Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme

cosinus · 06.01.2014, 23:13

Zitat:

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16476
***** :: COMPAQ [administrator]

Im abgesicherten Modus mit Netzwerktreibern zeigt MBAR Adminrechte an. Nur leider hast du da die Funde nicht entfernt....

warhammer73 · 07.01.2014, 11:08

Hallo,

doch ich habe genauso wie sonst auch immer auf clean gedrückt und wie immer die Meldung bekommen das alles bereingt wurde. Es kaum (auch wie immer) keine Meldung das ich neustarten sollte. Egal ob im abgesicherten Modus oder nicht.

Da scheint also irgendwas anderes im argen zu sein. Irgendwelche Ideen?

cosinus · 07.01.2014, 11:16

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

warhammer73 · 08.01.2014, 13:38

... werde ich heute abend mal ausprobieren.

Andere Frage:
Kann ich MBAR&Co auch so ausführen das er ein anderes als das aktuelle Systemlaufwerk scannt? Dann würde ich die Platte einfach an einen anderen Rechner hängen in der Hoffnung das dann dort eine Bereinigung möglich ist...

cosinus · 08.01.2014, 14:11

Zitat:

Zitat von warhammer73

... werde ich heute abend mal ausprobieren.

Andere Frage:
Kann ich MBAR&Co auch so ausführen das er ein anderes als das aktuelle Systemlaufwerk scannt? Dann würde ich die Platte einfach an einen anderen Rechner hängen in der Hoffnung das dann dort eine Bereinigung möglich ist...

AFAIK kann man MBAR nicht sagen was es genau scannen soll

warhammer73 · 08.01.2014, 19:35

... kann es sein das die Doku für den Killer etwas veraltet ist?

Code:

ATTFilter

19:31:36.0706 2836  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:31:40.0262 2836  ============================================================
19:31:40.0262 2836  Current date / time: 2014/01/08 19:31:40.0262
19:31:40.0262 2836  SystemInfo:
19:31:40.0262 2836  
19:31:40.0262 2836  OS Version: 6.1.7601 ServicePack: 1.0
19:31:40.0262 2836  Product type: Workstation
19:31:40.0262 2836  ComputerName: COMPAQ
19:31:40.0262 2836  UserName: Beate Lütchens
19:31:40.0262 2836  Windows directory: C:\windows
19:31:40.0262 2836  System windows directory: C:\windows
19:31:40.0262 2836  Processor architecture: Intel x86
19:31:40.0262 2836  Number of processors: 2
19:31:40.0262 2836  Page size: 0x1000
19:31:40.0262 2836  Boot type: Normal boot
19:31:40.0262 2836  ============================================================
19:31:41.0573 2836  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:31:41.0573 2836  ============================================================
19:31:41.0573 2836  \Device\Harddisk0\DR0:
19:31:41.0573 2836  MBR partitions:
19:31:41.0573 2836  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
19:31:41.0573 2836  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197800
19:31:41.0573 2836  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322E000, BlocksNum 0x1E00000
19:31:41.0573 2836  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502E000, BlocksNum 0x3FD800
19:31:41.0573 2836  ============================================================
19:31:41.0620 2836  C: <-> \Device\Harddisk0\DR0\Partition2
19:31:41.0651 2836  E: <-> \Device\Harddisk0\DR0\Partition4
19:31:41.0651 2836  ============================================================
19:31:41.0651 2836  Initialize success
19:31:41.0651 2836  ============================================================
19:31:50.0059 4572  ============================================================
19:31:50.0059 4572  Scan started
19:31:50.0059 4572  Mode: Manual; SigCheck; TDLFS; 
19:31:50.0059 4572  ============================================================
19:31:50.0964 4572  ================ Scan system memory ========================
19:31:50.0964 4572  System memory - ok
19:31:50.0980 4572  ================ Scan services =============================
19:31:51.0167 4572  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:31:51.0338 4572  1394ohci - ok
19:31:51.0354 4572  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:31:51.0385 4572  ACPI - ok
19:31:51.0448 4572  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:31:51.0463 4572  AcpiPmi - ok
19:31:51.0572 4572  AdobeARMservice - ok
19:31:51.0697 4572  [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:31:51.0697 4572  Suspicious file (Forged): C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: 24A0876D07EF356DCBC1D7A7929354AB, Fake md5: 1BA1AB4141A92EB34DA99F1249CA2D4D
19:31:51.0713 4572  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - warning
19:31:51.0713 4572  AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic (1)
19:31:51.0760 4572  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
19:31:51.0791 4572  adp94xx - ok
19:31:51.0822 4572  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
19:31:51.0853 4572  adpahci - ok
19:31:51.0900 4572  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
19:31:51.0947 4572  adpu320 - ok
19:31:51.0978 4572  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:31:52.0009 4572  AeLookupSvc - ok
19:31:52.0118 4572  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
19:31:52.0181 4572  AESTFilters - ok
19:31:52.0259 4572  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
19:31:52.0259 4572  Suspicious file (Forged): C:\windows\system32\drivers\afd.sys. Real md5: 9EBBBA55060F786F0FCAA3893BFA2806, Fake md5: F81BB7E487EDCEAB630A7EE66CF23913
19:31:52.0259 4572  AFD ( ForgedFile.Multi.Generic ) - warning
19:31:52.0259 4572  AFD - detected ForgedFile.Multi.Generic (1)
19:31:52.0321 4572  [ 48091A2374A69F473273C44951195452 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
19:31:52.0399 4572  AgereModemAudio - ok
19:31:52.0430 4572  [ C6FA08A8CCA9001F3197525B07331715 ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
19:31:52.0477 4572  AgereSoftModem - ok
19:31:52.0524 4572  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
19:31:52.0540 4572  agp440 - ok
19:31:52.0586 4572  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
19:31:52.0633 4572  aic78xx - ok
19:31:52.0664 4572  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
19:31:52.0680 4572  ALG - ok
19:31:52.0727 4572  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
19:31:52.0742 4572  aliide - ok
19:31:52.0789 4572  [ A236CEE2BF90381E981EBB870429FA9B ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:31:52.0836 4572  AMD External Events Utility - ok
19:31:52.0852 4572  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
19:31:52.0883 4572  amdagp - ok
19:31:52.0898 4572  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
19:31:52.0914 4572  amdide - ok
19:31:52.0961 4572  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
19:31:53.0008 4572  AmdK8 - ok
19:31:53.0023 4572  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
19:31:53.0039 4572  AmdPPM - ok
19:31:53.0070 4572  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:31:53.0132 4572  amdsata - ok
19:31:53.0148 4572  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
19:31:53.0164 4572  amdsbs - ok
19:31:53.0179 4572  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:31:53.0195 4572  amdxata - ok
19:31:53.0242 4572  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
19:31:53.0273 4572  AppID - ok
19:31:53.0335 4572  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:31:53.0382 4572  AppIDSvc - ok
19:31:53.0476 4572  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\windows\System32\appinfo.dll
19:31:53.0538 4572  Appinfo - ok
19:31:53.0569 4572  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\windows\System32\appmgmts.dll
19:31:53.0600 4572  AppMgmt - ok
19:31:53.0663 4572  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
19:31:53.0694 4572  arc - ok
19:31:53.0710 4572  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
19:31:53.0741 4572  arcsas - ok
19:31:53.0850 4572  aspnet_state - ok
19:31:53.0881 4572  aswMonFlt - ok
19:31:53.0928 4572  aswRdr - ok
19:31:53.0944 4572  aswRvrt - ok
19:31:53.0975 4572  aswSnx - ok
19:31:53.0990 4572  aswSP - ok
19:31:54.0006 4572  aswStm - ok
19:31:54.0022 4572  aswVmm - ok
19:31:54.0068 4572  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:31:54.0146 4572  AsyncMac - ok
19:31:54.0178 4572  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
19:31:54.0224 4572  atapi - ok
19:31:54.0412 4572  [ A4252328D2B1520571102992EF0B0E5C ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
19:31:54.0536 4572  atikmdag - ok
19:31:54.0568 4572  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie.sys
19:31:54.0599 4572  AtiPcie - ok
19:31:54.0661 4572  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:31:54.0724 4572  AudioEndpointBuilder - ok
19:31:54.0739 4572  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
19:31:54.0786 4572  Audiosrv - ok
19:31:54.0833 4572  avast! Antivirus - ok
19:31:54.0880 4572  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:31:54.0911 4572  AxInstSV - ok
19:31:54.0958 4572  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
19:31:54.0989 4572  b06bdrv - ok
19:31:55.0036 4572  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
19:31:55.0067 4572  b57nd60x - ok
19:31:55.0207 4572  [ B9E94D37FC08525D893B632A0CA2E18C ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
19:31:55.0285 4572  BCM43XX - ok
19:31:55.0332 4572  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
19:31:55.0363 4572  BDESVC - ok
19:31:55.0394 4572  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
19:31:55.0441 4572  Beep - ok
19:31:55.0504 4572  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
19:31:55.0550 4572  BFE - ok
19:31:55.0644 4572  [ 84F44D5580B381A615423723D43F82D9 ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
19:31:55.0691 4572  BingDesktopUpdate - ok
19:31:55.0738 4572  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\system32\qmgr.dll
19:31:55.0800 4572  BITS - ok
19:31:55.0847 4572  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:31:55.0894 4572  blbdrive - ok
19:31:55.0940 4572  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:31:55.0956 4572  bowser - ok
19:31:55.0972 4572  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
19:31:55.0987 4572  BrFiltLo - ok
19:31:56.0003 4572  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
19:31:56.0018 4572  BrFiltUp - ok
19:31:56.0081 4572  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
19:31:56.0143 4572  BridgeMP - ok
19:31:56.0190 4572  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
19:31:56.0252 4572  Browser - ok
19:31:56.0299 4572  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:31:56.0315 4572  Brserid - ok
19:31:56.0346 4572  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:31:56.0377 4572  BrSerWdm - ok
19:31:56.0393 4572  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:31:56.0408 4572  BrUsbMdm - ok
19:31:56.0424 4572  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:31:56.0455 4572  BrUsbSer - ok
19:31:56.0502 4572  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
19:31:56.0564 4572  BthEnum - ok
19:31:56.0580 4572  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
19:31:56.0627 4572  BTHMODEM - ok
19:31:56.0642 4572  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
19:31:56.0674 4572  BthPan - ok
19:31:56.0720 4572  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
19:31:56.0752 4572  BTHPORT - ok
19:31:56.0814 4572  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
19:31:56.0923 4572  bthserv - ok
19:31:56.0939 4572  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
19:31:56.0954 4572  BTHUSB - ok
19:31:57.0017 4572  [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
19:31:57.0064 4572  btwaudio - ok
19:31:57.0110 4572  [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
19:31:57.0142 4572  btwavdt - ok
19:31:57.0220 4572  [ 7D2DD14E60CE4FF3308D66FDA7990546 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:31:57.0266 4572  btwdins - ok
19:31:57.0298 4572  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
19:31:57.0313 4572  btwl2cap - ok
19:31:57.0329 4572  [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
19:31:57.0329 4572  btwrchid - ok
19:31:57.0485 4572  catchme - ok
19:31:57.0532 4572  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:31:57.0610 4572  cdfs - ok
19:31:57.0672 4572  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:31:57.0703 4572  cdrom - ok
19:31:57.0766 4572  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
19:31:57.0812 4572  CertPropSvc - ok
19:31:57.0890 4572  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
19:31:57.0937 4572  circlass - ok
19:31:57.0984 4572  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
19:31:58.0015 4572  CLFS - ok
19:31:58.0093 4572  [ 094B94F7C0DDCBFF0D3D2C64BF51C8E9 ] ClientService   C:\Program Files\COMODO\Time Machine\ClientService.exe
19:31:58.0140 4572  ClientService - ok
19:31:58.0249 4572  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:31:58.0296 4572  clr_optimization_v2.0.50727_32 - ok
19:31:58.0343 4572  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:31:58.0343 4572  Suspicious file (Forged): C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe. Real md5: C5A75EB48E2344ABDC162BDA79E16841, Fake md5: E87213F37A13E2B54391E40934F071D0
19:31:58.0343 4572  clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - warning
19:31:58.0343 4572  clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.Generic (1)
19:31:58.0374 4572  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:31:58.0421 4572  CmBatt - ok
19:31:58.0452 4572  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:31:58.0468 4572  cmdide - ok
19:31:58.0530 4572  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\windows\system32\Drivers\cng.sys
19:31:58.0546 4572  Suspicious file (Forged): C:\windows\system32\Drivers\cng.sys. Real md5: 42F158036BD4C2FF3122BF142E60E6FD, Fake md5: 85449EEBE8F8EBD6481EFBF0F352B4EB
19:31:58.0546 4572  CNG ( ForgedFile.Multi.Generic ) - warning
19:31:58.0546 4572  CNG - detected ForgedFile.Multi.Generic (1)
19:31:58.0639 4572  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:31:58.0686 4572  Com4QLBEx - ok
19:31:58.0702 4572  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
19:31:58.0717 4572  Compbatt - ok
19:31:58.0780 4572  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
19:31:58.0826 4572  CompositeBus - ok
19:31:58.0826 4572  COMSysApp - ok
19:31:58.0858 4572  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
19:31:58.0873 4572  crcdisk - ok
19:31:58.0936 4572  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:31:58.0982 4572  CryptSvc - ok
19:31:59.0029 4572  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\windows\system32\drivers\csc.sys
19:31:59.0076 4572  CSC - ok
19:31:59.0123 4572  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\windows\System32\cscsvc.dll
19:31:59.0170 4572  CscService - ok
19:31:59.0310 4572  [ 89BD03B2206E8B6D2A939C18C9BA6FEF ] CTMFLT          C:\windows\system32\drivers\CTMFLT.sys
19:31:59.0326 4572  Suspicious file (NoAccess): C:\windows\system32\drivers\CTMFLT.sys. md5: 89BD03B2206E8B6D2A939C18C9BA6FEF
19:31:59.0326 4572  CTMFLT ( LockedFile.Multi.Generic ) - warning
19:31:59.0326 4572  CTMFLT - detected LockedFile.Multi.Generic (1)
19:31:59.0419 4572  [ 6A6BC7BF9A36EC927E715F1968AAF1FA ] CTMMOUNT        C:\windows\system32\drivers\CTMMOUNT.sys
19:31:59.0419 4572  Suspicious file (NoAccess): C:\windows\system32\drivers\CTMMOUNT.sys. md5: 6A6BC7BF9A36EC927E715F1968AAF1FA
19:31:59.0435 4572  CTMMOUNT ( LockedFile.Multi.Generic ) - warning
19:31:59.0435 4572  CTMMOUNT - detected LockedFile.Multi.Generic (1)
19:31:59.0528 4572  [ 89FEF3E5D9AC74323B91D3FEC29A3EE9 ] CTMSHD          C:\windows\system32\drivers\CTMSHD.sys
19:31:59.0528 4572  Suspicious file (NoAccess): C:\windows\system32\drivers\CTMSHD.sys. md5: 89FEF3E5D9AC74323B91D3FEC29A3EE9
19:31:59.0544 4572  CTMSHD ( LockedFile.Multi.Generic ) - warning
19:31:59.0544 4572  CTMSHD - detected LockedFile.Multi.Generic (1)
19:31:59.0606 4572  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
19:31:59.0684 4572  DcomLaunch - ok
19:31:59.0731 4572  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
19:31:59.0778 4572  defragsvc - ok
19:31:59.0809 4572  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:31:59.0840 4572  DfsC - ok
19:31:59.0887 4572  [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp         C:\windows\system32\Drivers\DgiVecp.sys
19:31:59.0887 4572  DgiVecp ( UnsignedFile.Multi.Generic ) - warning
19:31:59.0887 4572  DgiVecp - detected UnsignedFile.Multi.Generic (1)
19:31:59.0934 4572  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
19:31:59.0981 4572  Dhcp - ok
19:31:59.0996 4572  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
19:32:00.0074 4572  discache - ok
19:32:00.0121 4572  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
19:32:00.0137 4572  Disk - ok
19:32:00.0215 4572  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:32:00.0246 4572  Dnscache - ok
19:32:00.0293 4572  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
19:32:00.0340 4572  dot3svc - ok
19:32:00.0402 4572  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
19:32:00.0433 4572  Dot4 - ok
19:32:00.0511 4572  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
19:32:00.0558 4572  Dot4Print - ok
19:32:00.0589 4572  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
19:32:00.0605 4572  dot4usb - ok
19:32:00.0652 4572  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
19:32:00.0730 4572  DPS - ok
19:32:00.0776 4572  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:32:00.0823 4572  drmkaud - ok
19:32:00.0886 4572  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:32:00.0901 4572  Suspicious file (Forged): C:\windows\System32\drivers\dxgkrnl.sys. Real md5: 16498EBC04AE9DD07049A8884B205C05, Fake md5: 71BC35067CABC02C9453AEAA42B2E43E
19:32:00.0901 4572  DXGKrnl ( ForgedFile.Multi.Generic ) - warning
19:32:00.0901 4572  DXGKrnl - detected ForgedFile.Multi.Generic (1)
19:32:00.0948 4572  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
19:32:01.0026 4572  EapHost - ok
19:32:01.0182 4572  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
19:32:01.0276 4572  ebdrv - ok
19:32:01.0307 4572  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
19:32:01.0307 4572  Suspicious file (Forged): C:\windows\System32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, Fake md5: 803B370865D907EA21DC0C2B6A8936B5
19:32:01.0307 4572  EFS ( ForgedFile.Multi.Generic ) - warning
19:32:01.0307 4572  EFS - detected ForgedFile.Multi.Generic (1)
19:32:01.0354 4572  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
19:32:01.0385 4572  ehRecvr - ok
19:32:01.0416 4572  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
19:32:01.0447 4572  ehSched - ok
19:32:01.0478 4572  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
19:32:01.0494 4572  elxstor - ok
19:32:01.0525 4572  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:32:01.0541 4572  ErrDev - ok
19:32:01.0603 4572  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
19:32:01.0681 4572  EventSystem - ok
19:32:01.0744 4572  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
19:32:01.0822 4572  exfat - ok
19:32:01.0853 4572  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:32:01.0915 4572  fastfat - ok
19:32:01.0993 4572  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
19:32:02.0040 4572  Fax - ok
19:32:02.0071 4572  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
19:32:02.0087 4572  fdc - ok
19:32:02.0102 4572  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
19:32:02.0134 4572  fdPHost - ok
19:32:02.0149 4572  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
19:32:02.0180 4572  FDResPub - ok
19:32:02.0196 4572  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:32:02.0212 4572  FileInfo - ok
19:32:02.0227 4572  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:32:02.0258 4572  Filetrace - ok
19:32:02.0274 4572  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
19:32:02.0290 4572  flpydisk - ok
19:32:02.0305 4572  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:32:02.0336 4572  FltMgr - ok
19:32:02.0399 4572  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\windows\system32\FntCache.dll
19:32:02.0492 4572  FontCache - ok
19:32:02.0539 4572  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:32:02.0555 4572  FontCache3.0.0.0 - ok
19:32:02.0570 4572  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:32:02.0586 4572  FsDepends - ok
19:32:02.0617 4572  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:32:02.0633 4572  Fs_Rec - ok
19:32:02.0664 4572  [ A36E8BEEDB3AACA09BF55A1D17904BC8 ] FTDIBUS         C:\windows\system32\drivers\ftdibus.sys
19:32:02.0680 4572  FTDIBUS - ok
19:32:02.0726 4572  [ A14A1F4BB391DF9C233CB5DBD05FEB70 ] FTSER2K         C:\windows\system32\drivers\ftser2k.sys
19:32:02.0742 4572  FTSER2K - ok
19:32:02.0789 4572  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:32:02.0820 4572  fvevol - ok
19:32:02.0867 4572  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
19:32:02.0882 4572  gagp30kx - ok
19:32:02.0960 4572  [ 035EAF9A18B84F9560984BCF41F52E99 ] gfiark          C:\windows\system32\drivers\gfiark.sys
19:32:02.0960 4572  Suspicious file (Hidden): C:\windows\system32\drivers\gfiark.sys. md5: 035EAF9A18B84F9560984BCF41F52E99
19:32:02.0960 4572  gfiark ( HiddenFile.Multi.Generic ) - warning
19:32:02.0960 4572  gfiark - detected HiddenFile.Multi.Generic (1)
19:32:03.0023 4572  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\windows\system32\drivers\gfibto.sys
19:32:03.0070 4572  gfibto - ok
19:32:03.0116 4572  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
19:32:03.0179 4572  gpsvc - ok
19:32:03.0194 4572  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:32:03.0257 4572  hcw85cir - ok
19:32:03.0335 4572  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:32:03.0413 4572  HdAudAddService - ok
19:32:03.0444 4572  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
19:32:03.0475 4572  HDAudBus - ok
19:32:03.0491 4572  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
19:32:03.0522 4572  HidBatt - ok
19:32:03.0538 4572  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
19:32:03.0553 4572  HidBth - ok
19:32:03.0600 4572  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
19:32:03.0647 4572  HidIr - ok
19:32:03.0678 4572  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\System32\hidserv.dll
19:32:03.0709 4572  hidserv - ok
19:32:03.0756 4572  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:32:03.0787 4572  HidUsb - ok
19:32:03.0818 4572  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:32:03.0865 4572  hkmsvc - ok
19:32:03.0912 4572  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:32:03.0974 4572  HomeGroupListener - ok
19:32:04.0021 4572  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:32:04.0084 4572  HomeGroupProvider - ok
19:32:04.0193 4572  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:32:04.0224 4572  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0224 4572  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
19:32:04.0271 4572  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
19:32:04.0302 4572  HpqKbFiltr - ok
19:32:04.0380 4572  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:32:04.0442 4572  hpqwmiex - ok
19:32:04.0489 4572  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:32:04.0552 4572  HpSAMD - ok
19:32:04.0708 4572  [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:32:04.0770 4572  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0770 4572  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
19:32:04.0848 4572  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:32:04.0942 4572  HTTP - ok
19:32:04.0957 4572  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:32:04.0973 4572  hwpolicy - ok
19:32:05.0035 4572  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
19:32:05.0098 4572  i8042prt - ok
19:32:05.0160 4572  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:32:05.0191 4572  iaStorV - ok
19:32:05.0285 4572  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:32:05.0316 4572  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0316 4572  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:32:05.0425 4572  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:32:05.0472 4572  idsvc - ok
19:32:05.0534 4572  IEEtwCollectorService - ok
19:32:05.0706 4572  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
19:32:05.0831 4572  igfx - ok
19:32:05.0878 4572  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
19:32:05.0878 4572  iirsp - ok
19:32:05.0956 4572  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
19:32:05.0971 4572  Suspicious file (Forged): C:\windows\System32\ikeext.dll. Real md5: F95622F161474511B8D80D6B093AA610, Fake md5: B9C54120F46392100478F58F374E5709
19:32:05.0971 4572  IKEEXT ( ForgedFile.Multi.Generic ) - warning
19:32:05.0971 4572  IKEEXT - detected ForgedFile.Multi.Generic (1)
19:32:06.0018 4572  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
19:32:06.0065 4572  intelide - ok
19:32:06.0127 4572  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:32:06.0174 4572  intelppm - ok
19:32:06.0236 4572  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:32:06.0299 4572  IPBusEnum - ok
19:32:06.0314 4572  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:32:06.0361 4572  IpFilterDriver - ok
19:32:06.0424 4572  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:32:06.0502 4572  iphlpsvc - ok
19:32:06.0533 4572  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:32:06.0548 4572  IPMIDRV - ok
19:32:06.0580 4572  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:32:06.0611 4572  IPNAT - ok
19:32:06.0658 4572  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:32:06.0673 4572  IRENUM - ok
19:32:06.0689 4572  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:32:06.0704 4572  isapnp - ok
19:32:06.0720 4572  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:32:06.0751 4572  iScsiPrt - ok
19:32:06.0782 4572  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
19:32:06.0798 4572  kbdclass - ok
19:32:06.0845 4572  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:32:06.0860 4572  kbdhid - ok
19:32:06.0892 4572  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
19:32:06.0907 4572  Suspicious file (Forged): C:\windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, Fake md5: 803B370865D907EA21DC0C2B6A8936B5
19:32:06.0907 4572  KeyIso ( ForgedFile.Multi.Generic ) - warning
19:32:06.0907 4572  KeyIso - detected ForgedFile.Multi.Generic (1)
19:32:06.0954 4572  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:32:06.0954 4572  Suspicious file (Forged): C:\windows\system32\Drivers\ksecdd.sys. Real md5: B7895B4182C0D16F6EFADEB8081E8D36, Fake md5: F286830298323272260332D6ABC905C1
19:32:06.0954 4572  KSecDD ( ForgedFile.Multi.Generic ) - warning
19:32:06.0954 4572  KSecDD - detected ForgedFile.Multi.Generic (1)
19:32:07.0001 4572  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:32:07.0001 4572  Suspicious file (Forged): C:\windows\system32\Drivers\ksecpkg.sys. Real md5: 5FE1ABF1AF591A3458C9CF24ED9A4D35, Fake md5: D7C760D57B1656DD748B9E4AB6CB5A51
19:32:07.0001 4572  KSecPkg ( ForgedFile.Multi.Generic ) - warning
19:32:07.0001 4572  KSecPkg - detected ForgedFile.Multi.Generic (1)
19:32:07.0048 4572  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
19:32:07.0094 4572  KtmRm - ok
19:32:07.0141 4572  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\System32\srvsvc.dll
19:32:07.0172 4572  LanmanServer - ok
19:32:07.0219 4572  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:32:07.0282 4572  LanmanWorkstation - ok
19:32:07.0344 4572  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:32:07.0360 4572  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:32:07.0360 4572  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:32:07.0406 4572  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:32:07.0484 4572  lltdio - ok
19:32:07.0516 4572  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:32:07.0578 4572  lltdsvc - ok
19:32:07.0609 4572  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
19:32:07.0687 4572  lmhosts - ok
19:32:07.0750 4572  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
19:32:07.0781 4572  LSI_FC - ok
19:32:07.0812 4572  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
19:32:07.0843 4572  LSI_SAS - ok
19:32:07.0843 4572  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
19:32:07.0859 4572  LSI_SAS2 - ok
19:32:07.0890 4572  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
19:32:07.0906 4572  LSI_SCSI - ok
19:32:07.0952 4572  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
19:32:08.0015 4572  luafv - ok
19:32:08.0046 4572  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:32:08.0108 4572  Mcx2Svc - ok
19:32:08.0124 4572  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
19:32:08.0140 4572  megasas - ok
19:32:08.0140 4572  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
19:32:08.0155 4572  MegaSR - ok
19:32:08.0202 4572  [ 64B96DE8C492BD435372D9130A535F1D ] MfeAVFK         C:\windows\system32\drivers\MfeAVFK.sys
19:32:08.0218 4572  MfeAVFK - ok
19:32:08.0233 4572  [ 078E87A89D36CC3516F19D5FB518BDDC ] MfeBOPK         C:\windows\system32\drivers\MfeBOPK.sys
19:32:08.0249 4572  MfeBOPK - ok
19:32:08.0280 4572  [ 168C565101FD5B9DB694EFDEC91FAFA9 ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
19:32:08.0296 4572  mfehidk - ok
19:32:08.0327 4572  [ E0842F67DC9BC4D21D1E319610EBE9E5 ] MfeRKDK         C:\windows\system32\drivers\MfeRKDK.sys
19:32:08.0342 4572  MfeRKDK - ok
19:32:08.0358 4572  [ 43A7ACBBD70ECD62F0B63486C72089A3 ] mfetdik         C:\windows\system32\drivers\mfetdik.sys
19:32:08.0374 4572  mfetdik - ok
19:32:08.0405 4572  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
19:32:08.0452 4572  MMCSS - ok
19:32:08.0467 4572  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
19:32:08.0530 4572  Modem - ok
19:32:08.0576 4572  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:32:08.0608 4572  monitor - ok
19:32:08.0623 4572  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:32:08.0639 4572  mouclass - ok
19:32:08.0701 4572  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:32:08.0717 4572  mouhid - ok
19:32:08.0764 4572  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:32:08.0795 4572  mountmgr - ok
19:32:08.0826 4572  MozillaMaintenance - ok
19:32:08.0857 4572  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
19:32:08.0888 4572  mpio - ok
19:32:08.0904 4572  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:32:08.0935 4572  mpsdrv - ok
19:32:08.0982 4572  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:32:09.0044 4572  MpsSvc - ok
19:32:09.0076 4572  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:32:09.0076 4572  Suspicious file (Forged): C:\windows\system32\drivers\mrxdav.sys. Real md5: CEB46AB7C01C9F825F8CC6BABC18166A, Fake md5: 21F4B24ACFC79A483515BD986DD9043F
19:32:09.0076 4572  MRxDAV ( ForgedFile.Multi.Generic ) - warning
19:32:09.0076 4572  MRxDAV - detected ForgedFile.Multi.Generic (1)
19:32:09.0122 4572  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:32:09.0138 4572  mrxsmb - ok
19:32:09.0169 4572  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:32:09.0216 4572  mrxsmb10 - ok
19:32:09.0247 4572  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:32:09.0294 4572  mrxsmb20 - ok
19:32:09.0341 4572  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
19:32:09.0372 4572  msahci - ok
19:32:09.0419 4572  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:32:09.0434 4572  msdsm - ok
19:32:09.0466 4572  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
19:32:09.0497 4572  MSDTC - ok
19:32:09.0544 4572  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:32:09.0606 4572  Msfs - ok
19:32:09.0668 4572  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:32:09.0731 4572  mshidkmdf - ok
19:32:09.0746 4572  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:32:09.0778 4572  msisadrv - ok
19:32:09.0809 4572  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:32:09.0840 4572  MSiSCSI - ok
19:32:09.0856 4572  msiserver - ok
19:32:09.0887 4572  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:32:09.0918 4572  MSKSSRV - ok
19:32:09.0965 4572  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:32:10.0027 4572  MSPCLOCK - ok
19:32:10.0043 4572  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:32:10.0074 4572  MSPQM - ok
19:32:10.0090 4572  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:32:10.0105 4572  MsRPC - ok
19:32:10.0121 4572  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
19:32:10.0136 4572  mssmbios - ok
19:32:10.0183 4572  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:32:10.0246 4572  MSTEE - ok
19:32:10.0277 4572  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
19:32:10.0308 4572  MTConfig - ok
19:32:10.0324 4572  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
19:32:10.0339 4572  Mup - ok
19:32:10.0386 4572  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
19:32:10.0480 4572  napagent - ok
19:32:10.0526 4572  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:32:10.0573 4572  NativeWifiP - ok
19:32:10.0636 4572  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:32:10.0651 4572  NDIS - ok
19:32:10.0698 4572  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:32:10.0745 4572  NdisCap - ok
19:32:10.0776 4572  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:32:10.0807 4572  NdisTapi - ok
19:32:10.0838 4572  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:32:10.0901 4572  Ndisuio - ok
19:32:10.0932 4572  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:32:10.0994 4572  NdisWan - ok
19:32:11.0041 4572  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:32:11.0088 4572  NDProxy - ok
19:32:11.0135 4572  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
19:32:11.0166 4572  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:32:11.0166 4572  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:32:11.0228 4572  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:32:11.0291 4572  NetBIOS - ok
19:32:11.0338 4572  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:32:11.0384 4572  NetBT - ok
19:32:11.0400 4572  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
19:32:11.0400 4572  Suspicious file (Forged): C:\windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, Fake md5: 803B370865D907EA21DC0C2B6A8936B5
19:32:11.0400 4572  Netlogon ( ForgedFile.Multi.Generic ) - warning
19:32:11.0400 4572  Netlogon - detected ForgedFile.Multi.Generic (1)
19:32:11.0494 4572  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
19:32:11.0556 4572  Netman - ok
19:32:11.0603 4572  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:32:11.0603 4572  Suspicious file (Forged): C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, Fake md5: 21318671BCAD3ACF16638F98D4D00973
19:32:11.0603 4572  NetMsmqActivator ( ForgedFile.Multi.Generic ) - warning
19:32:11.0603 4572  NetMsmqActivator - detected ForgedFile.Multi.Generic (1)
19:32:11.0634 4572  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:32:11.0634 4572  Suspicious file (Forged): C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, Fake md5: 21318671BCAD3ACF16638F98D4D00973
19:32:11.0634 4572  NetPipeActivator ( ForgedFile.Multi.Generic ) - warning
19:32:11.0634 4572  NetPipeActivator - detected ForgedFile.Multi.Generic (1)
19:32:11.0681 4572  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
19:32:11.0712 4572  netprofm - ok
19:32:11.0743 4572  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:32:11.0743 4572  Suspicious file (Forged): C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, Fake md5: 21318671BCAD3ACF16638F98D4D00973
19:32:11.0743 4572  NetTcpActivator ( ForgedFile.Multi.Generic ) - warning
19:32:11.0743 4572  NetTcpActivator - detected ForgedFile.Multi.Generic (1)
19:32:11.0759 4572  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:32:11.0759 4572  Suspicious file (Forged): C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, Fake md5: 21318671BCAD3ACF16638F98D4D00973
19:32:11.0759 4572  NetTcpPortSharing ( ForgedFile.Multi.Generic ) - warning
19:32:11.0759 4572  NetTcpPortSharing - detected ForgedFile.Multi.Generic (1)
19:32:11.0790 4572  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
19:32:11.0821 4572  nfrd960 - ok
19:32:11.0852 4572  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
19:32:11.0868 4572  NlaSvc - ok
19:32:11.0899 4572  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:32:11.0930 4572  Npfs - ok
19:32:11.0946 4572  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
19:32:11.0993 4572  nsi - ok
19:32:12.0024 4572  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:32:12.0055 4572  nsiproxy - ok
19:32:12.0118 4572  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:32:12.0180 4572  Ntfs - ok
19:32:12.0196 4572  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
19:32:12.0242 4572  Null - ok
19:32:12.0289 4572  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:32:12.0305 4572  nvraid - ok
19:32:12.0352 4572  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:32:12.0383 4572  nvstor - ok
19:32:12.0398 4572  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:32:12.0414 4572  nv_agp - ok
19:32:12.0461 4572  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:32:12.0476 4572  ohci1394 - ok
19:32:12.0523 4572  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:32:12.0539 4572  ose - ok
19:32:12.0601 4572  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:32:12.0632 4572  p2pimsvc - ok
19:32:12.0664 4572  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
19:32:12.0695 4572  p2psvc - ok
19:32:12.0742 4572  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
19:32:12.0757 4572  Parport - ok
19:32:12.0788 4572  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:32:12.0804 4572  partmgr - ok
19:32:12.0835 4572  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
19:32:12.0851 4572  Parvdm - ok
19:32:12.0882 4572  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:32:12.0898 4572  PcaSvc - ok
19:32:12.0913 4572  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
19:32:12.0929 4572  pci - ok
19:32:12.0960 4572  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
19:32:13.0007 4572  pciide - ok
19:32:13.0054 4572  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
19:32:13.0100 4572  pcmcia - ok
19:32:13.0163 4572  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
19:32:13.0210 4572  pcw - ok
19:32:13.0272 4572  pdfcDispatcher - ok
19:32:13.0319 4572  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:32:13.0397 4572  PEAUTH - ok
19:32:13.0459 4572  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
19:32:13.0522 4572  PeerDistSvc - ok
19:32:13.0662 4572  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
19:32:13.0709 4572  pla - ok
19:32:13.0818 4572  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:32:13.0834 4572  PlugPlay - ok
19:32:13.0927 4572  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
19:32:13.0943 4572  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:32:13.0943 4572  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:32:13.0958 4572  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:32:14.0005 4572  PNRPAutoReg - ok
19:32:14.0021 4572  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:32:14.0036 4572  PNRPsvc - ok
19:32:14.0068 4572  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:32:14.0114 4572  PolicyAgent - ok
19:32:14.0146 4572  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
19:32:14.0208 4572  Power - ok
19:32:14.0224 4572  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:32:14.0255 4572  PptpMiniport - ok
19:32:14.0286 4572  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
19:32:14.0302 4572  Processor - ok
19:32:14.0364 4572  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
19:32:14.0411 4572  ProfSvc - ok
19:32:14.0442 4572  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
19:32:14.0442 4572  Suspicious file (Forged): C:\windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, Fake md5: 803B370865D907EA21DC0C2B6A8936B5
19:32:14.0442 4572  ProtectedStorage ( ForgedFile.Multi.Generic ) - warning
19:32:14.0442 4572  ProtectedStorage - detected ForgedFile.Multi.Generic (1)
19:32:14.0489 4572  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:32:14.0520 4572  Psched - ok
19:32:14.0614 4572  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
19:32:14.0645 4572  PxHelp20 - ok
19:32:14.0707 4572  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
19:32:14.0770 4572  ql2300 - ok
19:32:14.0785 4572  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
19:32:14.0801 4572  ql40xx - ok
19:32:14.0832 4572  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
19:32:14.0863 4572  QWAVE - ok
19:32:14.0879 4572  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:32:14.0910 4572  QWAVEdrv - ok
19:32:14.0957 4572  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:32:14.0988 4572  RasAcd - ok
19:32:15.0019 4572  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:32:15.0050 4572  RasAgileVpn - ok
19:32:15.0066 4572  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
19:32:15.0113 4572  RasAuto - ok
19:32:15.0128 4572  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:32:15.0160 4572  Rasl2tp - ok
19:32:15.0206 4572  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
19:32:15.0253 4572  RasMan - ok
19:32:15.0269 4572  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:32:15.0316 4572  RasPppoe - ok
19:32:15.0331 4572  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:32:15.0378 4572  RasSstp - ok
19:32:15.0409 4572  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:32:15.0472 4572  rdbss - ok
19:32:15.0503 4572  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
19:32:15.0534 4572  rdpbus - ok
19:32:15.0565 4572  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:32:15.0596 4572  RDPCDD - ok
19:32:15.0643 4572  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
19:32:15.0674 4572  RDPDR - ok
19:32:15.0706 4572  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:32:15.0752 4572  RDPENCDD - ok
19:32:15.0784 4572  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:32:15.0815 4572  RDPREFMP - ok
19:32:15.0893 4572  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:32:15.0908 4572  RdpVideoMiniport - ok
19:32:15.0955 4572  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:32:15.0986 4572  RDPWD - ok
19:32:16.0033 4572  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:32:16.0080 4572  rdyboost - ok
19:32:16.0111 4572  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
19:32:16.0174 4572  RemoteAccess - ok
19:32:16.0205 4572  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:32:16.0252 4572  RemoteRegistry - ok
19:32:16.0314 4572  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:32:16.0345 4572  RFCOMM - ok
19:32:16.0392 4572  [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb          C:\windows\system32\Drivers\RimUsb.sys
19:32:16.0408 4572  RimUsb - ok
19:32:16.0470 4572  [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort     C:\windows\system32\DRIVERS\RimSerial.sys
19:32:16.0501 4572  RimVSerPort - ok
19:32:16.0564 4572  [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM       C:\windows\system32\Drivers\RootMdm.sys
19:32:16.0595 4572  ROOTMODEM - ok
19:32:16.0704 4572  [ 85F9924FB26D924C4A10DC620AE2C350 ] RoxMediaDB10    c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
19:32:16.0798 4572  RoxMediaDB10 - ok
19:32:16.0844 4572  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:32:16.0922 4572  RpcEptMapper - ok
19:32:16.0938 4572  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
19:32:16.0969 4572  RpcLocator - ok
19:32:17.0000 4572  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
19:32:17.0078 4572  RpcSs - ok
19:32:17.0110 4572  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:32:17.0156 4572  rspndr - ok
19:32:17.0203 4572  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
19:32:17.0234 4572  s3cap - ok
19:32:17.0266 4572  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
19:32:17.0266 4572  Suspicious file (Forged): C:\windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, Fake md5: 803B370865D907EA21DC0C2B6A8936B5
19:32:17.0266 4572  SamSs ( ForgedFile.Multi.Generic ) - warning
19:32:17.0266 4572  SamSs - detected ForgedFile.Multi.Generic (1)
19:32:17.0375 4572  [ 9B03DE3DFDA1440A73B1D124B2492BA0 ] Samsung Network Fax Server C:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
19:32:17.0406 4572  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
19:32:17.0406 4572  Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
19:32:17.0468 4572  [ 87574F4C899E8AEDDDC1EDF71D3E045E ] sbapifs         C:\windows\system32\DRIVERS\sbapifs.sys
19:32:17.0468 4572  Suspicious file (Hidden): C:\windows\system32\DRIVERS\sbapifs.sys. md5: 87574F4C899E8AEDDDC1EDF71D3E045E
19:32:17.0468 4572  sbapifs ( HiddenFile.Multi.Generic ) - warning
19:32:17.0468 4572  sbapifs - detected HiddenFile.Multi.Generic (1)
19:32:17.0531 4572  SbFw - ok
19:32:17.0562 4572  SBFWIMCL - ok
19:32:17.0578 4572  SBFWIMCLMP - ok
19:32:17.0624 4572  sbhips - ok
19:32:17.0671 4572  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:32:17.0702 4572  sbp2port - ok
19:32:17.0718 4572  sbwtis - ok
19:32:17.0734 4572  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:32:17.0780 4572  SCardSvr - ok
19:32:17.0796 4572  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:32:17.0827 4572  scfilter - ok
19:32:17.0874 4572  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
19:32:17.0983 4572  Schedule - ok
19:32:18.0030 4572  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
19:32:18.0124 4572  SCPolicySvc - ok
19:32:18.0139 4572  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:32:18.0186 4572  SDRSVC - ok
19:32:18.0233 4572  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:32:18.0264 4572  secdrv - ok
19:32:18.0280 4572  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
19:32:18.0326 4572  seclogon - ok
19:32:18.0342 4572  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
19:32:18.0404 4572  SENS - ok
19:32:18.0436 4572  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:32:18.0451 4572  SensrSvc - ok
19:32:18.0467 4572  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
19:32:18.0482 4572  Serenum - ok
19:32:18.0498 4572  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
19:32:18.0514 4572  Serial - ok
19:32:18.0560 4572  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
19:32:18.0576 4572  sermouse - ok
19:32:18.0638 4572  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
19:32:18.0701 4572  SessionEnv - ok
19:32:18.0732 4572  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:32:18.0763 4572  sffdisk - ok
19:32:18.0779 4572  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:32:18.0794 4572  sffp_mmc - ok
19:32:18.0810 4572  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:32:18.0826 4572  sffp_sd - ok
19:32:18.0857 4572  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
19:32:18.0872 4572  sfloppy - ok
19:32:18.0888 4572  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:32:18.0935 4572  SharedAccess - ok
19:32:18.0950 4572  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:32:18.0982 4572  ShellHWDetection - ok
19:32:19.0013 4572  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
19:32:19.0028 4572  sisagp - ok
19:32:19.0075 4572  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
19:32:19.0091 4572  SiSRaid2 - ok
19:32:19.0122 4572  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
19:32:19.0138 4572  SiSRaid4 - ok
19:32:19.0200 4572  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:32:19.0216 4572  Suspicious file (Forged): C:\Program Files\Skype\Updater\Updater.exe. Real md5: F07AF60B152221472FBDB2FECEC4896D, Fake md5: 50D9949020E02B847CD48F1243FCB895
19:32:19.0216 4572  SkypeUpdate ( ForgedFile.Multi.Generic ) - warning
19:32:19.0216 4572  SkypeUpdate - detected ForgedFile.Multi.Generic (1)
19:32:19.0278 4572  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:32:19.0340 4572  Smb - ok
19:32:19.0403 4572  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:32:19.0450 4572  SNMPTRAP - ok
19:32:19.0512 4572  [ D8ABA1293B82E7AF2F78B67CA46FCB3D ] SNP2UVC         C:\windows\system32\DRIVERS\snp2uvc.sys
19:32:19.0590 4572  SNP2UVC - ok
19:32:19.0621 4572  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
19:32:19.0637 4572  spldr - ok
19:32:19.0699 4572  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
19:32:19.0777 4572  Spooler - ok
19:32:19.0871 4572  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
19:32:19.0964 4572  sppsvc - ok
19:32:20.0011 4572  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:32:20.0058 4572  sppuinotify - ok
19:32:20.0105 4572  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
19:32:20.0120 4572  srv - ok
19:32:20.0152 4572  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:32:20.0183 4572  srv2 - ok
19:32:20.0198 4572  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:32:20.0214 4572  srvnet - ok
19:32:20.0245 4572  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:32:20.0276 4572  SSDPSRV - ok
19:32:20.0292 4572  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\windows\system32\Drivers\SSPORT.sys
19:32:20.0308 4572  SSPORT ( UnsignedFile.Multi.Generic ) - warning
19:32:20.0308 4572  SSPORT - detected UnsignedFile.Multi.Generic (1)
19:32:20.0323 4572  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:32:20.0354 4572  SstpSvc - ok
19:32:20.0479 4572  [ A8D11FB4733AF636A96FC7C67417D893 ] STacSV          C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
19:32:20.0526 4572  STacSV - ok
19:32:20.0635 4572  [ CCCFF9BC76CF7D98813736E0C7443F14 ] StartServer     C:\Program Files\AdvoluxJava\StartServer.exe
19:32:20.0651 4572  StartServer ( UnsignedFile.Multi.Generic ) - warning
19:32:20.0651 4572  StartServer - detected UnsignedFile.Multi.Generic (1)
19:32:20.0682 4572  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
19:32:20.0729 4572  stexstor - ok
19:32:20.0791 4572  [ 901703459C668331DF0C0245F6B8160A ] STHDA           C:\windows\system32\DRIVERS\stwrt.sys
19:32:20.0822 4572  STHDA - ok
19:32:20.0869 4572  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
19:32:20.0885 4572  StillCam - ok
19:32:20.0932 4572  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
19:32:20.0994 4572  StiSvc - ok
19:32:21.0025 4572  [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:32:21.0072 4572  stllssvr - ok
19:32:21.0119 4572  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
19:32:21.0134 4572  storflt - ok
19:32:21.0150 4572  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\windows\system32\storsvc.dll
19:32:21.0181 4572  StorSvc - ok
19:32:21.0228 4572  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\windows\system32\drivers\storvsc.sys
19:32:21.0244 4572  storvsc - ok
19:32:21.0275 4572  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
19:32:21.0290 4572  swenum - ok
19:32:21.0322 4572  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
19:32:21.0368 4572  swprv - ok
19:32:21.0431 4572  [ 1DE40024679CDE0E573465253519730E ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
19:32:21.0462 4572  SynTP - ok
19:32:21.0509 4572  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
19:32:21.0571 4572  SysMain - ok
19:32:21.0618 4572  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
19:32:21.0680 4572  TabletInputService - ok
19:32:21.0696 4572  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
19:32:21.0743 4572  TapiSrv - ok
19:32:21.0774 4572  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
19:32:21.0821 4572  TBS - ok
19:32:21.0899 4572  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:32:21.0930 4572  Suspicious file (Forged): C:\windows\system32\drivers\tcpip.sys. Real md5: 4E8B9BE71B807B3BAEDB7F4243F85E3C, Fake md5: CA59F7C570AF70BC174F477CFE2D9EE3
19:32:21.0930 4572  Tcpip ( ForgedFile.Multi.Generic ) - warning
19:32:21.0930 4572  Tcpip - detected ForgedFile.Multi.Generic (1)
19:32:22.0024 4572  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:32:22.0055 4572  Suspicious file (Forged): C:\windows\system32\DRIVERS\tcpip.sys. Real md5: 4E8B9BE71B807B3BAEDB7F4243F85E3C, Fake md5: CA59F7C570AF70BC174F477CFE2D9EE3
19:32:22.0055 4572  TCPIP6 ( ForgedFile.Multi.Generic ) - warning
19:32:22.0055 4572  TCPIP6 - detected ForgedFile.Multi.Generic (1)
19:32:22.0102 4572  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:32:22.0133 4572  tcpipreg - ok
19:32:22.0180 4572  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:32:22.0211 4572  TDPIPE - ok
19:32:22.0242 4572  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:32:22.0273 4572  TDTCP - ok
19:32:22.0304 4572  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:32:22.0336 4572  tdx - ok
19:32:22.0382 4572  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
19:32:22.0398 4572  TermDD - ok
19:32:22.0445 4572  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
19:32:22.0492 4572  TermService - ok
19:32:22.0523 4572  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
19:32:22.0554 4572  Themes - ok
19:32:22.0585 4572  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
19:32:22.0648 4572  THREADORDER - ok
19:32:22.0694 4572  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\windows\system32\drivers\tpm.sys
19:32:22.0726 4572  TPM - ok
19:32:22.0772 4572  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
19:32:22.0850 4572  TrkWks - ok
19:32:22.0897 4572  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:32:22.0975 4572  TrustedInstaller - ok
19:32:23.0022 4572  [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:32:23.0053 4572  tssecsrv - ok
19:32:23.0131 4572  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:32:23.0194 4572  TsUsbFlt - ok
19:32:23.0256 4572  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:32:23.0318 4572  tunnel - ok
19:32:23.0334 4572  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
19:32:23.0350 4572  uagp35 - ok
19:32:23.0365 4572  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:32:23.0412 4572  udfs - ok
19:32:23.0459 4572  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:32:23.0474 4572  UI0Detect - ok
19:32:23.0490 4572  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:32:23.0506 4572  uliagpkx - ok
19:32:23.0568 4572  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:32:23.0615 4572  umbus - ok
19:32:23.0677 4572  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
19:32:23.0740 4572  UmPass - ok
19:32:23.0771 4572  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\windows\System32\umrdp.dll
19:32:23.0849 4572  UmRdpService - ok
19:32:23.0864 4572  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
19:32:23.0896 4572  upnphost - ok
19:32:23.0927 4572  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:32:23.0927 4572  Suspicious file (Forged): C:\windows\system32\DRIVERS\usbccgp.sys. Real md5: BD9C55D7023C5DE374507ACC7A14E2AC, Fake md5: 71D97F1A3CC47A56728F7A400A3F8295
19:32:23.0927 4572  usbccgp ( ForgedFile.Multi.Generic ) - warning
19:32:23.0927 4572  usbccgp - detected ForgedFile.Multi.Generic (1)
19:32:23.0974 4572  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:32:23.0974 4572  Suspicious file (Forged): C:\windows\system32\drivers\usbcir.sys. Real md5: 04EC7CEC62EC3B6D9354EEE93327FC82, Fake md5: 2352AB5F9F8F097BF9D41D5A4718A041
19:32:23.0974 4572  usbcir ( ForgedFile.Multi.Generic ) - warning
19:32:23.0974 4572  usbcir - detected ForgedFile.Multi.Generic (1)
19:32:24.0005 4572  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
19:32:24.0005 4572  Suspicious file (Forged): C:\windows\system32\DRIVERS\usbehci.sys. Real md5: F92DE757E4B7CE9C07C5E65423F3AE3B, Fake md5: C4FB8E7ADEA9B5CEEA885A1B504B7E40
19:32:24.0005 4572  usbehci ( ForgedFile.Multi.Generic ) - warning
19:32:24.0005 4572  usbehci - detected ForgedFile.Multi.Generic (1)
19:32:24.0052 4572  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:32:24.0052 4572  Suspicious file (Forged): C:\windows\system32\DRIVERS\usbhub.sys. Real md5: 8DC94AEC6A7E644A06135AE7506DC2E9, Fake md5: 86AA95ACB611001E26CD2C0145F2225A
19:32:24.0052 4572  usbhub ( ForgedFile.Multi.Generic ) - warning
19:32:24.0052 4572  usbhub - detected ForgedFile.Multi.Generic (1)
19:32:24.0067 4572  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
19:32:24.0083 4572  Suspicious file (Forged): C:\windows\system32\DRIVERS\usbohci.sys. Real md5: E185D44FAC515A18D9DEDDC23C2CDF44, Fake md5: DCDF9855145A14DFCA0AB32308871961
19:32:24.0083 4572  usbohci ( ForgedFile.Multi.Generic ) - warning
19:32:24.0083 4572  usbohci - detected ForgedFile.Multi.Generic (1)
19:32:24.0130 4572  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
19:32:24.0176 4572  usbprint - ok
19:32:24.0239 4572  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\drivers\usbscan.sys
19:32:24.0254 4572  Suspicious file (Forged): C:\windows\system32\drivers\usbscan.sys. Real md5: 576096CCBC07E7C4EA4F5E6686D6888F, Fake md5: FC6B21DB4B5B398AB93DBE59CBF11036
19:32:24.0254 4572  usbscan ( ForgedFile.Multi.Generic ) - warning
19:32:24.0254 4572  usbscan - detected ForgedFile.Multi.Generic (1)
19:32:24.0270 4572  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:32:24.0301 4572  USBSTOR - ok
19:32:24.0317 4572  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:32:24.0317 4572  Suspicious file (Forged): C:\windows\system32\drivers\usbuhci.sys. Real md5: 68DF884CF41CDADA664BEB01DAF67E3D, Fake md5: 8E51D04175BAA14C4F79AA5F6D248770
19:32:24.0317 4572  usbuhci ( ForgedFile.Multi.Generic ) - warning
19:32:24.0317 4572  usbuhci - detected ForgedFile.Multi.Generic (1)
19:32:24.0364 4572  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
19:32:24.0364 4572  Suspicious file (Forged): C:\windows\System32\Drivers\usbvideo.sys. Real md5: 45F4E7BF43DB40A6C6B4D92C76CBC3F2, Fake md5: DE014425522610BEDCA3821BB8C0F1D5
19:32:24.0379 4572  usbvideo ( ForgedFile.Multi.Generic ) - warning
19:32:24.0379 4572  usbvideo - detected ForgedFile.Multi.Generic (1)
19:32:24.0410 4572  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
19:32:24.0473 4572  UxSms - ok
19:32:24.0488 4572  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
19:32:24.0488 4572  Suspicious file (Forged): C:\windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, Fake md5: 803B370865D907EA21DC0C2B6A8936B5
19:32:24.0488 4572  VaultSvc ( ForgedFile.Multi.Generic ) - warning
19:32:24.0488 4572  VaultSvc - detected ForgedFile.Multi.Generic (1)
19:32:24.0551 4572  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:32:24.0566 4572  vdrvroot - ok
19:32:24.0613 4572  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
19:32:24.0691 4572  vds - ok
19:32:24.0722 4572  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:32:24.0754 4572  vga - ok
19:32:24.0785 4572  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
19:32:24.0832 4572  VgaSave - ok
19:32:24.0847 4572  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:32:24.0863 4572  vhdmp - ok
19:32:24.0910 4572  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
19:32:24.0956 4572  viaagp - ok
19:32:24.0972 4572  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
19:32:25.0003 4572  ViaC7 - ok
19:32:25.0034 4572  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
19:32:25.0050 4572  viaide - ok
19:32:25.0081 4572  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\windows\system32\drivers\vmbus.sys
19:32:25.0097 4572  vmbus - ok
19:32:25.0112 4572  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
19:32:25.0128 4572  VMBusHID - ok
19:32:25.0144 4572  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:32:25.0159 4572  volmgr - ok
19:32:25.0190 4572  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:32:25.0206 4572  volmgrx - ok
19:32:25.0222 4572  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:32:25.0253 4572  volsnap - ok
19:32:25.0300 4572  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
19:32:25.0331 4572  vsmraid - ok
19:32:25.0393 4572  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
19:32:25.0456 4572  VSS - ok
19:32:25.0487 4572  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:32:25.0518 4572  vwifibus - ok
19:32:25.0549 4572  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:32:25.0580 4572  vwififlt - ok
19:32:25.0627 4572  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
19:32:25.0658 4572  vwifimp - ok
19:32:25.0721 4572  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
19:32:25.0768 4572  W32Time - ok
19:32:25.0799 4572  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
19:32:25.0830 4572  WacomPen - ok
19:32:25.0877 4572  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:32:25.0924 4572  WANARP - ok
19:32:25.0939 4572  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:32:25.0970 4572  Wanarpv6 - ok
19:32:26.0017 4572  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
19:32:26.0064 4572  wbengine - ok
19:32:26.0095 4572  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:32:26.0142 4572  WbioSrvc - ok
19:32:26.0173 4572  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:32:26.0204 4572  wcncsvc - ok
19:32:26.0236 4572  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:32:26.0267 4572  WcsPlugInService - ok
19:32:26.0267 4572  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
19:32:26.0282 4572  Wd - ok
19:32:26.0329 4572  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:32:26.0329 4572  Suspicious file (Forged): C:\windows\system32\drivers\Wdf01000.sys. Real md5: A840213F1ACDCC175B4D1D5AAEAC0D7A, Fake md5: 25944D2CC49E0A6C581D02A74B7D6645
19:32:26.0329 4572  Wdf01000 ( ForgedFile.Multi.Generic ) - warning
19:32:26.0329 4572  Wdf01000 - detected ForgedFile.Multi.Generic (1)
19:32:26.0360 4572  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:32:26.0392 4572  WdiServiceHost - ok
19:32:26.0407 4572  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:32:26.0423 4572  WdiSystemHost - ok
19:32:26.0454 4572  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
19:32:26.0470 4572  Suspicious file (Forged): C:\windows\System32\webclnt.dll. Real md5: A9D880F97530D5B8FEE278923349929D, Fake md5: 75E8EBD7040CE238684333F97014762A
19:32:26.0470 4572  WebClient ( ForgedFile.Multi.Generic ) - warning
19:32:26.0470 4572  WebClient - detected ForgedFile.Multi.Generic (1)
19:32:26.0485 4572  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:32:26.0563 4572  Wecsvc - ok
19:32:26.0579 4572  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:32:26.0626 4572  wercplsupport - ok
19:32:26.0672 4572  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
19:32:26.0719 4572  WerSvc - ok
19:32:26.0782 4572  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:32:26.0844 4572  WfpLwf - ok
19:32:26.0860 4572  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:32:26.0906 4572  WIMMount - ok
19:32:26.0984 4572  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:32:27.0031 4572  WinDefend - ok
19:32:27.0078 4572  WinHttpAutoProxySvc - ok
19:32:27.0140 4572  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:32:27.0187 4572  Winmgmt - ok
19:32:27.0265 4572  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
19:32:27.0328 4572  WinRM - ok
19:32:27.0406 4572  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
19:32:27.0468 4572  WinUSB - ok
19:32:27.0515 4572  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
19:32:27.0546 4572  Wlansvc - ok
19:32:27.0593 4572  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
19:32:27.0608 4572  WmiAcpi - ok
19:32:27.0655 4572  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:32:27.0671 4572  wmiApSrv - ok
19:32:27.0749 4572  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:32:27.0796 4572  WMPNetworkSvc - ok
19:32:27.0811 4572  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:32:27.0827 4572  WPCSvc - ok
19:32:27.0889 4572  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:32:27.0920 4572  WPDBusEnum - ok
19:32:27.0967 4572  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:32:28.0030 4572  ws2ifsl - ok
19:32:28.0045 4572  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\system32\wscsvc.dll
19:32:28.0076 4572  wscsvc - ok
19:32:28.0123 4572  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
19:32:28.0170 4572  WSDPrintDevice - ok
19:32:28.0186 4572  WSearch - ok
19:32:28.0295 4572  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
19:32:28.0342 4572  wuauserv - ok
19:32:28.0373 4572  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:32:28.0420 4572  WudfPf - ok
19:32:28.0466 4572  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:32:28.0513 4572  WUDFRd - ok
19:32:28.0544 4572  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:32:28.0591 4572  wudfsvc - ok
19:32:28.0622 4572  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\windows\System32\wwansvc.dll
19:32:28.0669 4572  WwanSvc - ok
19:32:28.0732 4572  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\windows\system32\DRIVERS\yk62x86.sys
19:32:28.0763 4572  yukonw7 - ok
19:32:28.0794 4572  ================ Scan global ===============================
19:32:28.0841 4572  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
19:32:28.0872 4572  [ 51BB04243DF6196C06E125898127E397 ] C:\windows\system32\winsrv.dll
19:32:28.0903 4572  [ 51BB04243DF6196C06E125898127E397 ] C:\windows\system32\winsrv.dll
19:32:28.0934 4572  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
19:32:28.0950 4572  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
19:32:28.0950 4572  [Global] - ok
19:32:28.0966 4572  ================ Scan MBR ==================================
19:32:28.0966 4572  [ 3C39E28DFC87C0C77116C91AC4B874B7 ] \Device\Harddisk0\DR0
19:32:28.0981 4572  Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:32:29.0184 4572  \Device\Harddisk0\DR0 - ok
19:32:29.0184 4572  ================ Scan VBR ==================================
19:32:29.0200 4572  [ 72C770E7F547D1FBA31DE21D63AB8C9B ] \Device\Harddisk0\DR0\Partition1
19:32:29.0200 4572  \Device\Harddisk0\DR0\Partition1 - ok
19:32:29.0231 4572  [ 82315436EB0B588C276D92DCDED0B0DD ] \Device\Harddisk0\DR0\Partition2
19:32:29.0246 4572  \Device\Harddisk0\DR0\Partition2 - ok
19:32:29.0278 4572  [ F68D53FBEF7226C7B490D3417C9935C7 ] \Device\Harddisk0\DR0\Partition3
19:32:29.0293 4572  \Device\Harddisk0\DR0\Partition3 - ok
19:32:29.0309 4572  [ 774DAD2391F0736682EFB69D7B2456D4 ] \Device\Harddisk0\DR0\Partition4
19:32:29.0324 4572  \Device\Harddisk0\DR0\Partition4 - ok
19:32:29.0324 4572  ============================================================
19:32:29.0324 4572  Scan finished
19:32:29.0324 4572  ============================================================
19:32:29.0340 4480  Detected object count: 47
19:32:29.0340 4480  Actual detected object count: 47
19:33:35.0063 4480  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0063 4480  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0063 4480  AFD ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0063 4480  AFD ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0063 4480  clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0063 4480  clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0063 4480  CNG ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0063 4480  CNG ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0063 4480  CTMFLT ( LockedFile.Multi.Generic ) - skipped by user
19:33:35.0063 4480  CTMFLT ( LockedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0078 4480  CTMMOUNT ( LockedFile.Multi.Generic ) - skipped by user
19:33:35.0078 4480  CTMMOUNT ( LockedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0078 4480  CTMSHD ( LockedFile.Multi.Generic ) - skipped by user
19:33:35.0078 4480  CTMSHD ( LockedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0078 4480  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0078 4480  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0078 4480  DXGKrnl ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0078 4480  DXGKrnl ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0078 4480  EFS ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0078 4480  EFS ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0094 4480  gfiark ( HiddenFile.Multi.Generic ) - skipped by user
19:33:35.0094 4480  gfiark ( HiddenFile.Multi.Generic ) - User select action: Skip 
19:33:35.0094 4480  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0094 4480  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0094 4480  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0094 4480  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0094 4480  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0094 4480  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0110 4480  IKEEXT ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0110 4480  IKEEXT ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0110 4480  KeyIso ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0110 4480  KeyIso ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0110 4480  KSecDD ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0110 4480  KSecDD ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0110 4480  KSecPkg ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0110 4480  KSecPkg ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0125 4480  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0125 4480  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0125 4480  MRxDAV ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0125 4480  MRxDAV ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0125 4480  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0125 4480  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0125 4480  Netlogon ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0125 4480  Netlogon ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0125 4480  NetMsmqActivator ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0125 4480  NetMsmqActivator ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0141 4480  NetPipeActivator ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0141 4480  NetPipeActivator ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0141 4480  NetTcpActivator ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0141 4480  NetTcpActivator ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0141 4480  NetTcpPortSharing ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0141 4480  NetTcpPortSharing ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0141 4480  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0141 4480  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0156 4480  ProtectedStorage ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0156 4480  ProtectedStorage ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0156 4480  SamSs ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0156 4480  SamSs ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0156 4480  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0156 4480  Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0156 4480  sbapifs ( HiddenFile.Multi.Generic ) - skipped by user
19:33:35.0156 4480  sbapifs ( HiddenFile.Multi.Generic ) - User select action: Skip 
19:33:35.0172 4480  SkypeUpdate ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0172 4480  SkypeUpdate ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0172 4480  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0172 4480  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0172 4480  StartServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0172 4480  StartServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0172 4480  Tcpip ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0172 4480  Tcpip ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0188 4480  TCPIP6 ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0188 4480  TCPIP6 ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0188 4480  usbccgp ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0188 4480  usbccgp ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0188 4480  usbcir ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0188 4480  usbcir ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0188 4480  usbehci ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0188 4480  usbehci ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0188 4480  usbhub ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0203 4480  usbhub ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0203 4480  usbohci ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0203 4480  usbohci ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0203 4480  usbscan ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0203 4480  usbscan ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0203 4480  usbuhci ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0203 4480  usbuhci ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0203 4480  usbvideo ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0203 4480  usbvideo ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0219 4480  VaultSvc ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0219 4480  VaultSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0219 4480  Wdf01000 ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0219 4480  Wdf01000 ( ForgedFile.Multi.Generic ) - User select action: Skip 
19:33:35.0219 4480  WebClient ( ForgedFile.Multi.Generic ) - skipped by user
19:33:35.0219 4480  WebClient ( ForgedFile.Multi.Generic ) - User select action: Skip

cosinus · 08.01.2014, 21:58

Ich seh da nix. Sieht ok aus. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

warhammer73 · 11.01.2014, 23:48

Hallo,

nachdem die beiden nichts verdächtiges gemeldet haben, Avast aber ab und an mit Meldungen kam das es irgendwelche Trojaner entfernt hat, der Rechner 10min zum booten gebraucht hat und google einfach nicht zum laufen zu bekommen war habe ich den Rechner jetzt neu aufgesetzt und nur noch die Daten übernommen die unbedingt behalten werden sollten und von keinem Virenscanner als kritisch eingestuft wurden.

Danke für die Hilfe und ich hoffe sie nicht nochmal zu brauchen.

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme

Log-Analyse und Auswertung: Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme