Generic (1)
18:06:21.0501 5312 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:06:21.0751 5312 WacomPen - ok
18:06:21.0782 5312 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:06:21.0891 5312 Wanarp - ok
18:06:21.0907 5312 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:06:21.0922 5312 Wanarpv6 - ok
18:06:21.0953 5312 [ 0183D84E9A99DB28B40E94117A3B7E6D ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:06:21.0985 5312 Suspicious file (Forged): C:\Windows\System32\wcncsvc.dll. Real md5: 0183D84E9A99DB28B40E94117A3B7E6D, Fake md5: A3CD60FD826381B49F03832590E069AF
18:06:21.0985 5312 wcncsvc ( ForgedFile.Multi.Generic ) - warning
18:06:21.0985 5312 wcncsvc - detected ForgedFile.Multi.Generic (1)
18:06:22.0031 5312 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:06:22.0078 5312 WcsPlugInService - ok
18:06:22.0109 5312 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:06:22.0156 5312 Wd - ok
18:06:22.0172 5312 [ 899BFAC7D63DDE7F811570826DC8972A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:06:22.0203 5312 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 899BFAC7D63DDE7F811570826DC8972A, Fake md5: A840213F1ACDCC175B4D1D5AAEAC0D7A
18:06:22.0219 5312 Wdf01000 ( ForgedFile.Multi.Generic ) - warning
18:06:22.0219 5312 Wdf01000 - detected ForgedFile.Multi.Generic (1)
18:06:22.0265 5312 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:06:22.0390 5312 WdiServiceHost - ok
18:06:22.0406 5312 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:06:22.0468 5312 WdiSystemHost - ok
18:06:22.0499 5312 [ 53297B80FCB36799AFD2E7707CF15101 ] WebClient C:\Windows\System32\webclnt.dll
18:06:22.0515 5312 Suspicious file (Forged): C:\Windows\System32\webclnt.dll. Real md5: 53297B80FCB36799AFD2E7707CF15101, Fake md5: 04C37D8107320312FBAE09926103D5E2
18:06:22.0531 5312 WebClient ( ForgedFile.Multi.Generic ) - warning
18:06:22.0531 5312 WebClient - detected ForgedFile.Multi.Generic (1)
18:06:22.0546 5312 [ 2EED3BF66F3B7A8D7A8F04E295502CBE ] Wecsvc C:\Windows\system32\wecsvc.dll
18:06:22.0562 5312 Suspicious file (Forged): C:\Windows\system32\wecsvc.dll. Real md5: 2EED3BF66F3B7A8D7A8F04E295502CBE, Fake md5: AE3736E7E8892241C23E4EBBB7453B60
18:06:22.0562 5312 Wecsvc ( ForgedFile.Multi.Generic ) - warning
18:06:22.0562 5312 Wecsvc - detected ForgedFile.Multi.Generic (1)
18:06:22.0593 5312 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:06:22.0718 5312 wercplsupport - ok
18:06:22.0749 5312 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:06:22.0811 5312 WerSvc - ok
18:06:22.0827 5312 [ CA07CF5D723A0935217BAB6085DF5F29 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:06:22.0874 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_CNXT.sys. Real md5: CA07CF5D723A0935217BAB6085DF5F29, Fake md5: 6D2350BB6E77E800FC4BE4E5B7A2E89A
18:06:22.0874 5312 winachsf ( ForgedFile.Multi.Generic ) - warning
18:06:22.0874 5312 winachsf - detected ForgedFile.Multi.Generic (1)
18:06:22.0921 5312 [ 4CA8E488299BAF19CE350E16BA5ACC0D ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:06:22.0952 5312 Suspicious file (Forged): C:\Program Files\Windows Defender\mpsvc.dll. Real md5: 4CA8E488299BAF19CE350E16BA5ACC0D, Fake md5: 4575AA12561C5648483403541D0D7F2B
18:06:22.0952 5312 WinDefend ( ForgedFile.Multi.Generic ) - warning
18:06:22.0952 5312 WinDefend - detected ForgedFile.Multi.Generic (1)
18:06:22.0967 5312 WinHttpAutoProxySvc - ok
18:06:22.0999 5312 [ 5A7FC383C3355595A83FCE4F23FA792C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:06:23.0014 5312 Suspicious file (Forged): C:\Windows\system32\wbem\WMIsvc.dll. Real md5: 5A7FC383C3355595A83FCE4F23FA792C, Fake md5: 6B2A1D0E80110E3D04E6863C6E62FD8A
18:06:23.0014 5312 Winmgmt ( ForgedFile.Multi.Generic ) - warning
18:06:23.0014 5312 Winmgmt - detected ForgedFile.Multi.Generic (1)
18:06:23.0045 5312 [ 449CBE07A71B499191C227506456C7C8 ] WinRM C:\Windows\system32\WsmSvc.dll
18:06:23.0092 5312 Suspicious file (Forged): C:\Windows\system32\WsmSvc.dll. Real md5: 449CBE07A71B499191C227506456C7C8, Fake md5: 7CFE68BDC065E55AA5E8421607037511
18:06:23.0108 5312 WinRM ( ForgedFile.Multi.Generic ) - warning
18:06:23.0108 5312 WinRM - detected ForgedFile.Multi.Generic (1)
18:06:23.0139 5312 [ D20CE70213434432BED5CDC45AFA74A1 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:06:23.0170 5312 Suspicious file (Forged): C:\Windows\System32\wlansvc.dll. Real md5: D20CE70213434432BED5CDC45AFA74A1, Fake md5: C008405E4FEEB069E30DA1D823910234
18:06:23.0170 5312 Wlansvc ( ForgedFile.Multi.Generic ) - warning
18:06:23.0170 5312 Wlansvc - detected ForgedFile.Multi.Generic (1)
18:06:23.0201 5312 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:06:23.0451 5312 WmiAcpi - ok
18:06:23.0498 5312 [ 8A976E019FB3D9F72D7C1EC0D4FB7579 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:06:23.0529 5312 Suspicious file (Forged): C:\Windows\system32\wbem\WmiApSrv.exe. Real md5: 8A976E019FB3D9F72D7C1EC0D4FB7579, Fake md5: 43BE3875207DCB62A85C8C49970B66CC
18:06:23.0529 5312 wmiApSrv ( ForgedFile.Multi.Generic ) - warning
18:06:23.0529 5312 wmiApSrv - detected ForgedFile.Multi.Generic (1)
18:06:23.0576 5312 [ 2C245A6ED1E1FF435B600B5DFC7325F0 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:06:23.0638 5312 Suspicious file (Forged): C:\Program Files\Windows Media Player\wmpnetwk.exe. Real md5: 2C245A6ED1E1FF435B600B5DFC7325F0, Fake md5: 3978704576A121A9204F8CC49A301A9B
18:06:23.0638 5312 WMPNetworkSvc ( ForgedFile.Multi.Generic ) - warning
18:06:23.0638 5312 WMPNetworkSvc - detected ForgedFile.Multi.Generic (1)
18:06:23.0669 5312 [ 5ABD1095CC6E1E212DF86050ACB64BDA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:06:23.0701 5312 Suspicious file (Forged): C:\Windows\System32\wpcsvc.dll. Real md5: 5ABD1095CC6E1E212DF86050ACB64BDA, Fake md5: CFC5A04558F5070CEE3E3A7809F3FF52
18:06:23.0701 5312 WPCSvc ( ForgedFile.Multi.Generic ) - warning
18:06:23.0701 5312 WPCSvc - detected ForgedFile.Multi.Generic (1)
18:06:23.0747 5312 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:06:23.0810 5312 WPDBusEnum - ok
18:06:23.0872 5312 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:06:23.0888 5312 WpdUsb - ok
18:06:24.0137 5312 [ 4FB6CD0265037B5D8B86CCF770CFB25A ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:06:24.0184 5312 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe. Real md5: 4FB6CD0265037B5D8B86CCF770CFB25A, Fake md5: DCF3E3EDF5109EE8BC02FE6E1F045795
18:06:24.0184 5312 WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - warning
18:06:24.0184 5312 WPFFontCache_v0400 - detected ForgedFile.Multi.Generic (1)
18:06:24.0231 5312 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:06:24.0371 5312 ws2ifsl - ok
18:06:24.0434 5312 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:06:24.0465 5312 wscsvc - ok
18:06:24.0465 5312 WSearch - ok
18:06:24.0512 5312 [ CE80FEC12F96CA35DEEFD2A4E7E3F798 ] wuauserv C:\Windows\system32\wuaueng.dll
18:06:24.0590 5312 Suspicious file (Forged): C:\Windows\system32\wuaueng.dll. Real md5: CE80FEC12F96CA35DEEFD2A4E7E3F798, Fake md5: FC3EC24FCE372C89423E015A2AC1A31E
18:06:24.0605 5312 wuauserv ( ForgedFile.Multi.Generic ) - warning
18:06:24.0605 5312 wuauserv - detected ForgedFile.Multi.Generic (1)
18:06:24.0652 5312 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:06:24.0730 5312 WudfPf - ok
18:06:24.0730 5312 [ 95078B3A120FB0488447F4BF9794D24E ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:24.0761 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\WUDFRd.sys. Real md5: 95078B3A120FB0488447F4BF9794D24E, Fake md5: 867C301E8B790040AE9CF6486E8041DF
18:06:24.0761 5312 WUDFRd ( ForgedFile.Multi.Generic ) - warning
18:06:24.0761 5312 WUDFRd - detected ForgedFile.Multi.Generic (1)
18:06:24.0793 5312 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:06:24.0839 5312 wudfsvc - ok
18:06:24.0871 5312 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:06:24.0902 5312 XAudio - ok
18:06:24.0917 5312 [ 54664AB16813A31387F89CD60E9B0832 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:06:24.0949 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\xaudio.exe. Real md5: 54664AB16813A31387F89CD60E9B0832, Fake md5: 28DC5D626E036A75A572556F0A6EB1F6
18:06:24.0949 5312 XAudioService ( ForgedFile.Multi.Generic ) - warning
18:06:24.0949 5312 XAudioService - detected ForgedFile.Multi.Generic (1)
18:06:24.0964 5312 [ FECB77B39816ADA633949F4E27BC6026 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:06:24.0980 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\yk60x86.sys. Real md5: FECB77B39816ADA633949F4E27BC6026, Fake md5: 69222091B6285906AFF82E43681CF826
18:06:24.0980 5312 yukonwlh ( ForgedFile.Multi.Generic ) - warning
18:06:24.0980 5312 yukonwlh - detected ForgedFile.Multi.Generic (1)
18:06:24.0980 5312 ================ Scan global ===============================
18:06:25.0027 5312 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:06:25.0042 5312 [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:06:25.0073 5312 Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:06:25.0089 5312 [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:06:25.0089 5312 Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:06:25.0120 5312 [ CF967F2AD6364DCB895114E5CBE0FD72 ] C:\Windows\system32\services.exe
18:06:25.0167 5312 Suspicious file (Forged): C:\Windows\system32\services.exe. Real md5: CF967F2AD6364DCB895114E5CBE0FD72, Fake md5: D4E6D91C1349B7BFB3599A6ADA56851B
18:06:25.0167 5312 [Global] - ok
18:06:25.0167 5312 ================ Scan MBR ==================================
18:06:25.0183 5312 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:06:27.0788 5312 \Device\Harddisk0\DR0 - ok
18:06:27.0788 5312 ================ Scan VBR ==================================
18:06:27.0803 5312 [ 350DCDFB2C7F032B38144820915AE7AA ] \Device\Harddisk0\DR0\Partition1
18:06:27.0819 5312 \Device\Harddisk0\DR0\Partition1 - ok
18:06:27.0819 5312 ============================================================
18:06:27.0819 5312 Scan finished
18:06:27.0819 5312 ============================================================
18:06:27.0850 0648 Detected object count: 153
18:06:27.0850 0648 Actual detected object count: 153
18:08:39.0233 0648 ACPI ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0233 0648 ACPI ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0233 0648 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0233 0648 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0249 0648 adp94xx ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648 adp94xx ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0249 0648 adpahci ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648 adpahci ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0249 0648 adpu320 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648 adpu320 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0249 0648 AFD ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648 AFD ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0249 0648 ApfiltrService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648 ApfiltrService ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0249 0648 athr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648 athr ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0265 0648 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0265 0648 Audiosrv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648 Audiosrv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0265 0648 avipbb ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648 avipbb ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0265 0648 BFE ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648 BFE ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0265 0648 BITS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648 BITS ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0280 0648 Bonjour Service ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648 Bonjour Service ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0280 0648 CLFS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648 CLFS ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0280 0648 clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648 clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0280 0648 CryptSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648 CryptSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0280 0648 DcomLaunch ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648 DcomLaunch ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0280 0648 DFSR ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648 DFSR ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0280 0648 Dhcp ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648 Dhcp ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0296 0648 dot3svc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648 dot3svc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0296 0648 Dot4 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648 Dot4 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0296 0648 DPS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648 DPS ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0296 0648 DXGKrnl ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648 DXGKrnl ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0296 0648 Ecache ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648 Ecache ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0296 0648 eeCtrl ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648 eeCtrl ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0311 0648 ehRecvr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648 ehRecvr ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0311 0648 ehSched ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648 ehSched ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0311 0648 elxstor ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648 elxstor ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0311 0648 EMDMgmt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648 EMDMgmt ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0311 0648 EventSystem ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648 EventSystem ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0311 0648 exfat ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648 exfat ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0327 0648 fastfat ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648 fastfat ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0327 0648 FltMgr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648 FltMgr ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0327 0648 FontCache ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648 FontCache ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0327 0648 gpsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648 gpsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0327 0648 gupdate ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648 gupdate ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0343 0648 gupdatem ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648 gupdatem ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0343 0648 HdAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648 HdAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0343 0648 HDAudBus ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648 HDAudBus ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0343 0648 hpqcxs08 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648 hpqcxs08 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0343 0648 hpqddsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648 hpqddsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0343 0648 HSF_DPV ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648 HSF_DPV ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0358 0648 HSXHWAZL ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648 HSXHWAZL ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0358 0648 HTTP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648 HTTP ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0358 0648 iaStorV ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648 iaStorV ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0358 0648 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0358 0648 idsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648 idsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0358 0648 igfx ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648 igfx ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0374 0648 IKEEXT ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648 IKEEXT ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0374 0648 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0374 0648 iphlpsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648 iphlpsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0374 0648 iPod Service ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648 iPod Service ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0374 0648 iScsiPrt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648 iScsiPrt ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0374 0648 KSecDD ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648 KSecDD ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0389 0648 KtmRm ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648 KtmRm ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0389 0648 LanmanWorkstation ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648 LanmanWorkstation ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0389 0648 lltdsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648 lltdsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0389 0648 MpsSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648 MpsSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0389 0648 mrxsmb10 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648 mrxsmb10 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0405 0648 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0405 0648 MsRPC ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648 MsRPC ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0405 0648 napagent ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648 napagent ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0405 0648 NativeWifiP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648 NativeWifiP ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0405 0648 NDIS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648 NDIS ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0405 0648 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0421 0648 netbt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648 netbt ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0421 0648 Netman ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648 Netman ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0421 0648 netprofm ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648 netprofm ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0421 0648 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0421 0648 NETw3v32 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648 NETw3v32 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0421 0648 NlaSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648 NlaSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0436 0648 Ntfs ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648 Ntfs ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0436 0648 odserv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648 odserv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0436 0648 ose ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648 ose ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0436 0648 p2pimsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648 p2pimsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0436 0648 p2psvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648 p2psvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0436 0648 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0452 0648 pci ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648 pci ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0452 0648 pcmcia ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648 pcmcia ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0452 0648 PEAUTH ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648 PEAUTH ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0452 0648 pla ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648 pla ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0452 0648 PlugPlay ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648 PlugPlay ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0452 0648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0467 0648 PNRPAutoReg ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648 PNRPAutoReg ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0467 0648 PNRPsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648 PNRPsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0467 0648 PolicyAgent ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648 PolicyAgent ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0467 0648 ProfSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648 ProfSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0467 0648 ql2300 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648 ql2300 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0467 0648 QWAVE ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648 QWAVE ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0483 0648 RasMan ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648 RasMan ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0483 0648 rdbss ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648 rdbss ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0483 0648 rdpdr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648 rdpdr ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0483 0648 RDPWD ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648 RDPWD ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0483 0648 RpcSs ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648 RpcSs ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0499 0648 Schedule ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648 Schedule ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0499 0648 SeaPort ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648 SeaPort ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0499 0648 SharedAccess ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648 SharedAccess ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0499 0648 ShellHWDetection ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648 ShellHWDetection ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0499 0648 slsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648 slsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0499 0648 SNPSTD3 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648 SNPSTD3 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0514 0648 Spooler ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648 Spooler ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0514 0648 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0514 0648 SQLBrowser ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648 SQLBrowser ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0514 0648 srv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648 srv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0514 0648 srv2 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648 srv2 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0530 0648 SSDPSRV ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648 SSDPSRV ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0530 0648 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0530 0648 stisvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648 stisvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0530 0648 swprv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648 swprv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0530 0648 SysMain ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648 SysMain ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0530 0648 TapiSrv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648 TapiSrv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0545 0648 Tcpip ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648 Tcpip ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0545 0648 Tcpip6 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648 Tcpip6 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0545 0648 TermService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648 TermService ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0545 0648 Themes ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648 Themes ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0545 0648 ti21sony ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648 ti21sony ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0545 0648 udfs ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648 udfs ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0561 0648 uliahci ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648 uliahci ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0561 0648 upnphost ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648 upnphost ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0561 0648 usbhub ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648 usbhub ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0561 0648 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:39.0561 0648 VAIO Event Service ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648 VAIO Event Service ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0561 0648 VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648 VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0577 0648 VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648 VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0577 0648 VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648 VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0577 0648 VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648 VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0577 0648 VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648 VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0577 0648 VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648 VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0592 0648 vds ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648 vds ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0592 0648 volmgrx ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648 volmgrx ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0592 0648 volsnap ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648 volsnap ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0592 0648 VSS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648 VSS ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0592 0648 VzCdbSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648 VzCdbSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0592 0648 VzFw ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648 VzFw ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0608 0648 W32Time ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648 W32Time ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0608 0648 wcncsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648 wcncsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0608 0648 Wdf01000 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648 Wdf01000 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0608 0648 WebClient ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648 WebClient ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0608 0648 Wecsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648 Wecsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0623 0648 winachsf ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648 winachsf ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0623 0648 WinDefend ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648 WinDefend ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0623 0648 Winmgmt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648 Winmgmt ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0623 0648 WinRM ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648 WinRM ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0623 0648 Wlansvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648 Wlansvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0623 0648 wmiApSrv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648 wmiApSrv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0623 0648 WMPNetworkSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648 WMPNetworkSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0639 0648 WPCSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648 WPCSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0639 0648 WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648 WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0639 0648 wuauserv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648 wuauserv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0639 0648 WUDFRd ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648 WUDFRd ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0639 0648 XAudioService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648 XAudioService ( ForgedFile.Multi.Generic ) - User select action: Skip
18:08:39.0639 0648 yukonwlh ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648 yukonwlh ( ForgedFile.Multi.Generic ) - User select action: Skip
18:11:40.0581 4692 ============================================================
18:11:40.0581 4692 Scan started
18:11:40.0581 4692 Mode: Manual; SigCheck; TDLFS;
18:11:40.0581 4692 ============================================================
18:11:41.0018 4692 ================ Scan system memory ========================
18:11:41.0018 4692 System memory - ok
18:11:41.0018 4692 ================ Scan services =============================
18:11:41.0158 4692 [ 1C46DB7455C8BAA1CDA105BE636EA2BD ] ACPI C:\Windows\system32\drivers\acpi.sys
18:11:41.0158 4692 Suspicious file (Forged): C:\Windows\system32\drivers\acpi.sys. Real md5: 1C46DB7455C8BAA1CDA105BE636EA2BD, Fake md5: 82B296AE1892FE3DBEE00C9CF92F8AC7
18:11:41.0158 4692 ACPI ( ForgedFile.Multi.Generic ) - warning
18:11:41.0158 4692 ACPI - detected ForgedFile.Multi.Generic (1)
18:11:41.0283 4692 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:11:41.0314 4692 AdobeARMservice - ok
18:11:41.0361 4692 [ DBBDE6BC8995ABC5DBBD3C8874A6AA4C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:11:41.0377 4692 Suspicious file (Forged): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: DBBDE6BC8995ABC5DBBD3C8874A6AA4C, Fake md5: 9942DC4CC265CDA00486504444EF521D
18:11:41.0377 4692 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - warning
18:11:41.0377 4692 AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic (1)
18:11:41.0392 4692 [ 180296C9364B330492245C6A906DFD21 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:11:41.0424 4692 Suspicious file (Forged): C:\Windows\system32\drivers\adp94xx.sys. Real md5: 180296C9364B330492245C6A906DFD21, Fake md5: 2EDC5BBAC6C651ECE337BDE8ED97C9FB
18:11:41.0424 4692 adp94xx ( ForgedFile.Multi.Generic ) - warning
18:11:41.0424 4692 adp94xx - detected ForgedFile.Multi.Generic (1)
18:11:41.0424 4692 [ F583BF71EEBE44D9D68EE1E2C95FA182 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:11:41.0439 4692 Suspicious file (Forged): C:\Windows\system32\drivers\adpahci.sys. Real md5: F583BF71EEBE44D9D68EE1E2C95FA182, Fake md5: B84088CA3CDCA97DA44A984C6CE1CCAD
18:11:41.0439 4692 adpahci ( ForgedFile.Multi.Generic ) - warning
18:11:41.0439 4692 adpahci - detected ForgedFile.Multi.Generic (1)
18:11:41.0455 4692 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:11:41.0486 4692 adpu160m - ok
18:11:41.0486 4692 [ 6B6E34A9C063B2F426C4C635B6A224BE ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:11:41.0486 4692 Suspicious file (Forged): C:\Windows\system32\drivers\adpu320.sys. Real md5: 6B6E34A9C063B2F426C4C635B6A224BE, Fake md5: 9AE713F8E30EFC2ABCCD84904333DF4D
18:11:41.0486 4692 adpu320 ( ForgedFile.Multi.Generic ) - warning
18:11:41.0486 4692 adpu320 - detected ForgedFile.Multi.Generic (1)
18:11:41.0533 4692 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:11:41.0642 4692 AeLookupSvc - ok
18:11:41.0673 4692 [ C9C34C252C2DE3DCAB88D01562FDB965 ] AFD C:\Windows\system32\drivers\afd.sys
18:11:41.0689 4692 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: C9C34C252C2DE3DCAB88D01562FDB965, Fake md5: 3911B972B55FEA0478476B2E777B29FA
18:11:41.0689 4692 AFD ( ForgedFile.Multi.Generic ) - warning
18:11:41.0689 4692 AFD - detected ForgedFile.Multi.Generic (1)
18:11:41.0720 4692 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:11:41.0736 4692 agp440 - ok
18:11:41.0751 4692 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:11:41.0767 4692 aic78xx - ok
18:11:41.0814 4692 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:11:41.0923 4692 ALG - ok
18:11:41.0938 4692 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:11:41.0954 4692 aliide - ok
18:11:41.0985 4692 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:11:42.0001 4692 amdagp - ok
18:11:42.0016 4692 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:11:42.0032 4692 amdide - ok
18:11:42.0063 4692 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:11:42.0282 4692 AmdK7 - ok
18:11:42.0313 4692 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:11:42.0360 4692 AmdK8 - ok
18:11:42.0422 4692 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:11:42.0438 4692 AntiVirSchedulerService - ok
18:11:42.0484 4692 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:11:42.0500 4692 AntiVirService - ok
18:11:42.0516 4692 [ 370197CD43319BA40CCE4FC6DDF047B7 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:11:42.0531 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\Apfiltr.sys. Real md5: 370197CD43319BA40CCE4FC6DDF047B7, Fake md5: 7C2F57BCE81FA74933F0E1C84A97C9DB
18:11:42.0531 4692 ApfiltrService ( ForgedFile.Multi.Generic ) - warning
18:11:42.0531 4692 ApfiltrService - detected ForgedFile.Multi.Generic (1)
18:11:42.0578 4692 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:11:42.0609 4692 Appinfo - ok
18:11:42.0687 4692 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:11:42.0718 4692 Apple Mobile Device - ok
18:11:42.0734 4692 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:11:42.0750 4692 arc - ok
18:11:42.0765 4692 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:11:42.0781 4692 arcsas - ok
18:11:42.0812 4692 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:11:42.0843 4692 AsyncMac - ok
18:11:42.0890 4692 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:11:42.0906 4692 atapi - ok
18:11:42.0937 4692 [ 13673718FB38F2049FFA8E23CB5B9D82 ] athr C:\Windows\system32\DRIVERS\athr.sys
18:11:42.0968 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\athr.sys. Real md5: 13673718FB38F2049FFA8E23CB5B9D82, Fake md5: 7FA516FC81DD5931F389B56279A27A3E
18:11:42.0984 4692 athr ( ForgedFile.Multi.Generic ) - warning
18:11:42.0984 4692 athr - detected ForgedFile.Multi.Generic (1)
18:11:42.0999 4692 [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:11:43.0030 4692 Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:11:43.0030 4692 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - warning
18:11:43.0030 4692 AudioEndpointBuilder - detected ForgedFile.Multi.Generic (1)
18:11:43.0046 4692 [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:11:43.0046 4692 Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:11:43.0046 4692 Audiosrv ( ForgedFile.Multi.Generic ) - warning
18:11:43.0046 4692 Audiosrv - detected ForgedFile.Multi.Generic (1)
18:11:43.0062 4692 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:11:43.0077 4692 avgntflt - ok
18:11:43.0108 4692 [ 56E83EEDA5468D29B74B14F4CCCC27F2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:11:43.0140 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\avipbb.sys. Real md5: 56E83EEDA5468D29B74B14F4CCCC27F2, Fake md5: 37B854C7D1F477E66C5B49C7700C47CC
18:11:43.0140 4692 avipbb ( ForgedFile.Multi.Generic ) - warning
18:11:43.0140 4692 avipbb - detected ForgedFile.Multi.Generic (1)
18:11:43.0155 4692 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:11:43.0171 4692 avkmgr - ok
18:11:43.0202 4692 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:11:43.0249 4692 Beep - ok
18:11:43.0264 4692 [ 4F99C5E39834F98AD426DCE8F4FD50EA ] BFE C:\Windows\System32\bfe.dll
18:11:43.0296 4692 Suspicious file (Forged): C:\Windows\System32\bfe.dll. Real md5: 4F99C5E39834F98AD426DCE8F4FD50EA, Fake md5: C789AF0F724FDA5852FB9A7D3A432381
18:11:43.0296 4692 BFE ( ForgedFile.Multi.Generic ) - warning
18:11:43.0296 4692 BFE - detected ForgedFile.Multi.Generic (1)
18:11:43.0327 4692 [ 2C17A8F1C97593B30DA4771F66B9D9FA ] BITS C:\Windows\System32\qmgr.dll
18:11:43.0358 4692 Suspicious file (Forged): C:\Windows\System32\qmgr.dll. Real md5: 2C17A8F1C97593B30DA4771F66B9D9FA, Fake md5: 93952506C6D67330367F7E7934B6A02F
18:11:43.0358 4692 BITS ( ForgedFile.Multi.Generic ) - warning
18:11:43.0358 4692 BITS - detected ForgedFile.Multi.Generic (1)
18:11:43.0358 4692 blbdrive - ok
18:11:43.0436 4692 [ 55F1E1F0CCF431207DCBCFE3668E5187 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:11:43.0467 4692 Suspicious file (Forged): C:\Program Files\Bonjour\mDNSResponder.exe. Real md5: 55F1E1F0CCF431207DCBCFE3668E5187, Fake md5: DB5BEA73EDAF19AC68B2C0FAD0F92B1A
18:11:43.0467 4692 Bonjour Service ( ForgedFile.Multi.Generic ) - warning
18:11:43.0467 4692 Bonjour Service - detected ForgedFile.Multi.Generic (1)
18:11:43.0498 4692 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:11:43.0530 4692 bowser - ok
18:11:43.0561 4692 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:11:43.0592 4692 BrFiltLo - ok
18:11:43.0608 4692 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:11:43.0639 4692 BrFiltUp - ok
18:11:43.0670 4692 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:11:43.0701 4692 Browser - ok
18:11:43.0732 4692 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:11:43.0795 4692 Brserid - ok
18:11:43.0842 4692 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:11:43.0888 4692 BrSerWdm - ok
18:11:43.0920 4692 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:11:43.0982 4692 BrUsbMdm - ok
18:11:43.0998 4692 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:11:44.0060 4692 BrUsbSer - ok
18:11:44.0091 4692 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:11:44.0169 4692 BTHMODEM - ok
18:11:44.0216 4692 [ 088C0978203D59425A12B2A53FCCD02B ] camfilt2 C:\Windows\system32\DRIVERS\camfilt2.sys
18:11:44.0247 4692 camfilt2 - ok
18:11:44.0294 4692 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:11:44.0325 4692 cdfs - ok
18:11:44.0372 4692 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:11:44.0403 4692 cdrom - ok
18:11:44.0450 4692 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:11:44.0481 4692 CertPropSvc - ok
18:11:44.0497 4692 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:11:44.0559 4692 circlass - ok
18:11:44.0575 4692 [ B3C3AFFC37D0BCDA8084B0427DEB9201 ] CLFS C:\Windows\system32\CLFS.sys
18:11:44.0606 4692 Suspicious file (Forged): C:\Windows\system32\CLFS.sys. Real md5: B3C3AFFC37D0BCDA8084B0427DEB9201, Fake md5: D7659D3B5B92C31E84E53C1431F35132
18:11:44.0606 4692 CLFS ( ForgedFile.Multi.Generic ) - warning
18:11:44.0606 4692 CLFS - detected ForgedFile.Multi.Generic (1)
18:11:44.0793 4692 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:11:44.0824 4692 clr_optimization_v2.0.50727_32 - ok
18:11:44.0902 4692 [ B89B6C8262ACA6654AF4C5C96B00EAD4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:11:44.0934 4692 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe. Real md5: B89B6C8262ACA6654AF4C5C96B00EAD4, Fake md5: C5A75EB48E2344ABDC162BDA79E16841
18:11:44.0934 4692 clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - warning
18:11:44.0934 4692 clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.Generic (1)
18:11:44.0980 4692 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:11:45.0012 4692 CmBatt - ok
18:11:45.0043 4692 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:11:45.0074 4692 cmdide - ok
18:11:45.0105 4692 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:11:45.0121 4692 Compbatt - ok
18:11:45.0136 4692 COMSysApp - ok
18:11:45.0152 4692 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:11:45.0183 4692 crcdisk - ok
18:11:45.0199 4692 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:11:45.0261 4692 Crusoe - ok
18:11:45.0292 4692 [ FD4F06A4D4B35CD18DBE7AE5932BD2BC ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:11:45.0324 4692 Suspicious file (Forged): C:\Windows\system32\cryptsvc.dll. Real md5: FD4F06A4D4B35CD18DBE7AE5932BD2BC, Fake md5: F1E8C34892336D33EDDCDFE44E474F64
18:11:45.0324 4692 CryptSvc ( ForgedFile.Multi.Generic ) - warning
18:11:45.0324 4692 CryptSvc - detected ForgedFile.Multi.Generic (1)
18:11:45.0355 4692 [ 6621476E1926167313D0FE6E95E98E7F ] DcomLaunch C:\Windows\system32\rpcss.dll
18:11:45.0386 4692 Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:11:45.0402 4692 DcomLaunch ( ForgedFile.Multi.Generic ) - warning
18:11:45.0402 4692 DcomLaunch - detected ForgedFile.Multi.Generic (1)
18:11:45.0433 4692 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:11:45.0464 4692 DfsC - ok
18:11:45.0495 4692 [ E64B47ECCBA21C3EB9167C21EF8DFCD6 ] DFSR C:\Windows\system32\DFSR.exe
18:11:45.0511 4692 Suspicious file (Forged): C:\Windows\system32\DFSR.exe. Real md5: E64B47ECCBA21C3EB9167C21EF8DFCD6, Fake md5: 2CC3DCFB533A1035B13DCAB6160AB38B
18:11:45.0511 4692 DFSR ( ForgedFile.Multi.Generic ) - warning
18:11:45.0511 4692 DFSR - detected ForgedFile.Multi.Generic (1)
18:11:45.0542 4692 [ BEE7BF9A9BC8EECF0DAB06823333EB71 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:11:45.0558 4692 Suspicious file (Forged): C:\Windows\System32\dhcpcsvc.dll. Real md5: BEE7BF9A9BC8EECF0DAB06823333EB71, Fake md5: 9028559C132146FB75EB7ACF384B086A
18:11:45.0558 4692 Dhcp ( ForgedFile.Multi.Generic ) - warning
18:11:45.0558 4692 Dhcp - detected ForgedFile.Multi.Generic (1)
18:11:45.0604 4692 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:11:45.0620 4692 disk - ok
18:11:45.0636 4692 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
18:11:45.0667 4692 DMICall - ok
18:11:45.0682 4692 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:11:45.0714 4692 Dnscache - ok
18:11:45.0745 4692 [ 5602860034ED703E783E0AD7DDA6F685 ] dot3svc C:\Windows\System32\dot3svc.dll
18:11:45.0776 4692 Suspicious file (Forged): C:\Windows\System32\dot3svc.dll. Real md5: 5602860034ED703E783E0AD7DDA6F685, Fake md5: 324FD74686B1EF5E7C19A8AF49E748F6
18:11:45.0776 4692 dot3svc ( ForgedFile.Multi.Generic ) - warning
18:11:45.0776 4692 dot3svc - detected ForgedFile.Multi.Generic (1)
18:11:45.0792 4692 [ 310D59BD6E8CDC0F2000AF2010679936 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:11:45.0823 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\Dot4.sys. Real md5: 310D59BD6E8CDC0F2000AF2010679936, Fake md5: 4F59C172C094E1A1D46463A8DC061CBD
18:11:45.0823 4692 Dot4 ( ForgedFile.Multi.Generic ) - warning
18:11:45.0823 4692 Dot4 - detected ForgedFile.Multi.Generic (1)
18:11:45.0854 4692 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:11:45.0885 4692 Dot4Print - ok
18:11:45.0948 4692 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:11:45.0994 4692 dot4usb - ok
18:11:46.0026 4692 [ D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE ] DPS C:\Windows\system32\dps.dll
18:11:46.0041 4692 Suspicious file (Forged): C:\Windows\system32\dps.dll. Real md5: D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, Fake md5: A622E888F8AA2F6B49E9BC466F0E5DEF
18:11:46.0041 4692 DPS ( ForgedFile.Multi.Generic ) - warning
18:11:46.0041 4692 DPS - detected ForgedFile.Multi.Generic (1)
18:11:46.0088 4692 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:11:46.0119 4692 drmkaud - ok
18:11:46.0150 4692 [ BF43DE3D7B7AD1DB3D14B6F6B0168FF4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:11:46.0150 4692 Suspicious file (Forged): C:\Windows\System32\drivers\dxgkrnl.sys. Real md5: BF43DE3D7B7AD1DB3D14B6F6B0168FF4, Fake md5: C68AC676B0EF30CFBB1080ADCE49EB1F
18:11:46.0150 4692 DXGKrnl ( ForgedFile.Multi.Generic ) - warning
18:11:46.0150 4692 DXGKrnl - detected ForgedFile.Multi.Generic (1)
18:11:46.0182 4692 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:11:46.0260 4692 E1G60 - ok
18:11:46.0291 4692 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:11:46.0322 4692 EapHost - ok
18:11:46.0338 4692 [ EB7BB3F702D7B9FA17F02902A26D3102 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:11:46.0369 4692 Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: EB7BB3F702D7B9FA17F02902A26D3102, Fake md5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371
18:11:46.0369 4692 Ecache ( ForgedFile.Multi.Generic ) - warning
18:11:46.0369 4692 Ecache - detected ForgedFile.Multi.Generic (1)
18:11:46.0400 4692 [ A663C89B95F6C823BE98E1A0C23149A1 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:11:46.0431 4692 Suspicious file (Forged): C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys. Real md5: A663C89B95F6C823BE98E1A0C23149A1, Fake md5: E89CC1363CB7F5320AE3B41C1333D0C3
18:11:46.0431 4692 eeCtrl ( ForgedFile.Multi.Generic ) - warning
18:11:46.0431 4692 eeCtrl - detected ForgedFile.Multi.Generic (1)
18:11:46.0478 4692 [ 8BC25F382CE1C37F3462184FD1D8030C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:11:46.0525 4692 Suspicious file (Forged): C:\Windows\ehome\ehRecvr.exe. Real md5: 8BC25F382CE1C37F3462184FD1D8030C, Fake md5: 9BE3744D295A7701EB425332014F0797
18:11:46.0525 4692 ehRecvr ( ForgedFile.Multi.Generic ) - warning
18:11:46.0525 4692 ehRecvr - detected ForgedFile.Multi.Generic (1)
18:11:46.0540 4692 [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] ehSched C:\Windows\ehome\ehsched.exe
18:11:46.0556 4692 Suspicious file (Forged): C:\Windows\ehome\ehsched.exe. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: AD1870C8E5D6DD340C829E6074BF3C3F
18:11:46.0556 4692 ehSched ( ForgedFile.Multi.Generic ) - warning
18:11:46.0556 4692 ehSched - detected ForgedFile.Multi.Generic (1)
18:11:46.0572 4692 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:11:46.0603 4692 ehstart - ok
18:11:46.0618 4692 [ A673FE699A92D5D8543D5169B998866B ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:11:46.0634 4692 Suspicious file (Forged): C:\Windows\system32\drivers\elxstor.sys. Real md5: A673FE699A92D5D8543D5169B998866B, Fake md5: E8F3F21A71720C84BCF423B80028359F
18:11:46.0650 4692 elxstor ( ForgedFile.Multi.Generic ) - warning
18:11:46.0650 4692 elxstor - detected ForgedFile.Multi.Generic (1)
18:11:46.0665 4692 [ 05724A298F2FCAF5F4711D153600379A ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:11:46.0712 4692 Suspicious file (Forged): C:\Windows\system32\emdmgmt.dll. Real md5: 05724A298F2FCAF5F4711D153600379A, Fake md5: 4E6B23DFC917EA39306B529B773950F4
18:11:46.0712 4692 EMDMgmt ( ForgedFile.Multi.Generic ) - warning
18:11:46.0712 4692 EMDMgmt - detected ForgedFile.Multi.Generic (1)
18:11:46.0743 4692 [ 4A37B2EBCE76601F28E88E24E62AE715 ] EventSystem C:\Windows\system32\es.dll
18:11:46.0774 4692 Suspicious file (Forged): C:\Windows\system32\es.dll. Real md5: 4A37B2EBCE76601F28E88E24E62AE715, Fake md5: 67058C46504BC12D821F38CF99B7B28F
18:11:46.0774 4692 EventSystem ( ForgedFile.Multi.Generic ) - warning
18:11:46.0774 4692 EventSystem - detected ForgedFile.Multi.Generic (1)
18:11:46.0806 4692 [ DD5448BF498735A4AF29D9B7A08BAA98 ] exfat C:\Windows\system32\drivers\exfat.sys
18:11:46.0837 4692 Suspicious file (Forged): C:\Windows\system32\drivers\exfat.sys. Real md5: DD5448BF498735A4AF29D9B7A08BAA98, Fake md5: 22B408651F9123527BCEE54B4F6C5CAE
18:11:46.0837 4692 exfat ( ForgedFile.Multi.Generic ) - warning
18:11:46.0837 4692 exfat - detected ForgedFile.Multi.Generic (1)
18:11:46.0852 4692 [ 31478AB932E13E1C1D7B15EA886D4753 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:11:46.0884 4692 Suspicious file (Forged): C:\Windows\system32\drivers\fastfat.sys. Real md5: 31478AB932E13E1C1D7B15EA886D4753, Fake md5: 1E9B9A70D332103C52995E957DC09EF8
18:11:46.0884 4692 fastfat ( ForgedFile.Multi.Generic ) - warning
18:11:46.0884 4692 fastfat - detected ForgedFile.Multi.Generic (1)
18:11:46.0899 4692 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:11:47.0133 4692 fdc - ok
18:11:47.0180 4692 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:11:47.0305 4692 fdPHost - ok
18:11:47.0336 4692 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:11:47.0398 4692 FDResPub - ok
18:11:47.0445 4692 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:11:47.0476 4692 FileInfo - ok
18:11:47.0508 4692 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:11:47.0539 4692 Filetrace - ok
18:11:47.0570 4692 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:11:47.0617 4692 flpydisk - ok
18:11:47.0648 4692 [ 2538353A92BCA8ABF5E0765C025845A0 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:11:47.0679 4692 Suspicious file (Forged): C:\Windows\system32\drivers\fltmgr.sys. Real md5: 2538353A92BCA8ABF5E0765C025845A0, Fake md5: 01334F9EA68E6877C4EF05D3EA8ABB05
18:11:47.0679 4692 FltMgr ( ForgedFile.Multi.Generic ) - warning
18:11:47.0679 4692 FltMgr - detected ForgedFile.Multi.Generic (1)
18:11:47.0710 4692 [ 6F9F3DBF97422A2B4F71F15602830D65 ] FontCache C:\Windows\system32\FntCache.dll
18:11:47.0757 4692 Suspicious file (Forged): C:\Windows\system32\FntCache.dll. Real md5: 6F9F3DBF97422A2B4F71F15602830D65, Fake md5: 8CE364388C8ECA59B14B539179276D44
18:11:47.0757 4692 FontCache ( ForgedFile.Multi.Generic ) - warning
18:11:47.0757 4692 FontCache - detected ForgedFile.Multi.Generic (1)
18:11:47.0835 4692 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:11:47.0866 4692 FontCache3.0.0.0 - ok
18:11:47.0913 4692 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:11:47.0944 4692 Fs_Rec - ok
18:11:47.0976 4692 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:11:47.0991 4692 gagp30kx - ok
18:11:48.0022 4692 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:11:48.0038 4692 GEARAspiWDM - ok
18:11:48.0069 4692 [ 709215724B53CA227C140AD2E45F321E ] gpsvc C:\Windows\System32\gpsvc.dll
18:11:48.0116 4692 Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Real md5: 709215724B53CA227C140AD2E45F321E, Fake md5: CD5D0AEEE35DFD4E986A5AA1500A6E66
18:11:48.0116 4692 gpsvc ( ForgedFile.Multi.Generic ) - warning
18:11:48.0116 4692 gpsvc - detected ForgedFile.Multi.Generic (1)
18:11:48.0194 4692 [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:11:48.0225 4692 Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:11:48.0225 4692 gupdate ( ForgedFile.Multi.Generic ) - warning
18:11:48.0225 4692 gupdate - detected ForgedFile.Multi.Generic (1)
18:11:48.0225 4692 [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:11:48.0225 4692 Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:11:48.0225 4692 gupdatem ( ForgedFile.Multi.Generic ) - warning
18:11:48.0225 4692 gupdatem - detected ForgedFile.Multi.Generic (1)
18:11:48.0241 4692 [ 6C484169033372E257F146D913D603B7 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:11:48.0256 4692 Suspicious file (Forged): C:\Windows\system32\drivers\HdAudio.sys. Real md5: 6C484169033372E257F146D913D603B7, Fake md5: CB04C744BE0A61B1D648FAED182C3B59
18:11:48.0256 4692 HdAudAddService ( ForgedFile.Multi.Generic ) - warning
18:11:48.0256 4692 HdAudAddService - detected ForgedFile.Multi.Generic (1)
18:11:48.0272 4692 [ 7B0576051613B2B104C13014FE46280B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:11:48.0319 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HDAudBus.sys. Real md5: 7B0576051613B2B104C13014FE46280B, Fake md5: 062452B7FFD68C8C042A6261FE8DFF4A
18:11:48.0319 4692 HDAudBus ( ForgedFile.Multi.Generic ) - warning
18:11:48.0319 4692 HDAudBus - detected ForgedFile.Multi.Generic (1)
18:11:48.0334 4692 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:11:48.0568 4692 HidBth - ok
18:11:48.0600 4692 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:11:48.0662 4692 HidIr - ok
18:11:48.0693 4692 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:11:48.0724 4692 hidserv - ok
18:11:48.0756 4692 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:11:48.0849 4692 HidUsb - ok
18:11:48.0880 4692 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:11:49.0005 4692 hkmsvc - ok
18:11:49.0021 4692 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:11:49.0036 4692 HpCISSs - ok
18:11:49.0208 4692 [ 3E02DA96A403154487761734F342C2C9 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:11:49.0239 4692 Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: FCB563B0A23643E5F80B6FF1E60F610F
18:11:49.0239 4692 hpqcxs08 ( ForgedFile.Multi.Generic ) - warning
18:11:49.0239 4692 hpqcxs08 - detected ForgedFile.Multi.Generic (1)
18:11:49.0270 4692 [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:11:49.0286 4692 Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: 25E443E27165C652723A92D9BDFD4649
18:11:49.0286 4692 hpqddsvc ( ForgedFile.Multi.Generic ) - warning
18:11:49.0286 4692 hpqddsvc - detected ForgedFile.Multi.Generic (1)
18:11:49.0302 4692 [ C55ECAF5DAD25B1ACD51B5087DEBE629 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:11:49.0348 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_DPV.sys. Real md5: C55ECAF5DAD25B1ACD51B5087DEBE629, Fake md5: 53229DCF431D76434816CD29251168A0
18:11:49.0364 4692 HSF_DPV ( ForgedFile.Multi.Generic ) - warning
18:11:49.0364 4692 HSF_DPV - detected ForgedFile.Multi.Generic (1)
18:11:49.0364 4692 [ BDBCD7E0ED72601DD45C5773EBE77624 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:11:49.0380 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSXHWAZL.sys. Real md5: BDBCD7E0ED72601DD45C5773EBE77624, Fake md5: 31F949D452201F2F0AF0C88D7DB512CD
18:11:49.0395 4692 HSXHWAZL ( ForgedFile.Multi.Generic ) - warning
18:11:49.0395 4692 HSXHWAZL - detected ForgedFile.Multi.Generic (1)
18:11:49.0411 4692 [ 5D2F2BE05E2B89926F215648CB978659 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:11:49.0442 4692 Suspicious file (Forged): C:\Windows\system32\drivers\HTTP.sys. Real md5: 5D2F2BE05E2B89926F215648CB978659, Fake md5: F870AA3E254628EBEAFE754108D664DE
18:11:49.0442 4692 HTTP ( ForgedFile.Multi.Generic ) - warning
18:11:49.0442 4692 HTTP - detected ForgedFile.Multi.Generic (1)
18:11:49.0473 4692 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:11:49.0489 4692 i2omp - ok
18:11:49.0536 4692 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:11:49.0660 4692 i8042prt - ok
18:11:49.0660 4692 [ 9DCF37FC5B8F3792267FDE48E9F4C977 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:11:49.0692 4692 Suspicious file (Forged): C:\Windows\system32\drivers\iastorv.sys. Real md5: 9DCF37FC5B8F3792267FDE48E9F4C977, Fake md5: C957BF4B5D80B46C5017BF0101E6C906
18:11:49.0692 4692 iaStorV ( ForgedFile.Multi.Generic ) - warning
18:11:49.0692 4692 iaStorV - detected ForgedFile.Multi.Generic (1)
18:11:49.0754 4692 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:11:49.0770 4692 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:11:49.0770 4692 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:11:49.0801 4692 [ 0CCB927A147D18781E9D1DB3C285B8D9 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:11:49.0863 4692 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 0CCB927A147D18781E9D1DB3C285B8D9, Fake md5: 98477B08E61945F974ED9FDC4CB6BDAB
18:11:49.0863 4692 idsvc ( ForgedFile.Multi.Generic ) - warning
18:11:49.0863 4692 idsvc - detected ForgedFile.Multi.Generic (1)
18:11:49.0879 4692 [ 3BE04D53EBE12B6027374781F8189DB9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:11:49.0957 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\igdkmd32.sys. Real md5: 3BE04D53EBE12B6027374781F8189DB9, Fake md5: A4FBA5B34E69E46315A7C5223A470A17
18:11:49.0957 4692 igfx ( ForgedFile.Multi.Generic ) - warning
18:11:49.0957 4692 igfx - detected ForgedFile.Multi.Generic (1)
18:11:49.0972 4692 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:11:49.0988 4692 iirsp - ok
18:11:50.0019 4692 [ 756645FB1BF7F3A406DD9A4C13CC73C0 ] IKEEXT C:\Windows\System32\ikeext.dll
|
|
10.03.2013, 18:45
| #15 |
| | Groupon Email Das ist der 3. Teil: Code:
ATTFilter 18:11:50.0082 4692 Suspicious file (Forged): C:\Windows\System32\ikeext.dll. Real md5: 756645FB1BF7F3A406DD9A4C13CC73C0, Fake md5: 9908D8A397B76CD8D31D0D383C5773C9
18:11:50.0082 4692 IKEEXT ( ForgedFile.Multi.Generic ) - warning
18:11:50.0082 4692 IKEEXT - detected ForgedFile.Multi.Generic (1)
18:11:50.0113 4692 [ 568E6FAAF0C70FE1305DFD9A1788EE8E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:11:50.0175 4692 Suspicious file (Forged): C:\Windows\system32\drivers\RTKVHDA.sys. Real md5: 568E6FAAF0C70FE1305DFD9A1788EE8E, Fake md5: C61B3B87F3856CEF0C9F204028C6860D
18:11:50.0191 4692 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
18:11:50.0191 4692 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
18:11:50.0222 4692 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:11:50.0238 4692 intelide - ok
18:11:50.0269 4692 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:11:50.0378 4692 intelppm - ok
18:11:50.0440 4692 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:11:50.0503 4692 IPBusEnum - ok
18:11:50.0534 4692 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:11:50.0565 4692 IpFilterDriver - ok
18:11:50.0581 4692 [ E4EFE9F0DD1EDCD7769C9423596DABCC ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:11:50.0612 4692 Suspicious file (Forged): C:\Windows\System32\iphlpsvc.dll. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, Fake md5: 1998BD97F950680BB55F55A7244679C2
18:11:50.0612 4692 iphlpsvc ( ForgedFile.Multi.Generic ) - warning
18:11:50.0612 4692 iphlpsvc - detected ForgedFile.Multi.Generic (1)
18:11:50.0612 4692 IpInIp - ok
18:11:50.0659 4692 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:11:50.0893 4692 IPMIDRV - ok
18:11:50.0924 4692 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:11:51.0080 4692 IPNAT - ok
18:11:51.0111 4692 [ B2179A1F99818EFF32BB644A54FB35B7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:11:51.0142 4692 Suspicious file (Forged): C:\Program Files\iPod\bin\iPodService.exe. Real md5: B2179A1F99818EFF32BB644A54FB35B7, Fake md5: E46B17060D3962A384AE484094614788
18:11:51.0142 4692 iPod Service ( ForgedFile.Multi.Generic ) - warning
18:11:51.0142 4692 iPod Service - detected ForgedFile.Multi.Generic (1)
18:11:51.0189 4692 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:11:51.0314 4692 IRENUM - ok
18:11:51.0345 4692 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:11:51.0361 4692 isapnp - ok
18:11:51.0376 4692 [ AB9208FAF0F529FC3EED3B7761029859 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:11:51.0408 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\msiscsi.sys. Real md5: AB9208FAF0F529FC3EED3B7761029859, Fake md5: 232FA340531D940AAC623B121A595034
18:11:51.0408 4692 iScsiPrt ( ForgedFile.Multi.Generic ) - warning
18:11:51.0408 4692 iScsiPrt - detected ForgedFile.Multi.Generic (1)
18:11:51.0423 4692 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:11:51.0439 4692 iteatapi - ok
18:11:51.0454 4692 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:11:51.0470 4692 iteraid - ok
18:11:51.0501 4692 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:11:51.0548 4692 kbdclass - ok
18:11:51.0564 4692 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:11:51.0798 4692 kbdhid - ok
18:11:51.0860 4692 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:11:51.0907 4692 KeyIso - ok
18:11:51.0938 4692 [ 0A433A51020CD61594EE0AB8435B2176 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:11:51.0969 4692 Suspicious file (Forged): C:\Windows\system32\Drivers\ksecdd.sys. Real md5: 0A433A51020CD61594EE0AB8435B2176, Fake md5: 4A1445EFA932A3BAF5BDB02D7131EE20
18:11:51.0969 4692 KSecDD ( ForgedFile.Multi.Generic ) - warning
18:11:51.0969 4692 KSecDD - detected ForgedFile.Multi.Generic (1)
18:11:52.0000 4692 [ C6DCDF88AE75644704F35CAF5337C0B6 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:11:52.0032 4692 Suspicious file (Forged): C:\Windows\system32\msdtckrm.dll. Real md5: C6DCDF88AE75644704F35CAF5337C0B6, Fake md5: 8078F8F8F7A79E2E6B494523A828C585
18:11:52.0032 4692 KtmRm ( ForgedFile.Multi.Generic ) - warning
18:11:52.0032 4692 KtmRm - detected ForgedFile.Multi.Generic (1)
18:11:52.0078 4692 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:11:52.0110 4692 LanmanServer - ok
18:11:52.0125 4692 [ A3D96945791156D3AAF9CF34FEEFA21C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:11:52.0156 4692 Suspicious file (Forged): C:\Windows\System32\wkssvc.dll. Real md5: A3D96945791156D3AAF9CF34FEEFA21C, Fake md5: 1DB69705B695B987082C8BAEC0C6B34F
18:11:52.0156 4692 LanmanWorkstation ( ForgedFile.Multi.Generic ) - warning
18:11:52.0156 4692 LanmanWorkstation - detected ForgedFile.Multi.Generic (1)
18:11:52.0203 4692 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:11:52.0312 4692 lltdio - ok
18:11:52.0328 4692 [ B98524C2784030C4ECFE3DEA47002A80 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:11:52.0359 4692 Suspicious file (Forged): C:\Windows\System32\lltdsvc.dll. Real md5: B98524C2784030C4ECFE3DEA47002A80, Fake md5: 2D5A428872F1442631D0959A34ABFF63
18:11:52.0359 4692 lltdsvc ( ForgedFile.Multi.Generic ) - warning
18:11:52.0359 4692 lltdsvc - detected ForgedFile.Multi.Generic (1)
18:11:52.0390 4692 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:11:52.0656 4692 lmhosts - ok
18:11:52.0687 4692 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:11:52.0734 4692 LSI_FC - ok
18:11:52.0765 4692 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:11:52.0780 4692 LSI_SAS - ok
18:11:52.0812 4692 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:11:52.0827 4692 LSI_SCSI - ok
18:11:52.0843 4692 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:11:52.0968 4692 luafv - ok
18:11:52.0999 4692 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:11:53.0046 4692 Mcx2Svc - ok
18:11:53.0092 4692 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:11:53.0108 4692 mdmxsdk - ok
18:11:53.0139 4692 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:11:53.0155 4692 megasas - ok
18:11:53.0170 4692 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:11:53.0202 4692 MMCSS - ok
18:11:53.0248 4692 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:11:53.0295 4692 Modem - ok
18:11:53.0342 4692 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:11:53.0373 4692 monitor - ok
18:11:53.0451 4692 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:11:53.0467 4692 mouclass - ok
18:11:53.0482 4692 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:11:53.0514 4692 mouhid - ok
18:11:53.0576 4692 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:11:53.0623 4692 MountMgr - ok
18:11:53.0670 4692 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:11:53.0685 4692 MozillaMaintenance - ok
18:11:53.0732 4692 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:11:53.0763 4692 mpio - ok
18:11:53.0794 4692 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:11:53.0888 4692 mpsdrv - ok
18:11:53.0904 4692 [ C46DF109D49B7827F326885D1367C964 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:11:53.0935 4692 Suspicious file (Forged): C:\Windows\system32\mpssvc.dll. Real md5: C46DF109D49B7827F326885D1367C964, Fake md5: 5DE62C6E9108F14F6794060A9BDECAEC
18:11:53.0935 4692 MpsSvc ( ForgedFile.Multi.Generic ) - warning
18:11:53.0935 4692 MpsSvc - detected ForgedFile.Multi.Generic (1)
18:11:53.0950 4692 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:11:53.0966 4692 Mraid35x - ok
18:11:54.0013 4692 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:11:54.0044 4692 MRxDAV - ok
18:11:54.0075 4692 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:11:54.0106 4692 mrxsmb - ok
18:11:54.0138 4692 [ B094DB2537AAEDACCB66B3707A5BB91C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:11:54.0153 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\mrxsmb10.sys. Real md5: B094DB2537AAEDACCB66B3707A5BB91C, Fake md5: 4FCCB34D793B116423209C0F8B7A3B03
18:11:54.0169 4692 mrxsmb10 ( ForgedFile.Multi.Generic ) - warning
18:11:54.0169 4692 mrxsmb10 - detected ForgedFile.Multi.Generic (1)
18:11:54.0184 4692 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:11:54.0200 4692 mrxsmb20 - ok
18:11:54.0231 4692 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
18:11:54.0247 4692 msahci - ok
18:11:54.0372 4692 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
18:11:54.0403 4692 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:11:54.0403 4692 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:11:54.0434 4692 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:11:54.0450 4692 msdsm - ok
18:11:54.0481 4692 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:11:54.0590 4692 MSDTC - ok
18:11:54.0652 4692 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:11:54.0684 4692 Msfs - ok
18:11:54.0715 4692 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:11:54.0746 4692 msisadrv - ok
18:11:54.0808 4692 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:11:54.0840 4692 MSiSCSI - ok
18:11:54.0840 4692 msiserver - ok
18:11:54.0886 4692 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:11:54.0949 4692 MSKSSRV - ok
18:11:54.0980 4692 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:11:55.0011 4692 MSPCLOCK - ok
18:11:55.0027 4692 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:11:55.0058 4692 MSPQM - ok
18:11:55.0074 4692 [ 22CDB67DE48B43458FEAF4025CFF9E6A ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:11:55.0105 4692 Suspicious file (Forged): C:\Windows\system32\drivers\MsRPC.sys. Real md5: 22CDB67DE48B43458FEAF4025CFF9E6A, Fake md5: B49456D70555DE905C311BCDA6EC6ADB
18:11:55.0105 4692 MsRPC ( ForgedFile.Multi.Generic ) - warning
18:11:55.0105 4692 MsRPC - detected ForgedFile.Multi.Generic (1)
18:11:55.0120 4692 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:11:55.0136 4692 mssmbios - ok
18:11:55.0183 4692 MSSQL$VAIO_VEDB - ok
18:11:55.0276 4692 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:11:55.0292 4692 MSSQLServerADHelper - ok
18:11:55.0308 4692 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:11:55.0417 4692 MSTEE - ok
18:11:55.0464 4692 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:11:55.0495 4692 Mup - ok
18:11:55.0510 4692 [ BF16B6BE3E81BF3A03898E51FE2BA197 ] napagent C:\Windows\system32\qagentRT.dll
18:11:55.0542 4692 Suspicious file (Forged): C:\Windows\system32\qagentRT.dll. Real md5: BF16B6BE3E81BF3A03898E51FE2BA197, Fake md5: E4EAF0C5C1B41B5C83386CF212CA9584
18:11:55.0542 4692 napagent ( ForgedFile.Multi.Generic ) - warning
18:11:55.0542 4692 napagent - detected ForgedFile.Multi.Generic (1)
18:11:55.0573 4692 [ 0745D9564DDCAC4884B38533C5A9D100 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:11:55.0588 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nwifi.sys. Real md5: 0745D9564DDCAC4884B38533C5A9D100, Fake md5: 85C44FDFF9CF7E72A40DCB7EC06A4416
18:11:55.0588 4692 NativeWifiP ( ForgedFile.Multi.Generic ) - warning
18:11:55.0588 4692 NativeWifiP - detected ForgedFile.Multi.Generic (1)
18:11:55.0604 4692 [ 1E55E310420D50A24403B5FC3902668F ] NDIS C:\Windows\system32\drivers\ndis.sys
18:11:55.0651 4692 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 1E55E310420D50A24403B5FC3902668F, Fake md5: 1357274D1883F68300AEADD15D7BBB42
18:11:55.0651 4692 NDIS ( ForgedFile.Multi.Generic ) - warning
18:11:55.0651 4692 NDIS - detected ForgedFile.Multi.Generic (1)
18:11:55.0698 4692 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:11:55.0791 4692 NdisTapi - ok
18:11:55.0822 4692 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:11:55.0947 4692 Ndisuio - ok
18:11:55.0994 4692 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:11:56.0025 4692 NdisWan - ok
18:11:56.0056 4692 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:11:56.0103 4692 NDProxy - ok
18:11:56.0150 4692 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:11:56.0150 4692 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:11:56.0150 4692 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:11:56.0197 4692 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:11:56.0290 4692 NetBIOS - ok
18:11:56.0306 4692 [ 78E78900E441476A988389AE05503FD9 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:11:56.0337 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 78E78900E441476A988389AE05503FD9, Fake md5: ECD64230A59CBD93C85F1CD1CAB9F3F6
18:11:56.0337 4692 netbt ( ForgedFile.Multi.Generic ) - warning
18:11:56.0337 4692 netbt - detected ForgedFile.Multi.Generic (1)
18:11:56.0353 4692 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:11:56.0368 4692 Netlogon - ok
18:11:56.0400 4692 [ 3DCB0CE00A2ADEE38D7B96AFC169C680 ] Netman C:\Windows\System32\netman.dll
18:11:56.0431 4692 Suspicious file (Forged): C:\Windows\System32\netman.dll. Real md5: 3DCB0CE00A2ADEE38D7B96AFC169C680, Fake md5: C8052711DAECC48B982434C5116CA401
18:11:56.0431 4692 Netman ( ForgedFile.Multi.Generic ) - warning
18:11:56.0431 4692 Netman - detected ForgedFile.Multi.Generic (1)
18:11:56.0462 4692 [ 625E3E643559D386D809FC1F29B94496 ] netprofm C:\Windows\System32\netprofm.dll
18:11:56.0493 4692 Suspicious file (Forged): C:\Windows\System32\netprofm.dll. Real md5: 625E3E643559D386D809FC1F29B94496, Fake md5: 2EF3BBE22E5A5ACD1428EE387A0D0172
18:11:56.0493 4692 netprofm ( ForgedFile.Multi.Generic ) - warning
18:11:56.0493 4692 netprofm - detected ForgedFile.Multi.Generic (1)
18:11:56.0509 4692 [ BC27D9CA87FCCDA85C061271B6A57D02 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:11:56.0524 4692 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe. Real md5: BC27D9CA87FCCDA85C061271B6A57D02, Fake md5: D6C4E4A39A36029AC0813D476FBD0248
18:11:56.0524 4692 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - warning
18:11:56.0524 4692 NetTcpPortSharing - detected ForgedFile.Multi.Generic (1)
18:11:56.0556 4692 [ 7499E08715BE018B7F4CCBDD4861A2F0 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
18:11:56.0634 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\NETw3v32.sys. Real md5: 7499E08715BE018B7F4CCBDD4861A2F0, Fake md5: ACC6170D80C69E50145B370023B64ED3
18:11:56.0634 4692 NETw3v32 ( ForgedFile.Multi.Generic ) - warning
18:11:56.0649 4692 NETw3v32 - detected ForgedFile.Multi.Generic (1)
18:11:56.0680 4692 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:11:56.0712 4692 nfrd960 - ok
18:11:56.0743 4692 [ 1E517742239024F78839DAEE35CB395B ] NlaSvc C:\Windows\System32\nlasvc.dll
18:11:56.0758 4692 Suspicious file (Forged): C:\Windows\System32\nlasvc.dll. Real md5: 1E517742239024F78839DAEE35CB395B, Fake md5: 2997B15415F9BBE05B5A4C1C85E0C6A2
18:11:56.0758 4692 NlaSvc ( ForgedFile.Multi.Generic ) - warning
18:11:56.0758 4692 NlaSvc - detected ForgedFile.Multi.Generic (1)
18:11:56.0790 4692 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:11:56.0883 4692 Npfs - ok
18:11:56.0930 4692 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:11:57.0039 4692 nsi - ok
18:11:57.0086 4692 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:11:57.0117 4692 nsiproxy - ok
18:11:57.0164 4692 [ 943AC7EF323DCA9CE13C2EF3BE9A8715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:11:57.0226 4692 Suspicious file (Forged): C:\Windows\system32\drivers\Ntfs.sys. Real md5: 943AC7EF323DCA9CE13C2EF3BE9A8715, Fake md5: 6A4A98CEE84CF9E99564510DDA4BAA47
18:11:57.0226 4692 Ntfs ( ForgedFile.Multi.Generic ) - warning
18:11:57.0226 4692 Ntfs - detected ForgedFile.Multi.Generic (1)
18:11:57.0273 4692 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:11:57.0523 4692 ntrigdigi - ok
18:11:57.0570 4692 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:11:57.0694 4692 Null - ok
18:11:57.0726 4692 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:11:57.0757 4692 nvraid - ok
18:11:57.0772 4692 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:11:57.0788 4692 nvstor - ok
18:11:57.0804 4692 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:11:57.0819 4692 nv_agp - ok
18:11:57.0819 4692 NwlnkFlt - ok
18:11:57.0835 4692 NwlnkFwd - ok
18:11:57.0913 4692 [ 087DFF37488245EC9717B29C4E818056 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:11:57.0960 4692 Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE. Real md5: 087DFF37488245EC9717B29C4E818056, Fake md5: 785F487A64950F3CB8E9F16253BA3B7B
18:11:57.0960 4692 odserv ( ForgedFile.Multi.Generic ) - warning
18:11:57.0960 4692 odserv - detected ForgedFile.Multi.Generic (1)
18:11:58.0006 4692 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:11:58.0116 4692 ohci1394 - ok
18:11:58.0131 4692 [ 23345305EDC5827EDE315B8491292308 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:11:58.0147 4692 Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE. Real md5: 23345305EDC5827EDE315B8491292308, Fake md5: 5A432A042DAE460ABE7199B758E8606C
18:11:58.0147 4692 ose ( ForgedFile.Multi.Generic ) - warning
18:11:58.0147 4692 ose - detected ForgedFile.Multi.Generic (1)
18:11:58.0178 4692 [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:11:58.0225 4692 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:58.0225 4692 p2pimsvc ( ForgedFile.Multi.Generic ) - warning
18:11:58.0225 4692 p2pimsvc - detected ForgedFile.Multi.Generic (1)
18:11:58.0240 4692 [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2psvc C:\Windows\system32\p2psvc.dll
18:11:58.0240 4692 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:58.0240 4692 p2psvc ( ForgedFile.Multi.Generic ) - warning
18:11:58.0240 4692 p2psvc - detected ForgedFile.Multi.Generic (1)
18:11:58.0272 4692 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
18:11:58.0303 4692 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:11:58.0303 4692 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:11:58.0334 4692 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:11:58.0568 4692 Parport - ok
18:11:58.0630 4692 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:11:58.0646 4692 partmgr - ok
18:11:58.0662 4692 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:11:58.0724 4692 Parvdm - ok
18:11:58.0755 4692 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:11:58.0802 4692 PcaSvc - ok
18:11:58.0833 4692 [ F408E154834EE6CB75FA90E27C4BE3FB ] pci C:\Windows\system32\drivers\pci.sys
18:11:58.0849 4692 Suspicious file (Forged): C:\Windows\system32\drivers\pci.sys. Real md5: F408E154834EE6CB75FA90E27C4BE3FB, Fake md5: 941DC1D19E7E8620F40BBC206981EFDB
18:11:58.0849 4692 pci ( ForgedFile.Multi.Generic ) - warning
18:11:58.0849 4692 pci - detected ForgedFile.Multi.Generic (1)
18:11:58.0864 4692 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:11:58.0896 4692 pciide - ok
18:11:58.0911 4692 [ 7511D48D729354CE8FCD4FAC7E06C8BA ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:11:58.0942 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\pcmcia.sys. Real md5: 7511D48D729354CE8FCD4FAC7E06C8BA, Fake md5: 3BB2244F343B610C29C98035504C9B75
18:11:58.0942 4692 pcmcia ( ForgedFile.Multi.Generic ) - warning
18:11:58.0942 4692 pcmcia - detected ForgedFile.Multi.Generic (1)
18:11:58.0958 4692 [ 1BD9BE9899B531181E5E4634768C97D1 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:11:58.0989 4692 Suspicious file (Forged): C:\Windows\system32\drivers\peauth.sys. Real md5: 1BD9BE9899B531181E5E4634768C97D1, Fake md5: 6349F6ED9C623B44B52EA3C63C831A92
18:11:58.0989 4692 PEAUTH ( ForgedFile.Multi.Generic ) - warning
18:11:58.0989 4692 PEAUTH - detected ForgedFile.Multi.Generic (1)
18:11:59.0036 4692 [ 0BBDA46E800FA755DBF6637A974CAE08 ] pla C:\Windows\system32\pla.dll
18:11:59.0098 4692 Suspicious file (Forged): C:\Windows\system32\pla.dll. Real md5: 0BBDA46E800FA755DBF6637A974CAE08, Fake md5: B1689DF169143F57053F795390C99DB3
18:11:59.0114 4692 pla ( ForgedFile.Multi.Generic ) - warning
18:11:59.0114 4692 pla - detected ForgedFile.Multi.Generic (1)
18:11:59.0145 4692 [ 63369EA0128CAEB9771F59C9F056A4E4 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:11:59.0176 4692 Suspicious file (Forged): C:\Windows\system32\umpnpmgr.dll. Real md5: 63369EA0128CAEB9771F59C9F056A4E4, Fake md5: C5E7F8A996EC0A82D508FD9064A5569E
18:11:59.0176 4692 PlugPlay ( ForgedFile.Multi.Generic ) - warning
18:11:59.0176 4692 PlugPlay - detected ForgedFile.Multi.Generic (1)
18:11:59.0223 4692 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:11:59.0223 4692 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:11:59.0223 4692 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:11:59.0239 4692 [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:11:59.0270 4692 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:59.0286 4692 PNRPAutoReg ( ForgedFile.Multi.Generic ) - warning
18:11:59.0286 4692 PNRPAutoReg - detected ForgedFile.Multi.Generic (1)
18:11:59.0286 4692 [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:11:59.0301 4692 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:59.0301 4692 PNRPsvc ( ForgedFile.Multi.Generic ) - warning
18:11:59.0301 4692 PNRPsvc - detected ForgedFile.Multi.Generic (1)
18:11:59.0301 4692 [ 004ED2668CD0E02186B518A76BFA7305 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:11:59.0332 4692 Suspicious file (Forged): C:\Windows\System32\ipsecsvc.dll. Real md5: 004ED2668CD0E02186B518A76BFA7305, Fake md5: D0494460421A03CD5225CCA0059AA146
18:11:59.0332 4692 PolicyAgent ( ForgedFile.Multi.Generic ) - warning
18:11:59.0332 4692 PolicyAgent - detected ForgedFile.Multi.Generic (1)
18:11:59.0364 4692 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:11:59.0504 4692 PptpMiniport - ok
18:11:59.0535 4692 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:11:59.0769 4692 Processor - ok
18:11:59.0785 4692 [ D94085B36C265D5E7F49C6B6E817C992 ] ProfSvc C:\Windows\system32\profsvc.dll
18:11:59.0800 4692 Suspicious file (Forged): C:\Windows\system32\profsvc.dll. Real md5: D94085B36C265D5E7F49C6B6E817C992, Fake md5: 0508FAA222D28835310B7BFCA7A77346
18:11:59.0800 4692 ProfSvc ( ForgedFile.Multi.Generic ) - warning
18:11:59.0800 4692 ProfSvc - detected ForgedFile.Multi.Generic (1)
18:11:59.0816 4692 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:11:59.0847 4692 ProtectedStorage - ok
18:11:59.0894 4692 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:12:00.0003 4692 PSched - ok
18:12:00.0034 4692 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:12:00.0050 4692 PxHelp20 - ok
18:12:00.0081 4692 [ 5AF2613C3656B3CC9BF2395F60E05566 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:12:00.0128 4692 Suspicious file (Forged): C:\Windows\system32\drivers\ql2300.sys. Real md5: 5AF2613C3656B3CC9BF2395F60E05566, Fake md5: CCDAC889326317792480C0A67156A1EC
18:12:00.0128 4692 ql2300 ( ForgedFile.Multi.Generic ) - warning
18:12:00.0128 4692 ql2300 - detected ForgedFile.Multi.Generic (1)
18:12:00.0144 4692 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:12:00.0159 4692 ql40xx - ok
18:12:00.0190 4692 [ 5F04EBF515737B3A3A3E13EAE4FD6339 ] QWAVE C:\Windows\system32\qwave.dll
18:12:00.0222 4692 Suspicious file (Forged): C:\Windows\system32\qwave.dll. Real md5: 5F04EBF515737B3A3A3E13EAE4FD6339, Fake md5: E9ECAE663F47E6CB43962D18AB18890F
18:12:00.0222 4692 QWAVE ( ForgedFile.Multi.Generic ) - warning
18:12:00.0222 4692 QWAVE - detected ForgedFile.Multi.Generic (1)
18:12:00.0268 4692 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:12:00.0315 4692 QWAVEdrv - ok
18:12:00.0362 4692 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:12:00.0471 4692 RasAcd - ok
18:12:00.0502 4692 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:12:00.0549 4692 RasAuto - ok
18:12:00.0596 4692 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:12:00.0627 4692 Rasl2tp - ok
18:12:00.0658 4692 [ EC87A838931D4D5D2E94A04644788A55 ] RasMan C:\Windows\System32\rasmans.dll
18:12:00.0690 4692 Suspicious file (Forged): C:\Windows\System32\rasmans.dll. Real md5: EC87A838931D4D5D2E94A04644788A55, Fake md5: 75D47445D70CA6F9F894B032FBC64FCF
18:12:00.0690 4692 RasMan ( ForgedFile.Multi.Generic ) - warning
18:12:00.0705 4692 RasMan - detected ForgedFile.Multi.Generic (1)
18:12:00.0721 4692 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:12:00.0814 4692 RasPppoe - ok
18:12:00.0846 4692 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:12:00.0877 4692 RasSstp - ok
18:12:00.0908 4692 [ 3E02DA96A403154487761734F342C2C9 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:12:00.0924 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rdbss.sys. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: B14C9D5B9ADD2F84F70570BBBFAA7935
18:12:00.0924 4692 rdbss ( ForgedFile.Multi.Generic ) - warning
18:12:00.0924 4692 rdbss - detected ForgedFile.Multi.Generic (1)
18:12:00.0970 4692 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:12:01.0080 4692 RDPCDD - ok
18:12:01.0095 4692 [ 689CB8A9930F9D6F3838F751619FA22F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:12:01.0111 4692 Suspicious file (Forged): C:\Windows\system32\drivers\rdpdr.sys. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: E8BD98D46F2ED77132BA927FCCB47D8B
18:12:01.0111 4692 rdpdr ( ForgedFile.Multi.Generic ) - warning
18:12:01.0111 4692 rdpdr - detected ForgedFile.Multi.Generic (1)
18:12:01.0126 4692 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:12:01.0189 4692 RDPENCDD - ok
18:12:01.0204 4692 [ 5C8871B41E0604F375A577760391CB24 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:12:01.0236 4692 Suspicious file (Forged): C:\Windows\system32\drivers\RDPWD.sys. Real md5: 5C8871B41E0604F375A577760391CB24, Fake md5: C127EBD5AFAB31524662C48DFCEB773A
18:12:01.0236 4692 RDPWD ( ForgedFile.Multi.Generic ) - warning
18:12:01.0236 4692 RDPWD - detected ForgedFile.Multi.Generic (1)
18:12:01.0267 4692 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:12:01.0345 4692 RemoteAccess - ok
18:12:01.0392 4692 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:12:01.0516 4692 RemoteRegistry - ok
18:12:01.0532 4692 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:12:01.0563 4692 RpcLocator - ok
18:12:01.0579 4692 [ 6621476E1926167313D0FE6E95E98E7F ] RpcSs C:\Windows\system32\rpcss.dll
18:12:01.0610 4692 Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:12:01.0610 4692 RpcSs ( ForgedFile.Multi.Generic ) - warning
18:12:01.0610 4692 RpcSs - detected ForgedFile.Multi.Generic (1)
18:12:01.0657 4692 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:12:01.0766 4692 rspndr - ok
18:12:01.0782 4692 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:12:01.0813 4692 SamSs - ok
18:12:01.0844 4692 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:12:01.0891 4692 sbp2port - ok
18:12:01.0922 4692 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:12:02.0031 4692 SCardSvr - ok
18:12:02.0047 4692 [ 6A325B709D328A46B39F3C8EB55347AF ] Schedule C:\Windows\system32\schedsvc.dll
18:12:02.0094 4692 Suspicious file (Forged): C:\Windows\system32\schedsvc.dll. Real md5: 6A325B709D328A46B39F3C8EB55347AF, Fake md5: 1A58069DB21D05EB2AB58EE5753EBE8D
18:12:02.0094 4692 Schedule ( ForgedFile.Multi.Generic ) - warning
18:12:02.0094 4692 Schedule - detected ForgedFile.Multi.Generic (1)
18:12:02.0140 4692 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:12:02.0187 4692 SCPolicySvc - ok
18:12:02.0218 4692 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:12:02.0265 4692 SDRSVC - ok
18:12:02.0343 4692 [ AC20213C4C2A97DDF091B8FA7C0D5185 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:12:02.0374 4692 Suspicious file (Forged): C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe. Real md5: AC20213C4C2A97DDF091B8FA7C0D5185, Fake md5: 271077B91D7AD1B616F8AFDFE8E3F981
18:12:02.0374 4692 SeaPort ( ForgedFile.Multi.Generic ) - warning
18:12:02.0374 4692 SeaPort - detected ForgedFile.Multi.Generic (1)
18:12:02.0390 4692 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:12:02.0624 4692 secdrv - ok
18:12:02.0671 4692 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:12:02.0780 4692 seclogon - ok
18:12:02.0827 4692 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:12:02.0874 4692 SENS - ok
18:12:02.0905 4692 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:12:02.0952 4692 Serenum - ok
18:12:02.0983 4692 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:12:03.0045 4692 Serial - ok
18:12:03.0061 4692 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:12:03.0092 4692 sermouse - ok
18:12:03.0108 4692 ServiceLayer - ok
18:12:03.0154 4692 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:12:03.0186 4692 SessionEnv - ok
18:12:03.0232 4692 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:12:03.0295 4692 sffdisk - ok
18:12:03.0326 4692 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:12:03.0388 4692 sffp_mmc - ok
18:12:03.0420 4692 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:12:03.0466 4692 sffp_sd - ok
18:12:03.0482 4692 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:12:03.0560 4692 sfloppy - ok
18:12:03.0560 4692 [ BE808F75A548431F70DD63967B466661 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:12:03.0591 4692 Suspicious file (Forged): C:\Windows\System32\ipnathlp.dll. Real md5: BE808F75A548431F70DD63967B466661, Fake md5: E1499BD0FF76B1B2FBBF1AF339D91165
18:12:03.0591 4692 SharedAccess ( ForgedFile.Multi.Generic ) - warning
18:12:03.0591 4692 SharedAccess - detected ForgedFile.Multi.Generic (1)
18:12:03.0622 4692 [ F2F577D6BBA24BD4F1882E289203F358 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:12:03.0654 4692 Suspicious file (Forged): C:\Windows\System32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:12:03.0654 4692 ShellHWDetection ( ForgedFile.Multi.Generic ) - warning
18:12:03.0654 4692 ShellHWDetection - detected ForgedFile.Multi.Generic (1)
18:12:03.0685 4692 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:12:03.0700 4692 sisagp - ok
18:12:03.0716 4692 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:12:03.0732 4692 SiSRaid2 - ok
18:12:03.0763 4692 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:12:03.0778 4692 SiSRaid4 - ok
18:12:03.0825 4692 [ 26C1DCA2184E7E9911D714A55D349CE6 ] slsvc C:\Windows\system32\SLsvc.exe
18:12:03.0966 4692 Suspicious file (Forged): C:\Windows\system32\SLsvc.exe. Real md5: 26C1DCA2184E7E9911D714A55D349CE6, Fake md5: 862BB4CBC05D80C5B45BE430E5EF872F
18:12:03.0966 4692 slsvc ( ForgedFile.Multi.Generic ) - warning
18:12:03.0966 4692 slsvc - detected ForgedFile.Multi.Generic (1)
18:12:04.0044 4692 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:12:04.0137 4692 SLUINotify - ok
18:12:04.0184 4692 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:12:04.0231 4692 Smb - ok
18:12:04.0278 4692 [ DB31D8989B3450569C29780E7FA98C48 ] SNC C:\Windows\system32\Drivers\SonyNC.sys
18:12:04.0293 4692 SNC - ok
18:12:04.0324 4692 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:12:04.0356 4692 SNMPTRAP - ok
18:12:04.0434 4692 [ 8C565651AF9023F2D0616D80BB28D253 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
18:12:04.0824 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\snpstd3.sys. Real md5: 8C565651AF9023F2D0616D80BB28D253, Fake md5: 9CD6FFC9F5B999EB5DF69B9177D9848F
18:12:04.0870 4692 SNPSTD3 ( ForgedFile.Multi.Generic ) - warning
18:12:04.0870 4692 SNPSTD3 - detected ForgedFile.Multi.Generic (1)
18:12:04.0917 4692 [ 86DA2BEFB800D726FEA98A539606553C ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
18:12:04.0948 4692 SonicStage Back-End Service - ok
18:12:04.0980 4692 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:12:04.0995 4692 spldr - ok
18:12:05.0026 4692 [ 05DBBD20D38DEC7598E4AE3E255200AD ] Spooler C:\Windows\System32\spoolsv.exe
18:12:05.0042 4692 Suspicious file (Forged): C:\Windows\System32\spoolsv.exe. Real md5: 05DBBD20D38DEC7598E4AE3E255200AD, Fake md5: 8554097E5136C3BF9F69FE578A1B35F4
18:12:05.0042 4692 Spooler ( ForgedFile.Multi.Generic ) - warning
18:12:05.0042 4692 Spooler - detected ForgedFile.Multi.Generic (1)
18:12:05.0073 4692 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
18:12:05.0073 4692 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:12:05.0073 4692 SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:12:05.0104 4692 [ 0E4F0E65B32CB4132B39A439951342A3 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:12:05.0136 4692 Suspicious file (Forged): C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe. Real md5: 0E4F0E65B32CB4132B39A439951342A3, Fake md5: 86EBD8B1F23E743AAD21F4D5B4D40985
18:12:05.0136 4692 SQLBrowser ( ForgedFile.Multi.Generic ) - warning
18:12:05.0136 4692 SQLBrowser - detected ForgedFile.Multi.Generic (1)
18:12:05.0167 4692 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:12:05.0182 4692 SQLWriter - ok
18:12:05.0214 4692 [ 397039AF02D50D15C70B74088EB8A1CB ] srv C:\Windows\system32\DRIVERS\srv.sys
18:12:05.0229 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv.sys. Real md5: 397039AF02D50D15C70B74088EB8A1CB, Fake md5: 41987F9FC0E61ADF54F581E15029AD91
18:12:05.0229 4692 srv ( ForgedFile.Multi.Generic ) - warning
18:12:05.0229 4692 srv - detected ForgedFile.Multi.Generic (1)
18:12:05.0260 4692 [ 1AA21A40A1067F5BF80513656735A2BF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:12:05.0276 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv2.sys. Real md5: 1AA21A40A1067F5BF80513656735A2BF, Fake md5: FF33AFF99564B1AA534F58868CBE41EF
18:12:05.0276 4692 srv2 ( ForgedFile.Multi.Generic ) - warning
18:12:05.0276 4692 srv2 - detected ForgedFile.Multi.Generic (1)
18:12:05.0292 4692 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:12:05.0323 4692 srvnet - ok
18:12:05.0354 4692 [ 3DABE639076AEA4BE21608FEBC95C1B5 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:12:05.0385 4692 Suspicious file (Forged): C:\Windows\System32\ssdpsrv.dll. Real md5: 3DABE639076AEA4BE21608FEBC95C1B5, Fake md5: 03D50B37234967433A5EA5BA72BC0B62
18:12:05.0385 4692 SSDPSRV ( ForgedFile.Multi.Generic ) - warning
18:12:05.0385 4692 SSDPSRV - detected ForgedFile.Multi.Generic (1)
18:12:05.0432 4692 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:12:05.0463 4692 ssmdrv - ok
18:12:05.0479 4692 [ 6EB13F919D22D5056B4FB66AA3BB497A ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
18:12:05.0494 4692 SSScsiSV - ok
18:12:05.0541 4692 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:12:05.0572 4692 SstpSvc - ok
18:12:05.0604 4692 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
18:12:05.0619 4692 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:12:05.0619 4692 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:12:05.0635 4692 [ A89777E9809EC6EA3190114E59C67BCB ] stisvc C:\Windows\System32\wiaservc.dll
18:12:05.0666 4692 Suspicious file (Forged): C:\Windows\System32\wiaservc.dll. Real md5: A89777E9809EC6EA3190114E59C67BCB, Fake md5: 5DE7D67E49B88F5F07F3E53C4B92A352
18:12:05.0682 4692 stisvc ( ForgedFile.Multi.Generic ) - warning
18:12:05.0682 4692 stisvc - detected ForgedFile.Multi.Generic (1)
18:12:05.0713 4692 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:12:05.0728 4692 swenum - ok
18:12:05.0760 4692 [ 6A66D33C6A7B55416D843AEE2FF2BF93 ] swprv C:\Windows\System32\swprv.dll
18:12:05.0791 4692 Suspicious file (Forged): C:\Windows\System32\swprv.dll. Real md5: 6A66D33C6A7B55416D843AEE2FF2BF93, Fake md5: F21FD248040681CCA1FB6C9A03AAA93D
18:12:05.0791 4692 swprv ( ForgedFile.Multi.Generic ) - warning
18:12:05.0791 4692 swprv - detected ForgedFile.Multi.Generic (1)
18:12:05.0806 4692 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:12:05.0822 4692 Symc8xx - ok
18:12:05.0838 4692 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:12:05.0853 4692 Sym_hi - ok
18:12:05.0869 4692 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:12:05.0884 4692 Sym_u3 - ok
18:12:05.0916 4692 [ E3477C4F58312892158CE5963AE18CBA ] SysMain C:\Windows\system32\sysmain.dll
18:12:05.0962 4692 Suspicious file (Forged): C:\Windows\system32\sysmain.dll. Real md5: E3477C4F58312892158CE5963AE18CBA, Fake md5: 9A51B04E9886AA4EE90093586B0BA88D
18:12:05.0962 4692 SysMain ( ForgedFile.Multi.Generic ) - warning
18:12:05.0962 4692 SysMain - detected ForgedFile.Multi.Generic (1)
18:12:05.0994 4692 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:12:06.0040 4692 TabletInputService - ok
18:12:06.0072 4692 [ 689CB8A9930F9D6F3838F751619FA22F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:12:06.0103 4692 Suspicious file (Forged): C:\Windows\System32\tapisrv.dll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: D7673E4B38CE21EE54C59EEEB65E2483
18:12:06.0103 4692 TapiSrv ( ForgedFile.Multi.Generic ) - warning
18:12:06.0103 4692 TapiSrv - detected ForgedFile.Multi.Generic (1)
18:12:06.0134 4692 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:12:06.0290 4692 TBS - ok
18:12:06.0306 4692 [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:12:06.0352 4692 Suspicious file (Forged): C:\Windows\system32\drivers\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:12:06.0352 4692 Tcpip ( ForgedFile.Multi.Generic ) - warning
18:12:06.0352 4692 Tcpip - detected ForgedFile.Multi.Generic (1)
18:12:06.0368 4692 [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:12:06.0384 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:12:06.0384 4692 Tcpip6 ( ForgedFile.Multi.Generic ) - warning
18:12:06.0384 4692 Tcpip6 - detected ForgedFile.Multi.Generic (1)
18:12:06.0446 4692 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:12:06.0493 4692 tcpipreg - ok
18:12:06.0540 4692 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:12:06.0633 4692 TDPIPE - ok
18:12:06.0649 4692 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:12:06.0680 4692 TDTCP - ok
18:12:06.0727 4692 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:12:06.0820 4692 tdx - ok
18:12:06.0836 4692 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:12:06.0867 4692 TermDD - ok
18:12:06.0867 4692 [ 147C8282353639F295A50038CC8033C2 ] TermService C:\Windows\System32\termsrv.dll
18:12:06.0930 4692 Suspicious file (Forged): C:\Windows\System32\termsrv.dll. Real md5: 147C8282353639F295A50038CC8033C2, Fake md5: BB95DA09BEF6E7A131BFF3BA5032090D
18:12:06.0930 4692 TermService ( ForgedFile.Multi.Generic ) - warning
18:12:06.0930 4692 TermService - detected ForgedFile.Multi.Generic (1)
18:12:06.0945 4692 [ F2F577D6BBA24BD4F1882E289203F358 ] Themes C:\Windows\system32\shsvcs.dll
18:12:06.0961 4692 Suspicious file (Forged): C:\Windows\system32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:12:06.0961 4692 Themes ( ForgedFile.Multi.Generic ) - warning
18:12:06.0961 4692 Themes - detected ForgedFile.Multi.Generic (1)
18:12:06.0976 4692 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:12:07.0086 4692 THREADORDER - ok
18:12:07.0101 4692 [ A52733D3CD7D1DC595E8830569F9DE5E ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
18:12:07.0148 4692 Suspicious file (Forged): C:\Windows\system32\drivers\ti21sony.sys. Real md5: A52733D3CD7D1DC595E8830569F9DE5E, Fake md5: 909CD987B54A8179C9AEE874D754721A
18:12:07.0148 4692 ti21sony ( ForgedFile.Multi.Generic ) - warning
18:12:07.0148 4692 ti21sony - detected ForgedFile.Multi.Generic (1)
18:12:07.0179 4692 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:12:07.0257 4692 TrkWks - ok
18:12:07.0335 4692 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:12:07.0444 4692 TrustedInstaller - ok
18:12:07.0476 4692 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:12:07.0507 4692 tssecsrv - ok
18:12:07.0538 4692 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:12:07.0569 4692 tunmp - ok
18:12:07.0616 4692 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:12:07.0632 4692 tunnel - ok
18:12:07.0663 4692 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:12:07.0694 4692 uagp35 - ok
18:12:07.0710 4692 [ 5542930F3F6E98007EE9B6DF0ADA3300 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:12:07.0725 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\udfs.sys. Real md5: 5542930F3F6E98007EE9B6DF0ADA3300, Fake md5: D9728AF68C4C7693CB100B8441CBDEC6
18:12:07.0725 4692 udfs ( ForgedFile.Multi.Generic ) - warning
18:12:07.0725 4692 udfs - detected ForgedFile.Multi.Generic (1)
18:12:07.0772 4692 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:12:07.0881 4692 UI0Detect - ok
18:12:07.0912 4692 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:12:07.0928 4692 uliagpkx - ok
18:12:07.0928 4692 [ 68871CA1E5BE5A6D5A2C2252D1FD2E52 ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:12:07.0959 4692 Suspicious file (Forged): C:\Windows\system32\drivers\uliahci.sys. Real md5: 68871CA1E5BE5A6D5A2C2252D1FD2E52, Fake md5: 3CD4EA35A6221B85DCC25DAA46313F8D
18:12:07.0959 4692 uliahci ( ForgedFile.Multi.Generic ) - warning
18:12:07.0959 4692 uliahci - detected ForgedFile.Multi.Generic (1)
18:12:07.0990 4692 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:12:08.0006 4692 UlSata - ok
18:12:08.0022 4692 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:12:08.0037 4692 ulsata2 - ok
18:12:08.0068 4692 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:12:08.0178 4692 umbus - ok
18:12:08.0209 4692 [ FB00CD74A5F35E89A7FBDD3C1D05375A ] upnphost C:\Windows\System32\upnphost.dll
18:12:08.0256 4692 Suspicious file (Forged): C:\Windows\System32\upnphost.dll. Real md5: FB00CD74A5F35E89A7FBDD3C1D05375A, Fake md5: 68308183F4AE0BE7BF8ECD07CB297999
18:12:08.0256 4692 upnphost ( ForgedFile.Multi.Generic ) - warning
18:12:08.0256 4692 upnphost - detected ForgedFile.Multi.Generic (1)
18:12:08.0256 4692 upperdev - ok
18:12:08.0302 4692 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:12:08.0334 4692 USBAAPL - ok
18:12:08.0380 4692 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:12:08.0505 4692 usbaudio - ok
18:12:08.0536 4692 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:12:08.0568 4692 usbccgp - ok
18:12:08.0583 4692 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:12:08.0817 4692 usbcir - ok
18:12:08.0864 4692 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:12:08.0895 4692 usbehci - ok
18:12:08.0895 4692 [ 6C73AB814C9C7902C1F03C63EE3600A5 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:12:08.0926 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbhub.sys. Real md5: 6C73AB814C9C7902C1F03C63EE3600A5, Fake md5: 4673BBCB006AF60E7ABDDBE7A130BA42
18:12:08.0926 4692 usbhub ( ForgedFile.Multi.Generic ) - warning
18:12:08.0926 4692 usbhub - detected ForgedFile.Multi.Generic (1)
18:12:08.0958 4692 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:12:09.0160 4692 usbohci - ok
18:12:09.0207 4692 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:12:09.0316 4692 usbprint - ok
18:12:09.0348 4692 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:12:09.0472 4692 usbscan - ok
18:12:09.0504 4692 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:12:09.0535 4692 USBSTOR - ok
18:12:09.0566 4692 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:12:09.0597 4692 usbuhci - ok
18:12:09.0628 4692 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:12:09.0675 4692 UxSms - ok
18:12:09.0722 4692 [ 4E9C6BF8D0655BB7538088DC6F2306D9 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:12:09.0722 4692 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:12:09.0722 4692 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:12:09.0769 4692 [ 83928CD1291215AEDEDC2534CA4775D4 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
18:12:09.0784 4692 Suspicious file (Forged): C:\Program Files\sony\VAIO Event Service\VESMgr.exe. Real md5: 83928CD1291215AEDEDC2534CA4775D4, Fake md5: 8A9F18ADAD471402236CA931553BF79B
18:12:09.0784 4692 VAIO Event Service ( ForgedFile.Multi.Generic ) - warning
18:12:09.0784 4692 VAIO Event Service - detected ForgedFile.Multi.Generic (1)
18:12:09.0847 4692 [ 00BC8160BE04FE47673D00165EA8B157 ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
18:12:09.0956 4692 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe. Real md5: 00BC8160BE04FE47673D00165EA8B157, Fake md5: 88DC6B884824A578B0E1E9C3790C105B
18:12:09.0972 4692 VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - warning
18:12:09.0972 4692 VAIOMediaPlatform-IntegratedServer-AppServer - detected ForgedFile.Multi.Generic (1)
18:12:09.0987 4692 [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:12:10.0018 4692 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:12:10.0018 4692 VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0018 4692 VAIOMediaPlatform-IntegratedServer-HTTP - detected ForgedFile.Multi.Generic (1)
18:12:10.0034 4692 [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:12:10.0081 4692 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:12:10.0096 4692 VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0096 4692 VAIOMediaPlatform-IntegratedServer-UPnP - detected ForgedFile.Multi.Generic (1)
18:12:10.0112 4692 [ A751E17CD529631B38B0909D446C2151 ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
18:12:10.0143 4692 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe. Real md5: A751E17CD529631B38B0909D446C2151, Fake md5: 52D4F568FE7D05AE5026B8717EEB59EB
18:12:10.0143 4692 VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - warning
18:12:10.0143 4692 VAIOMediaPlatform-UCLS-AppServer - detected ForgedFile.Multi.Generic (1)
18:12:10.0159 4692 [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:12:10.0159 4692 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:12:10.0159 4692 VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0159 4692 VAIOMediaPlatform-UCLS-HTTP - detected ForgedFile.Multi.Generic (1)
18:12:10.0174 4692 [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:12:10.0174 4692 Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:12:10.0174 4692 VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0174 4692 VAIOMediaPlatform-UCLS-UPnP - detected ForgedFile.Multi.Generic (1)
18:12:10.0190 4692 Vcsw - ok
18:12:10.0206 4692 [ 4E418BB00EC74CA23F2CD4285DA2B270 ] vds C:\Windows\System32\vds.exe
18:12:10.0252 4692 Suspicious file (Forged): C:\Windows\System32\vds.exe. Real md5: 4E418BB00EC74CA23F2CD4285DA2B270, Fake md5: CD88D1B7776DC17A119049742EC07EB4
18:12:10.0252 4692 vds ( ForgedFile.Multi.Generic ) - warning
18:12:10.0252 4692 vds - detected ForgedFile.Multi.Generic (1)
18:12:10.0299 4692 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:12:10.0533 4692 vga - ok
18:12:10.0564 4692 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:12:10.0705 4692 VgaSave - ok
18:12:10.0736 4692 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:12:10.0767 4692 viaagp - ok
18:12:10.0767 4692 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:12:10.0830 4692 ViaC7 - ok
18:12:10.0845 4692 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:12:10.0876 4692 viaide - ok
18:12:10.0908 4692 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:12:10.0923 4692 volmgr - ok
18:12:10.0939 4692 [ 211CB019691759FD10FE37E808E9B0A4 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:12:10.0970 4692 Suspicious file (Forged): C:\Windows\system32\drivers\volmgrx.sys. Real md5: 211CB019691759FD10FE37E808E9B0A4, Fake md5: 23E41B834759917BFD6B9A0D625D0C28
18:12:10.0970 4692 volmgrx ( ForgedFile.Multi.Generic ) - warning
18:12:10.0970 4692 volmgrx - detected ForgedFile.Multi.Generic (1)
18:12:10.0986 4692 [ 7D825B6B001A6BB172AB034144480A99 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:12:11.0017 4692 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 7D825B6B001A6BB172AB034144480A99, Fake md5: 786DB5771F05EF300390399F626BF30A
18:12:11.0017 4692 volsnap ( ForgedFile.Multi.Generic ) - warning
18:12:11.0017 4692 volsnap - detected ForgedFile.Multi.Generic (1)
18:12:11.0048 4692 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:12:11.0064 4692 vsmraid - ok
18:12:11.0095 4692 [ 0C9CD2B425AC2CBE1D403A8F136A926B ] VSS C:\Windows\system32\vssvc.exe
18:12:11.0142 4692 Suspicious file (Forged): C:\Windows\system32\vssvc.exe. Real md5: 0C9CD2B425AC2CBE1D403A8F136A926B, Fake md5: DB3D19F850C6EB32BDCB9BC0836ACDDB
18:12:11.0157 4692 VSS ( ForgedFile.Multi.Generic ) - warning
18:12:11.0157 4692 VSS - detected ForgedFile.Multi.Generic (1)
18:12:11.0188 4692 [ 72389E9E2971CD7227DD5AA2543D6C73 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:12:11.0220 4692 Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe. Real md5: 72389E9E2971CD7227DD5AA2543D6C73, Fake md5: 5FEB20D9ED9A2BD4F234222B0A3BB855
18:12:11.0220 4692 VzCdbSvc ( ForgedFile.Multi.Generic ) - warning
18:12:11.0220 4692 VzCdbSvc - detected ForgedFile.Multi.Generic (1)
18:12:11.0220 4692 [ A1A0E1292171BC39DA88FA48EB208023 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:12:11.0235 4692 Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe. Real md5: A1A0E1292171BC39DA88FA48EB208023, Fake md5: 3757DFD3C07896EF660D4060366E7B4E
18:12:11.0235 4692 VzFw ( ForgedFile.Multi.Generic ) - warning
18:12:11.0235 4692 VzFw - detected ForgedFile.Multi.Generic (1)
18:12:11.0266 4692 [ 4F61A26D5D0A96E6D46B0617192010E3 ] W32Time C:\Windows\system32\w32time.dll
18:12:11.0298 4692 Suspicious file (Forged): C:\Windows\system32\w32time.dll. Real md5: 4F61A26D5D0A96E6D46B0617192010E3, Fake md5: 96EA68B9EB310A69C25EBB0282B2B9DE
18:12:11.0298 4692 W32Time ( ForgedFile.Multi.Generic ) - warning
18:12:11.0298 4692 W32Time - detected ForgedFile.Multi.Generic (1)
18:12:11.0329 4692 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:12:11.0578 4692 WacomPen - ok
18:12:11.0625 4692 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:12:11.0750 4692 Wanarp - ok
18:12:11.0750 4692 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:12:11.0781 4692 Wanarpv6 - ok
18:12:11.0797 4692 [ 0183D84E9A99DB28B40E94117A3B7E6D ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:12:11.0828 4692 Suspicious file (Forged): C:\Windows\System32\wcncsvc.dll. Real md5: 0183D84E9A99DB28B40E94117A3B7E6D, Fake md5: A3CD60FD826381B49F03832590E069AF
18:12:11.0828 4692 wcncsvc ( ForgedFile.Multi.Generic ) - warning
18:12:11.0828 4692 wcncsvc - detected ForgedFile.Multi.Generic (1)
18:12:11.0859 4692 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:12:11.0906 4692 WcsPlugInService - ok
18:12:11.0937 4692 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:12:11.0953 4692 Wd - ok
18:12:11.0968 4692 [ 899BFAC7D63DDE7F811570826DC8972A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:12:12.0015 4692 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 899BFAC7D63DDE7F811570826DC8972A, Fake md5: A840213F1ACDCC175B4D1D5AAEAC0D7A
18:12:12.0015 4692 Wdf01000 ( ForgedFile.Multi.Generic ) - warning
18:12:12.0015 4692 Wdf01000 - detected ForgedFile.Multi.Generic (1)
18:12:12.0062 4692 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:12:12.0202 4692 WdiServiceHost - ok
18:12:12.0202 4692 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:12:12.0234 4692 WdiSystemHost - ok
18:12:12.0265 4692 [ 53297B80FCB36799AFD2E7707CF15101 ] WebClient C:\Windows\System32\webclnt.dll
18:12:12.0296 4692 Suspicious file (Forged): C:\Windows\System32\webclnt.dll. Real md5: 53297B80FCB36799AFD2E7707CF15101, Fake md5: 04C37D8107320312FBAE09926103D5E2
18:12:12.0296 4692 WebClient ( ForgedFile.Multi.Generic ) - warning
18:12:12.0296 4692 WebClient - detected ForgedFile.Multi.Generic (1)
18:12:12.0312 4692 [ 2EED3BF66F3B7A8D7A8F04E295502CBE ] Wecsvc C:\Windows\system32\wecsvc.dll
18:12:12.0343 4692 Suspicious file (Forged): C:\Windows\system32\wecsvc.dll. Real md5: 2EED3BF66F3B7A8D7A8F04E295502CBE, Fake md5: AE3736E7E8892241C23E4EBBB7453B60
18:12:12.0343 4692 Wecsvc ( ForgedFile.Multi.Generic ) - warning
18:12:12.0343 4692 Wecsvc - detected ForgedFile.Multi.Generic (1)
18:12:12.0374 4692 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:12:12.0483 4692 wercplsupport - ok
18:12:12.0514 4692 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:12:12.0561 4692 WerSvc - ok
18:12:12.0577 4692 [ CA07CF5D723A0935217BAB6085DF5F29 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:12:12.0624 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_CNXT.sys. Real md5: CA07CF5D723A0935217BAB6085DF5F29, Fake md5: 6D2350BB6E77E800FC4BE4E5B7A2E89A
18:12:12.0624 4692 winachsf ( ForgedFile.Multi.Generic ) - warning
18:12:12.0624 4692 winachsf - detected ForgedFile.Multi.Generic (1)
18:12:12.0670 4692 [ 4CA8E488299BAF19CE350E16BA5ACC0D ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:12:12.0702 4692 Suspicious file (Forged): C:\Program Files\Windows Defender\mpsvc.dll. Real md5: 4CA8E488299BAF19CE350E16BA5ACC0D, Fake md5: 4575AA12561C5648483403541D0D7F2B
18:12:12.0702 4692 WinDefend ( ForgedFile.Multi.Generic ) - warning
18:12:12.0702 4692 WinDefend - detected ForgedFile.Multi.Generic (1)
18:12:12.0717 4692 WinHttpAutoProxySvc - ok
18:12:12.0748 4692 [ 5A7FC383C3355595A83FCE4F23FA792C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:12:12.0764 4692 Suspicious file (Forged): C:\Windows\system32\wbem\WMIsvc.dll. Real md5: 5A7FC383C3355595A83FCE4F23FA792C, Fake md5: 6B2A1D0E80110E3D04E6863C6E62FD8A
18:12:12.0764 4692 Winmgmt ( ForgedFile.Multi.Generic ) - warning
18:12:12.0764 4692 Winmgmt - detected ForgedFile.Multi.Generic (1)
18:12:12.0795 4692 [ 449CBE07A71B499191C227506456C7C8 ] WinRM C:\Windows\system32\WsmSvc.dll
18:12:12.0858 4692 Suspicious file (Forged): C:\Windows\system32\WsmSvc.dll. Real md5: 449CBE07A71B499191C227506456C7C8, Fake md5: 7CFE68BDC065E55AA5E8421607037511
18:12:12.0858 4692 WinRM ( ForgedFile.Multi.Generic ) - warning
18:12:12.0858 4692 WinRM - detected ForgedFile.Multi.Generic (1)
18:12:12.0904 4692 [ D20CE70213434432BED5CDC45AFA74A1 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:12:12.0951 4692 Suspicious file (Forged): C:\Windows\System32\wlansvc.dll. Real md5: D20CE70213434432BED5CDC45AFA74A1, Fake md5: C008405E4FEEB069E30DA1D823910234
18:12:12.0951 4692 Wlansvc ( ForgedFile.Multi.Generic ) - warning
18:12:12.0951 4692 Wlansvc - detected ForgedFile.Multi.Generic (1)
18:12:12.0998 4692 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:12:13.0232 4692 WmiAcpi - ok
18:12:13.0248 4692 [ 8A976E019FB3D9F72D7C1EC0D4FB7579 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:12:13.0279 4692 Suspicious file (Forged): C:\Windows\system32\wbem\WmiApSrv.exe. Real md5: 8A976E019FB3D9F72D7C1EC0D4FB7579, Fake md5: 43BE3875207DCB62A85C8C49970B66CC
18:12:13.0279 4692 wmiApSrv ( ForgedFile.Multi.Generic ) - warning
18:12:13.0279 4692 wmiApSrv - detected ForgedFile.Multi.Generic (1)
18:12:13.0326 4692 [ 2C245A6ED1E1FF435B600B5DFC7325F0 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:12:13.0372 4692 Suspicious file (Forged): C:\Program Files\Windows Media Player\wmpnetwk.exe. Real md5: 2C245A6ED1E1FF435B600B5DFC7325F0, Fake md5: 3978704576A121A9204F8CC49A301A9B
18:12:13.0372 4692 WMPNetworkSvc ( ForgedFile.Multi.Generic ) - warning
18:12:13.0372 4692 WMPNetworkSvc - detected ForgedFile.Multi.Generic (1)
18:12:13.0388 4692 [ 5ABD1095CC6E1E212DF86050ACB64BDA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:12:13.0404 4692 Suspicious file (Forged): C:\Windows\System32\wpcsvc.dll. Real md5: 5ABD1095CC6E1E212DF86050ACB64BDA, Fake md5: CFC5A04558F5070CEE3E3A7809F3FF52
18:12:13.0404 4692 WPCSvc ( ForgedFile.Multi.Generic ) - warning
18:12:13.0404 4692 WPCSvc - detected ForgedFile.Multi.Generic (1)
18:12:13.0450 4692 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:12:13.0497 4692 WPDBusEnum - ok
18:12:13.0544 4692 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:12:13.0560 4692 WpdUsb - ok
18:12:13.0809 4692 [ 4FB6CD0265037B5D8B86CCF770CFB25A ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:12:13.0856 4692 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe. Real md5: 4FB6CD0265037B5D8B86CCF770CFB25A, Fake md5: DCF3E3EDF5109EE8BC02FE6E1F045795
18:12:13.0856 4692 WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - warning
18:12:13.0856 4692 WPFFontCache_v0400 - detected ForgedFile.Multi.Generic (1)
18:12:13.0903 4692 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:12:14.0012 4692 ws2ifsl - ok
18:12:14.0059 4692 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:12:14.0121 4692 wscsvc - ok
18:12:14.0121 4692 WSearch - ok
18:12:14.0168 4692 [ CE80FEC12F96CA35DEEFD2A4E7E3F798 ] wuauserv C:\Windows\system32\wuaueng.dll
18:12:14.0262 4692 Suspicious file (Forged): C:\Windows\system32\wuaueng.dll. Real md5: CE80FEC12F96CA35DEEFD2A4E7E3F798, Fake md5: FC3EC24FCE372C89423E015A2AC1A31E
18:12:14.0262 4692 wuauserv ( ForgedFile.Multi.Generic ) - warning
18:12:14.0262 4692 wuauserv - detected ForgedFile.Multi.Generic (1)
18:12:14.0293 4692 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:12:14.0324 4692 WudfPf - ok
18:12:14.0340 4692 [ 95078B3A120FB0488447F4BF9794D24E ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:12:14.0355 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\WUDFRd.sys. Real md5: 95078B3A120FB0488447F4BF9794D24E, Fake md5: 867C301E8B790040AE9CF6486E8041DF
18:12:14.0355 4692 WUDFRd ( ForgedFile.Multi.Generic ) - warning
18:12:14.0355 4692 WUDFRd - detected ForgedFile.Multi.Generic (1)
18:12:14.0402 4692 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:12:14.0464 4692 wudfsvc - ok
18:12:14.0496 4692 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:12:14.0511 4692 XAudio - ok
18:12:14.0527 4692 [ 54664AB16813A31387F89CD60E9B0832 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:12:14.0558 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\xaudio.exe. Real md5: 54664AB16813A31387F89CD60E9B0832, Fake md5: 28DC5D626E036A75A572556F0A6EB1F6
18:12:14.0558 4692 XAudioService ( ForgedFile.Multi.Generic ) - warning
18:12:14.0558 4692 XAudioService - detected ForgedFile.Multi.Generic (1)
18:12:14.0574 4692 [ FECB77B39816ADA633949F4E27BC6026 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:12:14.0589 4692 Suspicious file (Forged): C:\Windows\system32\DRIVERS\yk60x86.sys. Real md5: FECB77B39816ADA633949F4E27BC6026, Fake md5: 69222091B6285906AFF82E43681CF826
18:12:14.0589 4692 yukonwlh ( ForgedFile.Multi.Generic ) - warning
18:12:14.0589 4692 yukonwlh - detected ForgedFile.Multi.Generic (1)
18:12:14.0589 4692 ================ Scan global ===============================
18:12:14.0636 4692 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:12:14.0652 4692 [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:12:14.0683 4692 Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:12:14.0698 4692 [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:12:14.0698 4692 Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:12:14.0714 4692 [ CF967F2AD6364DCB895114E5CBE0FD72 ] C:\Windows\system32\services.exe
18:12:14.0776 4692 Suspicious file (Forged): C:\Windows\system32\services.exe. Real md5: CF967F2AD6364DCB895114E5CBE0FD72, Fake md5: D4E6D91C1349B7BFB3599A6ADA56851B
18:12:14.0776 4692 [Global] - ok
18:12:14.0776 4692 ================ Scan MBR ==================================
18:12:14.0792 4692 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:12:17.0974 4692 \Device\Harddisk0\DR0 - ok
18:12:17.0974 4692 ================ Scan VBR ==================================
18:12:18.0006 4692 [ 350DCDFB2C7F032B38144820915AE7AA ] \Device\Harddisk0\DR0\Partition1
18:12:18.0037 4692 \Device\Harddisk0\DR0\Partition1 - ok
18:12:18.0037 4692 ============================================================
18:12:18.0037 4692 Scan finished
18:12:18.0037 4692 ============================================================
18:12:18.0052 1004 Detected object count: 153
18:12:18.0052 1004 Actual detected object count: 153
|
|
| Themen zu Groupon Email |
| anhang, diverse, eingefangen, email, erkennen, folge, folgendes, foren, formatieren, gefälschte, groupon, hängt, neu, notebook, ordner, problem, programm, rechnung, sachen, spam, trojaner, vaio, verhalten, wirklich, öffnen |
Linear-Darstellung
