| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Verdacht auf Trojaner (Probleme über Probleme)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.03.2014, 04:24
| #1 | |
| |  Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Sehr geehrtes Team vom Trojaner-Board, mein Computer spackt seit einer geraumen Zeit völlig rum. Normalerweise versuche ich meine Probleme einfach mir einer neu aufsetzten zu beheben, jedoch bin ich es satt und möchte mal herausfinden, was meine Fehler sind. Ich habe mehrere Probleme zugleich und stelle eine Liste von den Problemen auf: Probleme: 1) Crome ist beim Start zu langsam und braucht unnatürlich lange, bis er eine Seite geöffnet hat. Außerdem öffnet er manche Seiten gar nicht und ich bekomme eine Fehlermeldung, das ein Internetproblem besteht. Zugleich zeigt mir der Internetexplorer nach längerem Laufen des Computers gar keine Seiten mehr an und z.B. sei angeblich bei Youtube kein Java installiert, was quatsch ist. 2) Ich verliere ständig die Internetverbindung bei Spielen und werde somit ausgeschlossen. Darüberhinaus ist es auch üblich, dass ich ein unheimliche hohe Latenz aufweise und das Spiel somit unspielbar ist. PS: Es liegen 100% keine Modem vor und es liegt nicht an anderen Computern im Netzwerk. 3) Anwendungen, sei es Explorer (Crome+Internetexplorer), Anwendungen wie Teamspeak, oder Spiele, stürzen zufällig entweder mit dem Hinweis "Das Programm reagiert nicht mehr" oder auch gar keiner Rückmeldung ab und schließt sich dann. 4) Der Pc Boot verläuft bemerkbar langsamer ab, als ich gewohnt bin. 5) Den "Echtzeitscann" bei der "Antivir-Free-Version" bekomme ich zum verreckten einfach nicht auf "Aktiviert" gestellt. Ich hatte dannach schon gegoggled und eine Lösung gefunden mit Malwarebytes und anderen zwei Tools, wo er seine Berichte geposted hatte, jedoch wollte ich mich daran nicht versuchen, da ihr davon abgeraten hattet. 6) Antvir und Malwarebyte spucken immer wieder Funde herraus, die jedoch nach erneuter Suche immer wieder auftreten oder spätestens beim Systemneustart. 7) Zufällig bekomm ich ein bis mehrmals gleichzeitig diese Fehlermeldung: hxxp://i.imgur.com/sYY9rFt.jpg 8) Zu Letzt bekomme ich auch manchmal folgende Fehlermeldung, wenn ich versuche mit Hilfe von Strg+Shift+Esc den Taskmanager aufzurufen: taskmgr.exe - Systemfehler Das Programm kann nicht gestartet werden, da pcwum.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben. Dieses Problem hab ich aber wie schon erwähnt nur manchmal und dies verstehe ich auch nicht. Im Großen und Ganzen sind das meine Probleme, aus die ich einfach nicht Schlau werde. Es hat sicherlich etwas mit diesen Funden zutun, die ich immer wieder finde, aber bevor ich falsche Sachen an meinem Pc vornehme, lasse ich mich lieber von fähigen Pc-Experten beraten und führen. Zu guter Letzt werde ich nun die Berichte posten, die auf folgender Seite mir ans Herz gelegt wurden. Mein Pc ist Bootfähig! Seite: http://www.trojaner-board.de/69886-a...-beachten.html Berichte von meinem Computer: Schritt 1: Hat funktioniert ohne Rückmeldung. Re-enable Button habe ich daraufhin auch nicht gedrückt. Schritt 2: Farbar's Recovery Scan Tool FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014 01
Ran by Kevin (administrator) on KEVIN_S on 13-03-2014 04:17:20
Running from C:\Users\Kevin\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hi-Rez Studios) D:\Smite\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Nostromo Driver] - C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\MountPoints2: {4b09e8b9-9585-11e3-a541-001f1fe447f5} - G:\Lenovo_USB_Driver.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x05871061813DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google-Suche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-10]
CHR Extension: (Yulia Brodskaya) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
U2 HiPatchService; D:\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-15] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [227840 2009-07-14] ()
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] ()
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] ()
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] ()
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] ()
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] ()
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] ()
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] ()
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] ()
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [12534784 2013-10-08] ()
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [619008 2013-10-08] ()
R3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-14] ()
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] ()
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] ()
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] ()
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] ()
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] ()
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] ()
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] ()
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] ()
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] ()
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] ()
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] ()
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] ()
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] ()
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] ()
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] ()
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] ()
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] ()
U5 d9c0704a342146bd; C:\Windows\System32\Drivers\d9c0704a342146bd.sys [78800 2014-01-02] () <===== ATTENTION Necurs Rootkit?
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2009-11-04] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] ()
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] ()
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] ()
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] ()
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] ()
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] ()
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2350240 2010-05-20] ()
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] ()
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] ()
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] ()
R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [22408 2009-11-24] ()
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [16008 2009-11-24] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] ()
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] ()
S3 msahci; C:\Windows\system32\DRIVERS\msahci.sys [30272 2009-07-14] ()
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
R3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] ()
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] ()
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] ()
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] ()
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] ()
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] ()
R0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] ()
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] ()
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] ()
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [347680 2010-05-20] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] ()
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] ()
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] ()
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] ()
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] ()
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [126912 2012-04-19] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] ()
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] ()
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] ()
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] ()
R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109568 2009-07-14] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] ()
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] ()
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-14] ()
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] ()
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] ()
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] ()
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] ()
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] ()
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] ()
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] ()
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [187904 2009-11-04] ()
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [66304 2009-11-04] ()
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2009-11-04] ()
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [359552 2009-11-04] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] ()
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] ()
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-14] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-13 04:17 - 2014-03-13 04:17 - 00027051 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:14 - 2014-03-13 04:15 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 04:06 - 2014-03-13 04:10 - 00002794 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:18 - 2014-03-13 04:17 - 00000000 ____D () C:\FRST
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-13 03:28 - 00000112 _____ () C:\Windows\setupact.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00084668 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:05 - 2014-03-13 02:10 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-11 00:31 - 2014-02-21 10:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-03-10 22:49 - 2013-11-08 09:12 - 00000000 ____D () C:\Users\Kevin\Downloads\After.Earth.2013.BDRip.AC3.German.XviD-MB
2014-03-10 16:02 - 2014-03-10 16:06 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:40 - 2014-03-10 15:46 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:19 - 2014-03-10 04:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 03:43 - 2014-03-10 04:09 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 03:43 - 2014-03-10 04:07 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:43 - 2014-03-10 03:57 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:17 - 2014-03-10 03:34 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:16 - 2014-03-10 03:33 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:16 - 2014-03-10 03:32 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-12 05:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-10 01:02 - 2014-03-13 01:46 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-10 01:02 - 2014-03-12 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 14:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-06 14:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-06 14:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-12 05:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 23:05 - 2014-03-03 06:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-02-25 23:05 - 2014-03-03 04:50 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:33 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:33 - 2014-02-25 19:34 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-20 13:11 - 2014-02-25 20:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 13:11 - 2014-02-25 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
==================== One Month Modified Files and Folders =======
2014-03-13 04:17 - 2014-03-13 04:17 - 00027051 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-13 04:17 - 2014-03-13 03:18 - 00000000 ____D () C:\FRST
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:15 - 2014-03-13 04:14 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:14 - 2013-12-10 14:26 - 00000000 ____D () C:\Users\Kevin
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 04:10 - 2014-03-13 04:06 - 00002794 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:36 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 03:36 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 03:29 - 2013-12-10 15:04 - 00000557 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-13 03:28 - 2014-03-13 03:09 - 00000112 _____ () C:\Windows\setupact.log
2014-03-13 03:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-13 03:09 - 00084668 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 03:09 - 2009-07-14 01:20 - 00000000 __SHD () C:\Users\Kevin\AppData\Roaming\brjhugsc
2014-03-13 03:07 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2014-03-13 02:32 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Kevin\Desktop\Sc
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Spiele
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Programme
2014-03-13 02:30 - 2014-01-18 21:04 - 00003334 _____ () C:\Windows\System32\Tasks\{96E09B51-3767-4369-B365-95C572CD4F5D}
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:10 - 2014-03-13 02:05 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:09 - 2013-12-10 14:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 02:08 - 2013-12-26 02:45 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2014-03-13 02:08 - 2013-12-10 15:07 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\TS3Client
2014-03-13 01:58 - 2013-12-11 12:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-13 01:57 - 2013-12-10 21:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 01:46 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-13 01:41 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Microsoft Games
2014-03-12 23:53 - 2009-07-14 18:58 - 00700562 _____ () C:\Windows\system32\perfh007.dat
2014-03-12 23:53 - 2009-07-14 18:58 - 00149462 _____ () C:\Windows\system32\perfc007.dat
2014-03-12 23:53 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 23:41 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-12 23:31 - 2013-12-11 16:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2014-03-12 22:55 - 2013-12-11 00:01 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\vlc
2014-03-12 05:32 - 2014-03-10 03:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 05:32 - 2014-03-01 05:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 22:54 - 2013-12-27 04:57 - 00000000 ____D () C:\Users\Kevin\Downloads\2.Harry.Potter.und.die.Kammer.des.Schreckens-23thstreet
2014-03-10 16:06 - 2014-03-10 16:02 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:46 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 15:40 - 2013-12-10 14:42 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-10 04:21 - 2014-03-10 04:19 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 04:09 - 2014-03-10 03:43 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 04:07 - 2014-03-10 03:43 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:57 - 2014-03-10 03:43 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:34 - 2014-03-10 03:17 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:33 - 2014-03-10 03:16 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:32 - 2014-03-10 03:16 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-07 17:31 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Battle.net
2014-03-07 05:29 - 2013-12-11 23:03 - 00000596 _____ () C:\Users\Kevin\Desktop\Neues Textdokument.txt
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-03 06:39 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-03-03 04:50 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 06:02 - 2013-12-29 00:48 - 00000000 ____D () C:\Users\Kevin\Documents\my games
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 04:38 - 2013-12-10 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 20:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 21:15 - 2013-12-17 01:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yjquxu
2014-02-25 20:25 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-25 20:25 - 2013-12-10 14:27 - 00000000 ___RD () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 20:23 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:40 - 2014-02-25 19:33 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-25 19:34 - 2014-02-25 19:33 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:34 - 2013-12-10 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 19:33 - 2013-12-10 14:32 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Deployment
2014-02-25 19:25 - 2014-01-21 23:30 - 00000000 ____D () C:\Windows\Minidump
2014-02-25 19:25 - 2013-12-10 14:15 - 00000000 ____D () C:\Windows\Panther
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-25 11:41 - 2014-03-13 02:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-21 10:21 - 2014-03-11 00:31 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-17 15:57 - 2013-12-10 14:31 - 00001491 _____ () C:\Users\Kevin\Desktop\W-Lan Code.txt
2014-02-16 22:50 - 2013-12-15 18:21 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-16 22:50 - 2013-12-11 12:55 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\avgnt.exe
C:\Users\Kevin\AppData\Local\Temp\riftuninstall.exe
C:\Users\Kevin\AppData\Local\Temp\Uninstaller-7636.exe
C:\Users\Kevin\AppData\Local\Temp\VSUSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:20] - [2009-07-14 02:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-02-28 00:40
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2014 01
Ran by Kevin at 2014-03-13 04:19:00
Running from C:\Users\Kevin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal)
Avira (HKLM-x32\...\{b0281a65-bf49-4b99-9ba4-8bd5acf46421}) (Version: 1.0.5179.26566 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5179.26566 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version: - Stunlock Studios)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders II (HKLM-x32\...\Darksiders II_is1) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version: - )
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
Edimax Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0165 - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo USB driver (HKLM\...\Lenovo USB Driver_is1) (Version: V1.0 - Lenovo)
Logitech Gaming Software (Version: 8.30.86 - Logitech Inc.) Hidden
Logitech Gaming Software 8.30 (HKLM\...\Logitech Gaming Software) (Version: 8.30.86 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Service Center (Version: 2.5.2.1549 - Native Instruments) Hidden
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.1.0.418 - Native Instruments)
Native Instruments Supercharger (Version: 1.1.0.418 - Native Instruments) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.1 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
R.U.S.E (HKLM-x32\...\Steam App 21970) (Version: - Eugen Systems)
Razer Nostromo (HKLM-x32\...\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}) (Version: 2.02.08 - Razer USA Ltd.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6093 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SkyDrift (HKLM-x32\...\Steam App 91100) (Version: - Digital Reality)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1989.5 - Hi-Rez Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TEdit 3 (HKLM-x32\...\{F015942F-C1BD-4297-A8A4-C0B8D42B39C5}) (Version: 3.4.13358.0 - BinaryConstruct)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version: - Mercenary Technologies)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {348B7B85-BF52-460A-AEF1-19D8F097C353} - System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D} => C:\Users\Kevin\AppData\Roaming\.minecraft\saves\ruehrqh.exe [2014-03-04] ()
==================== Loaded Modules (whitelisted) =============
2009-07-14 00:19 - 2009-07-14 02:40 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2013-10-08 09:35 - 2013-10-08 09:35 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-10-08 09:34 - 2013-10-08 09:34 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-12-11 12:55 - 2013-12-15 18:21 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-08 09:34 - 2013-10-08 09:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-13 02:13 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-07 14:47 - 2014-03-07 14:47 - 00111696 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2014-03-07 14:48 - 2014-03-07 14:48 - 00061520 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-01-02 00:17 - 2014-01-02 00:17 - 00016896 _____ () C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll
2014-03-13 02:14 - 2014-03-07 14:48 - 00049744 _____ () C:\Users\Kevin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-12-10 14:30 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-25 19:33 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-25 19:33 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-25 19:33 - 2014-02-20 02:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/13/2014 03:34:47 AM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1598
Startzeit: 01cf3e64c3b5409f
Endzeit: 9
Anwendungspfad: C:\Users\Kevin\Downloads\FRST64.exe
Berichts-ID: 086c05ac-aa58-11e3-8b8e-82ffc1deec15
Error: (03/13/2014 03:18:00 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:17:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:52 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:51 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:51 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:40 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:39 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:35 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:15:35 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
System errors:
=============
Error: (03/13/2014 04:05:39 AM) (Source: ipnathlp) (User: )
Description:
Error: (03/13/2014 03:53:32 AM) (Source: ipnathlp) (User: )
Description:
Error: (03/13/2014 03:34:25 AM) (Source: ipnathlp) (User: )
Description:
Error: (03/13/2014 03:30:11 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/13/2014 03:29:33 AM) (Source: ipnathlp) (User: )
Description:
Error: (03/13/2014 03:29:28 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
avkmgr
Error: (03/13/2014 03:28:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (03/13/2014 03:20:49 AM) (Source: ipnathlp) (User: )
Description:
Error: (03/13/2014 03:15:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (03/13/2014 03:13:42 AM) (Source: ipnathlp) (User: )
Description:
Microsoft Office Sessions:
=========================
Error: (03/13/2014 03:34:47 AM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.2159801cf3e64c3b5409f9C:\Users\Kevin\Downloads\FRST64.exe086c05ac-aa58-11e3-8b8e-82ffc1deec15
Error: (03/13/2014 03:18:00 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:17:21 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:52 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:51 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:51 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:40 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:39 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:16:35 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
Error: (03/13/2014 03:15:35 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator
CodeIntegrity Errors:
===================================
Date: 2014-03-06 14:50:51.941
Description: N/A
Date: 2014-03-06 14:50:51.937
Description: N/A
Date: 2014-03-06 14:50:51.256
Description: N/A
Date: 2014-03-06 14:50:51.252
Description: N/A
Date: 2014-01-02 10:43:14.886
Description: N/A
Date: 2014-01-02 10:43:14.863
Description: N/A
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 8191.11 MB
Available physical RAM: 5501.02 MB
Total Pagefile: 16380.38 MB
Available Pagefile: 13158.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:186.21 GB) (Free:112.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:601.78 GB) NTFS
Drive e: (NCIS 422-508) (CDROM) (Total:3.76 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 06CA3123)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: FFFFFFFF)
Partition: GPT Partition Type.
==================== End Of Log ============================
- 1) Als erstes hat er mit folgende Meldung angezeigt: Zitat:
 Dabei heraus kam diese Meldung:  Der Log vom Programm hänge ich jetzt an. Dies müssten alle Vorgehensweisen sein und ich hoffe, das ich nichts vergessen habe. Freue mich schon Rückmeldung und hoffe sehr, dass ihr mir helfen könnt. MfG Hahpuh Geändert von Hahpuh (13.03.2014 um 05:10 Uhr) |
|
13.03.2014, 07:16
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
13.03.2014, 19:52
| #3 |
| | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Ich danke dir schoneinmal, dass du dir die Zeit nimmst mir zu helfen.
__________________Erfolgreich habe ich den Scan mit deinem sogenannten "TDSSKiller" vorgenommen. Erstmal gebe ich dir ein Bild von meinen Einstellungen, die ich vorgenommen habe:  Jetzt gebe ich dir das Ergebnis meiner Auswertung inform eines Anhangs, da er zu lang ist. 1 Part Code:
ATTFilter 19:01:52.0766 0x19e8 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
19:01:55.0386 0x19e8 ============================================================
19:01:55.0386 0x19e8 Current date / time: 2014/03/13 19:01:55.0386
19:01:55.0386 0x19e8 SystemInfo:
19:01:55.0386 0x19e8
19:01:55.0386 0x19e8 OS Version: 6.1.7600 ServicePack: 0.0
19:01:55.0386 0x19e8 Product type: Workstation
19:01:55.0386 0x19e8 ComputerName: KEVIN_S
19:01:55.0386 0x19e8 UserName: Kevin
19:01:55.0386 0x19e8 Windows directory: C:\Windows
19:01:55.0386 0x19e8 System windows directory: C:\Windows
19:01:55.0386 0x19e8 Running under WOW64
19:01:55.0386 0x19e8 Processor architecture: Intel x64
19:01:55.0386 0x19e8 Number of processors: 6
19:01:55.0386 0x19e8 Page size: 0x1000
19:01:55.0386 0x19e8 Boot type: Normal boot
19:01:55.0386 0x19e8 ============================================================
19:01:59.0366 0x19e8 KLMD registered as C:\Windows\system32\drivers\48244133.sys
19:02:04.0906 0x19e8 System UUID: {BA0B612D-301B-6C6B-CF72-5BBF1BD01CD5}
19:02:05.0156 0x19e8 !crdlk
19:02:05.0156 0x19e8 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:02:05.0806 0x19e8 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:02:05.0836 0x19e8 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F65800 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:05.0836 0x19e8 ============================================================
19:02:05.0836 0x19e8 \Device\Harddisk0\DR0:
19:02:05.0836 0x19e8 MBR partitions:
19:02:05.0836 0x19e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:02:05.0836 0x19e8 \Device\Harddisk1\DR1:
19:02:05.0836 0x19e8 MBR partitions:
19:02:05.0836 0x19e8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1746C000
19:02:05.0836 0x19e8 \Device\Harddisk2\DR2:
19:02:05.0836 0x19e8 MBR partitions:
19:02:05.0836 0x19e8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
19:02:05.0836 0x19e8 ============================================================
19:02:05.0846 0x19e8 C: <-> \Device\Harddisk1\DR1\Partition1
19:02:05.0866 0x19e8 D: <-> \Device\Harddisk0\DR0\Partition1
19:02:05.0866 0x19e8 F: <-> \Device\Harddisk2\DR2\Partition1
19:02:05.0866 0x19e8 ============================================================
19:02:05.0866 0x19e8 Initialize success
19:02:05.0866 0x19e8 ============================================================
19:05:05.0656 0x1428 ============================================================
19:05:05.0656 0x1428 Scan started
19:05:05.0656 0x1428 Mode: Manual; SigCheck; TDLFS;
19:05:05.0656 0x1428 ============================================================
19:05:05.0656 0x1428 KSN ping started
19:05:11.0662 0x1428 KSN ping finished: true
19:05:13.0066 0x1428 ================ Scan system memory ========================
19:05:13.0066 0x1428 System memory - ok
19:05:13.0066 0x1428 ================ Scan services =============================
19:05:13.0315 0x1428 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:05:13.0393 0x1428 1394ohci - ok
19:05:13.0456 0x1428 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:05:13.0487 0x1428 ACPI - ok
19:05:13.0518 0x1428 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:05:13.0627 0x1428 AcpiPmi - ok
19:05:13.0783 0x1428 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:05:13.0799 0x1428 AdobeFlashPlayerUpdateSvc - ok
19:05:13.0830 0x1428 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:05:13.0846 0x1428 adp94xx - ok
19:05:13.0877 0x1428 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:05:13.0892 0x1428 adpahci - ok
19:05:13.0924 0x1428 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:05:13.0939 0x1428 adpu320 - ok
19:05:13.0986 0x1428 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:05:14.0158 0x1428 AeLookupSvc - ok
19:05:14.0220 0x1428 [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD C:\Windows\system32\drivers\afd.sys
19:05:14.0329 0x1428 AFD - ok
19:05:14.0360 0x1428 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:05:14.0360 0x1428 agp440 - ok
19:05:14.0407 0x1428 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:05:14.0470 0x1428 ALG - ok
19:05:14.0501 0x1428 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:05:14.0516 0x1428 aliide - ok
19:05:14.0563 0x1428 [ 68B2C801CDB2B3838E9C27C3C6F66C73, D2E7A062973CB4D1C33A299D5AEFCE943EB59934EBA427F3C99D03A56EFF7A96 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:05:14.0657 0x1428 AMD External Events Utility - ok
19:05:14.0704 0x1428 AMD FUEL Service - ok
19:05:14.0735 0x1428 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:05:14.0735 0x1428 amdide - ok
19:05:14.0782 0x1428 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:05:14.0813 0x1428 AmdK8 - ok
19:05:15.0343 0x1428 [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:05:15.0624 0x1428 amdkmdag - ok
19:05:15.0749 0x1428 [ 954759EAE7FB2591A5E7206AB0093AE7, A47FFCE75767CFE79A1CD2B42DC1FEEC8C65C0E503289DC70B751FECDD9CE9FF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:05:15.0796 0x1428 amdkmdap - ok
19:05:15.0827 0x1428 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:05:15.0858 0x1428 AmdPPM - ok
19:05:15.0905 0x1428 [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:05:15.0920 0x1428 amdsata - ok
19:05:15.0952 0x1428 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:05:15.0967 0x1428 amdsbs - ok
19:05:15.0983 0x1428 [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:05:15.0998 0x1428 amdxata - ok
19:05:16.0232 0x1428 [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:05:16.0264 0x1428 AntiVirSchedulerService - ok
19:05:16.0357 0x1428 [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:05:16.0357 0x1428 AntiVirService - ok
19:05:16.0404 0x1428 [ F2154A205F4B784B61A72AEBC72BDC5F, A1D962BCF952FAD8016D9210327E7C1044BF4D3D035C7443F8671DDA16E0A390 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:05:16.0404 0x1428 Suspicious file ( NoAccess ): C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys. md5: F2154A205F4B784B61A72AEBC72BDC5F, sha256: A1D962BCF952FAD8016D9210327E7C1044BF4D3D035C7443F8671DDA16E0A390
19:05:16.0435 0x1428 AODDriver4.2 - detected LockedFile.Multi.Generic ( 1 )
19:05:22.0472 0x1428 Detect skipped due to KSN trusted
19:05:22.0472 0x1428 AODDriver4.2 - ok
19:05:22.0535 0x1428 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
19:05:22.0691 0x1428 AppID - ok
19:05:22.0722 0x1428 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:05:22.0800 0x1428 AppIDSvc - ok
19:05:22.0847 0x1428 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
19:05:22.0909 0x1428 Appinfo - ok
19:05:22.0956 0x1428 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
19:05:23.0034 0x1428 AppMgmt - ok
19:05:23.0081 0x1428 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:05:23.0112 0x1428 arc - ok
19:05:23.0128 0x1428 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:05:23.0143 0x1428 arcsas - ok
19:05:23.0268 0x1428 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:05:23.0284 0x1428 aspnet_state - ok
19:05:23.0330 0x1428 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:05:23.0330 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242, sha256: 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26
19:05:23.0346 0x1428 AsyncMac - detected LockedFile.Multi.Generic ( 1 )
19:05:29.0414 0x1428 Detect skipped due to KSN trusted
19:05:29.0414 0x1428 AsyncMac - ok
19:05:29.0461 0x1428 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:05:29.0461 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
19:05:29.0461 0x1428 atapi - detected LockedFile.Multi.Generic ( 1 )
19:05:35.0498 0x1428 Detect skipped due to KSN trusted
19:05:35.0498 0x1428 atapi - ok
19:05:35.0576 0x1428 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:05:35.0576 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\AtihdW76.sys. md5: 37CB595C0AB20ECBFA5170D3185690DB, sha256: 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2
19:05:35.0592 0x1428 AtiHDAudioService - detected LockedFile.Multi.Generic ( 1 )
19:05:41.0629 0x1428 Detect skipped due to KSN trusted
19:05:41.0629 0x1428 AtiHDAudioService - ok
19:05:41.0738 0x1428 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:05:41.0801 0x1428 AudioEndpointBuilder - ok
19:05:41.0832 0x1428 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:05:41.0863 0x1428 AudioSrv - ok
19:05:41.0910 0x1428 [ 7806BFCD1D7FA5EC23F7324D4EAFD25B, 4EDFD9DE520728AF6578BED0054ED6A4976A7F020F3329EA6681D6E361D9DB2D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:05:41.0957 0x1428 avgntflt - ok
19:05:42.0019 0x1428 [ C3A58DBD18786C338126D30BF8C33D72, 4DF4D37AB5139548C2DA4B4C8D6B933A7F4ED001BCA089EFBC8C57EEDE8785A6 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:05:42.0035 0x1428 avipbb - ok
19:05:42.0144 0x1428 [ 32C1455646CFDD79B01603C21620BA56, 36D2B55D2A5620F666408C4064449E4FE060A2E8BC9292F21E9DFD4FCD6C9DF0 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
19:05:42.0144 0x1428 Avira.OE.ServiceHost - ok
19:05:42.0175 0x1428 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:05:42.0191 0x1428 avkmgr - ok
19:05:42.0222 0x1428 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:05:42.0347 0x1428 AxInstSV - ok
19:05:42.0409 0x1428 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:05:42.0409 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842, sha256: DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580
19:05:42.0440 0x1428 b06bdrv - detected LockedFile.Multi.Generic ( 1 )
19:05:52.0534 0x1428 b06bdrv ( LockedFile.Multi.Generic ) - warning
19:05:52.0534 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\bxvbda.sys
19:06:12.0127 0x1428 Object send P2P result: true
19:06:18.0196 0x1428 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:06:18.0196 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2, sha256: 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA
19:06:18.0227 0x1428 b57nd60a - detected LockedFile.Multi.Generic ( 1 )
19:06:24.0264 0x1428 Detect skipped due to KSN trusted
19:06:24.0264 0x1428 b57nd60a - ok
19:06:24.0326 0x1428 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:06:24.0373 0x1428 BDESVC - ok
19:06:24.0389 0x1428 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:06:24.0389 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746, sha256: 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024
19:06:24.0404 0x1428 Beep - detected LockedFile.Multi.Generic ( 1 )
19:06:30.0376 0x1428 Detect skipped due to KSN trusted
19:06:30.0376 0x1428 Beep - ok
19:06:30.0693 0x1428 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
19:06:30.0758 0x1428 BFE - ok
19:06:30.0835 0x1428 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
19:06:30.0915 0x1428 BITS - ok
19:06:30.0968 0x1428 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:06:30.0968 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3, sha256: 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811
19:06:30.0995 0x1428 blbdrive - detected LockedFile.Multi.Generic ( 1 )
19:06:36.0844 0x1428 Detect skipped due to KSN trusted
19:06:36.0844 0x1428 blbdrive - ok
19:06:37.0074 0x1428 [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:06:37.0074 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 91CE0D3DC57DD377E690A2D324022B08, sha256: 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E
19:06:37.0099 0x1428 bowser - detected LockedFile.Multi.Generic ( 1 )
19:06:42.0965 0x1428 Detect skipped due to KSN trusted
19:06:42.0965 0x1428 bowser - ok
19:06:43.0255 0x1428 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:06:43.0255 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8, sha256: 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3
19:06:43.0265 0x1428 BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
19:06:49.0115 0x1428 Detect skipped due to KSN trusted
19:06:49.0115 0x1428 BrFiltLo - ok
19:06:49.0135 0x1428 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:06:49.0135 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6, sha256: 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C
19:06:49.0135 0x1428 BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
19:06:54.0975 0x1428 Detect skipped due to KSN trusted
19:06:54.0975 0x1428 BrFiltUp - ok
19:06:55.0015 0x1428 [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser C:\Windows\System32\browser.dll
19:06:55.0055 0x1428 Browser - ok
19:06:55.0095 0x1428 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:06:55.0095 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD, sha256: 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272
19:06:55.0105 0x1428 Brserid - detected LockedFile.Multi.Generic ( 1 )
19:07:05.0105 0x1428 Object is SCO, delete is not allowed
19:07:05.0105 0x1428 Brserid ( LockedFile.Multi.Generic ) - warning
19:07:25.0125 0x1428 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:25.0125 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
19:07:25.0125 0x1428 BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
19:07:30.0965 0x1428 Detect skipped due to KSN trusted
19:07:30.0965 0x1428 BrSerWdm - ok
19:07:30.0995 0x1428 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:30.0995 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
19:07:31.0005 0x1428 BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
19:07:36.0865 0x1428 Detect skipped due to KSN trusted
19:07:36.0865 0x1428 BrUsbMdm - ok
19:07:36.0895 0x1428 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:36.0895 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
19:07:36.0905 0x1428 BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
19:07:42.0775 0x1428 Detect skipped due to KSN trusted
19:07:42.0775 0x1428 BrUsbSer - ok
19:07:42.0795 0x1428 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:42.0795 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
19:07:42.0805 0x1428 BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
19:07:48.0665 0x1428 Detect skipped due to KSN trusted
19:07:48.0665 0x1428 BTHMODEM - ok
19:07:48.0715 0x1428 [ A51FA9D0E85D5ADABEF72E67F386309C, 4F6F44D5E3A43239B50BCA75CBAA48FE40097E2AFF9360E1956F41ED52BD8183 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:07:48.0745 0x1428 BTHPORT - ok
19:07:48.0805 0x1428 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:07:48.0835 0x1428 bthserv - ok
19:07:48.0895 0x1428 [ F740B9A16B2C06700F2130E19986BF3B, 92158FD1B3706DE068F077ACA9A25F5479EF282E8B81F5A2FF8A66CBB5F80FCF ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:07:48.0915 0x1428 BTHUSB - ok
19:07:48.0965 0x1428 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:07:48.0965 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
19:07:48.0965 0x1428 cdfs - detected LockedFile.Multi.Generic ( 1 )
19:07:54.0865 0x1428 Detect skipped due to KSN trusted
19:07:54.0865 0x1428 cdfs - ok
19:07:54.0885 0x1428 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:07:54.0885 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdrom.sys. md5: 83D2D75E1EFB81B3450C18131443F7DB, sha256: F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22
19:07:54.0895 0x1428 cdrom - detected LockedFile.Multi.Generic ( 1 )
19:08:00.0755 0x1428 Detect skipped due to KSN trusted
19:08:00.0755 0x1428 cdrom - ok
19:08:00.0785 0x1428 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
19:08:00.0835 0x1428 CertPropSvc - ok
19:08:00.0855 0x1428 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:08:00.0855 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
19:08:00.0865 0x1428 circlass - detected LockedFile.Multi.Generic ( 1 )
19:08:06.0715 0x1428 Detect skipped due to KSN trusted
19:08:06.0715 0x1428 circlass - ok
19:08:06.0775 0x1428 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:08:06.0775 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
19:08:06.0775 0x1428 CLFS - detected LockedFile.Multi.Generic ( 1 )
19:08:12.0635 0x1428 Detect skipped due to KSN trusted
19:08:12.0635 0x1428 CLFS - ok
19:08:12.0695 0x1428 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:12.0705 0x1428 clr_optimization_v2.0.50727_32 - ok
19:08:12.0765 0x1428 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:12.0775 0x1428 clr_optimization_v2.0.50727_64 - ok
19:08:12.0845 0x1428 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:12.0885 0x1428 clr_optimization_v4.0.30319_32 - ok
19:08:12.0925 0x1428 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:08:12.0935 0x1428 clr_optimization_v4.0.30319_64 - ok
19:08:12.0955 0x1428 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:12.0955 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
19:08:12.0965 0x1428 CmBatt - detected LockedFile.Multi.Generic ( 1 )
19:08:22.0965 0x1428 Object is SCO, delete is not allowed
19:08:22.0965 0x1428 CmBatt ( LockedFile.Multi.Generic ) - warning
19:08:22.0965 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:41.0906 0x1428 Object send P2P result: true
19:08:47.0706 0x1428 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:08:47.0706 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
19:08:47.0716 0x1428 cmdide - detected LockedFile.Multi.Generic ( 1 )
19:08:53.0546 0x1428 Detect skipped due to KSN trusted
19:08:53.0546 0x1428 cmdide - ok
19:08:53.0586 0x1428 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG C:\Windows\system32\Drivers\cng.sys
19:08:53.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: F95FD4CB7DA00BA2A63CE9F6B5C053E1, sha256: D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49
19:08:53.0596 0x1428 CNG - detected LockedFile.Multi.Generic ( 1 )
19:08:59.0436 0x1428 Detect skipped due to KSN trusted
19:08:59.0436 0x1428 CNG - ok
19:08:59.0466 0x1428 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:08:59.0466 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
19:08:59.0466 0x1428 Compbatt - detected LockedFile.Multi.Generic ( 1 )
19:09:05.0336 0x1428 Detect skipped due to KSN trusted
19:09:05.0336 0x1428 Compbatt - ok
19:09:05.0386 0x1428 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:09:05.0386 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CompositeBus.sys. md5: F26B3A86F6FA87CA360B879581AB4123, sha256: 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF
19:09:05.0386 0x1428 CompositeBus - detected LockedFile.Multi.Generic ( 1 )
19:09:11.0316 0x1428 Detect skipped due to KSN trusted
19:09:11.0316 0x1428 CompositeBus - ok
19:09:11.0336 0x1428 COMSysApp - ok
19:09:11.0376 0x1428 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:09:11.0376 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
19:09:11.0386 0x1428 crcdisk - detected LockedFile.Multi.Generic ( 1 )
19:09:17.0296 0x1428 Detect skipped due to KSN trusted
19:09:17.0296 0x1428 crcdisk - ok
19:09:17.0356 0x1428 [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:09:17.0426 0x1428 CryptSvc - ok
19:09:17.0496 0x1428 [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC C:\Windows\system32\drivers\csc.sys
19:09:17.0496 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\csc.sys. md5: 4A6173C2279B498CD8F57CAE504564CB, sha256: FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216
19:09:17.0506 0x1428 CSC - detected LockedFile.Multi.Generic ( 1 )
19:09:23.0406 0x1428 Detect skipped due to KSN trusted
19:09:23.0406 0x1428 CSC - ok
19:09:23.0476 0x1428 [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService C:\Windows\System32\cscsvc.dll
19:09:23.0536 0x1428 CscService - ok
19:09:23.0546 0x1428 Suspicious service (NoAccess): d9c0704a342146bd
19:09:23.0586 0x1428 [ 66D8440BEEA84FB7DB3F6474827F6B9D, 0EB179E00FBD7440D455F6EF4D6F4D3101B8A55F913BA90079F0315E4DE42B9A ] d9c0704a342146bd C:\Windows\System32\Drivers\d9c0704a342146bd.sys
19:09:23.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\d9c0704a342146bd.sys. md5: 66D8440BEEA84FB7DB3F6474827F6B9D, sha256: 0EB179E00FBD7440D455F6EF4D6F4D3101B8A55F913BA90079F0315E4DE42B9A
19:09:23.0646 0x1428 d9c0704a342146bd - detected Rootkit.Win32.Necurs.gen ( 0 )
19:09:29.0566 0x1428 d9c0704a342146bd ( Rootkit.Win32.Necurs.gen ) - infected
19:09:29.0566 0x1428 Force sending object to P2P due to detect: C:\Windows\System32\Drivers\d9c0704a342146bd.sys
19:09:49.0566 0x1428 Object send P2P result: false
19:09:57.0916 0x1428 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:09:57.0976 0x1428 DcomLaunch - ok
19:09:58.0046 0x1428 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:09:58.0116 0x1428 defragsvc - ok
19:09:58.0166 0x1428 [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:09:58.0166 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 3F1DC527070ACB87E40AFE46EF6DA749, sha256: 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84
19:09:58.0196 0x1428 DfsC - detected LockedFile.Multi.Generic ( 1 )
19:10:04.0086 0x1428 Detect skipped due to KSN trusted
19:10:04.0096 0x1428 DfsC - ok
19:10:04.0156 0x1428 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:10:04.0276 0x1428 Dhcp - ok
19:10:04.0296 0x1428 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:10:04.0296 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
19:10:04.0316 0x1428 discache - detected LockedFile.Multi.Generic ( 1 )
19:10:10.0216 0x1428 Detect skipped due to KSN trusted
19:10:10.0216 0x1428 discache - ok
19:10:10.0256 0x1428 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:10:10.0256 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
19:10:10.0266 0x1428 Disk - detected LockedFile.Multi.Generic ( 1 )
19:10:16.0186 0x1428 Detect skipped due to KSN trusted
19:10:16.0186 0x1428 Disk - ok
19:10:16.0256 0x1428 [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:10:16.0326 0x1428 Dnscache - ok
19:10:16.0366 0x1428 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
19:10:16.0406 0x1428 dot3svc - ok
19:10:16.0466 0x1428 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
19:10:16.0506 0x1428 DPS - ok
19:10:16.0536 0x1428 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:10:16.0536 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
19:10:16.0546 0x1428 drmkaud - detected LockedFile.Multi.Generic ( 1 )
19:10:22.0486 0x1428 Detect skipped due to KSN trusted
19:10:22.0486 0x1428 drmkaud - ok
19:10:22.0596 0x1428 [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:10:22.0596 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: EBCE0B0924835F635F620D19F0529DCE, sha256: 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26
19:10:22.0606 0x1428 DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
19:10:28.0506 0x1428 Detect skipped due to KSN trusted
19:10:28.0516 0x1428 DXGKrnl - ok
19:10:28.0596 0x1428 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:10:28.0656 0x1428 EapHost - ok
19:10:28.0846 0x1428 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:10:28.0846 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
19:10:28.0856 0x1428 ebdrv - detected LockedFile.Multi.Generic ( 1 )
19:10:34.0756 0x1428 Detect skipped due to KSN trusted
19:10:34.0756 0x1428 ebdrv - ok
19:10:34.0796 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
19:10:34.0826 0x1428 EFS - ok
19:10:34.0926 0x1428 [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:10:35.0006 0x1428 ehRecvr - ok
19:10:35.0046 0x1428 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:10:35.0066 0x1428 ehSched - ok
19:10:35.0136 0x1428 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:10:35.0136 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
19:10:35.0166 0x1428 elxstor - detected LockedFile.Multi.Generic ( 1 )
19:10:41.0086 0x1428 Detect skipped due to KSN trusted
19:10:41.0086 0x1428 elxstor - ok
19:10:41.0106 0x1428 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:10:41.0106 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
19:10:41.0116 0x1428 ErrDev - detected LockedFile.Multi.Generic ( 1 )
19:10:51.0116 0x1428 Object is SCO, delete is not allowed
19:10:51.0116 0x1428 ErrDev ( LockedFile.Multi.Generic ) - warning
19:11:09.0156 0x1428 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:11:09.0216 0x1428 EventSystem - ok
19:11:09.0266 0x1428 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:11:09.0266 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
19:11:09.0286 0x1428 exfat - detected LockedFile.Multi.Generic ( 1 )
19:11:15.0186 0x1428 Detect skipped due to KSN trusted
19:11:15.0186 0x1428 exfat - ok
19:11:15.0236 0x1428 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:11:15.0236 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
19:11:15.0246 0x1428 fastfat - detected LockedFile.Multi.Generic ( 1 )
19:11:21.0166 0x1428 Detect skipped due to KSN trusted
19:11:21.0166 0x1428 fastfat - ok
19:11:21.0246 0x1428 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
19:11:21.0286 0x1428 Fax - ok
19:11:21.0306 0x1428 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:11:21.0306 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
19:11:21.0316 0x1428 fdc - detected LockedFile.Multi.Generic ( 1 )
19:11:27.0216 0x1428 Detect skipped due to KSN trusted
19:11:27.0216 0x1428 fdc - ok
19:11:27.0266 0x1428 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:11:27.0346 0x1428 fdPHost - ok
19:11:27.0376 0x1428 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:11:27.0426 0x1428 FDResPub - ok
19:11:27.0486 0x1428 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:11:27.0486 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
19:11:27.0496 0x1428 FileInfo - detected LockedFile.Multi.Generic ( 1 )
19:11:33.0406 0x1428 Detect skipped due to KSN trusted
19:11:33.0406 0x1428 FileInfo - ok
19:11:34.0016 0x1428 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:11:34.0016 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
19:11:34.0276 0x1428 Filetrace - detected LockedFile.Multi.Generic ( 1 )
19:11:40.0216 0x1428 Detect skipped due to KSN trusted
19:11:40.0216 0x1428 Filetrace - ok
19:11:40.0246 0x1428 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:40.0246 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
19:11:40.0256 0x1428 flpydisk - detected LockedFile.Multi.Generic ( 1 )
19:11:46.0176 0x1428 Detect skipped due to KSN trusted
19:11:46.0176 0x1428 flpydisk - ok
19:11:46.0246 0x1428 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:11:46.0246 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: F7866AF72ABBAF84B1FA5AA195378C59, sha256: 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8
19:11:46.0256 0x1428 FltMgr - detected LockedFile.Multi.Generic ( 1 )
19:11:52.0156 0x1428 Detect skipped due to KSN trusted
19:11:52.0156 0x1428 FltMgr - ok
19:11:52.0276 0x1428 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache C:\Windows\system32\FntCache.dll
19:11:52.0356 0x1428 FontCache - ok
19:11:52.0416 0x1428 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:11:52.0426 0x1428 FontCache3.0.0.0 - ok
19:11:52.0456 0x1428 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:11:52.0456 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
19:11:52.0466 0x1428 FsDepends - detected LockedFile.Multi.Generic ( 1 )
19:11:58.0366 0x1428 Detect skipped due to KSN trusted
19:11:58.0366 0x1428 FsDepends - ok
19:11:58.0426 0x1428 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:11:58.0426 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: E95EF8547DE20CF0603557C0CF7A9462, sha256: 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6
19:11:58.0426 0x1428 Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
19:12:08.0436 0x1428 Object is SCO, delete is not allowed
19:12:08.0436 0x1428 Fs_Rec ( LockedFile.Multi.Generic ) - warning
19:12:08.0436 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\Fs_Rec.sys
19:12:28.0436 0x1428 Object send P2P result: false
19:12:34.0316 0x1428 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:12:34.0316 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: B8B2A6E1558F8F5DE5CE431C5B2C7B09, sha256: 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3
19:12:34.0326 0x1428 fvevol - detected LockedFile.Multi.Generic ( 1 )
19:12:40.0236 0x1428 Detect skipped due to KSN trusted
19:12:40.0236 0x1428 fvevol - ok
19:12:40.0276 0x1428 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:12:40.0276 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
19:12:40.0286 0x1428 gagp30kx - detected LockedFile.Multi.Generic ( 1 )
19:12:46.0196 0x1428 Detect skipped due to KSN trusted
19:12:46.0196 0x1428 gagp30kx - ok
19:12:46.0306 0x1428 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
19:12:46.0366 0x1428 gpsvc - ok
19:12:46.0406 0x1428 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:12:46.0406 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hamachi.sys. md5: 1E6438D4EA6E1174A3B3B1EDC4DE660B, sha256: F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011
19:12:46.0406 0x1428 hamachi - detected LockedFile.Multi.Generic ( 1 )
19:12:52.0336 0x1428 Detect skipped due to KSN trusted
19:12:52.0336 0x1428 hamachi - ok
19:12:52.0566 0x1428 [ 2A94B104F6B64AE207D687F2AFFE8056, A42F8198A070C417554C34C2166137868506B5F7780DB7C13C0658013940F5D6 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:12:52.0626 0x1428 Hamachi2Svc - ok
19:12:52.0666 0x1428 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:12:52.0666 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
19:12:52.0686 0x1428 hcw85cir - detected LockedFile.Multi.Generic ( 1 )
19:12:58.0566 0x1428 Detect skipped due to KSN trusted
19:12:58.0566 0x1428 hcw85cir - ok
19:12:58.0646 0x1428 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:12:58.0646 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12, sha256: 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5
19:12:58.0656 0x1428 HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:13:04.0566 0x1428 Detect skipped due to KSN trusted
19:13:04.0566 0x1428 HdAudAddService - ok
19:13:04.0626 0x1428 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:04.0626 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0A49913402747A0B67DE940FB42CBDBB, sha256: 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83
19:13:04.0636 0x1428 HDAudBus - detected LockedFile.Multi.Generic ( 1 )
19:13:10.0556 0x1428 Detect skipped due to KSN trusted
19:13:10.0556 0x1428 HDAudBus - ok
19:13:10.0586 0x1428 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:10.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
19:13:10.0596 0x1428 HidBatt - detected LockedFile.Multi.Generic ( 1 )
19:13:20.0596 0x1428 HidBatt ( LockedFile.Multi.Generic ) - warning
19:13:20.0596 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:40.0596 0x1428 Object send P2P result: false
19:13:46.0486 0x1428 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:13:46.0486 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
19:13:46.0486 0x1428 HidBth - detected LockedFile.Multi.Generic ( 1 )
19:13:52.0406 0x1428 Detect skipped due to KSN trusted
19:13:52.0406 0x1428 HidBth - ok
19:13:52.0456 0x1428 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:13:52.0456 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
19:13:52.0466 0x1428 HidIr - detected LockedFile.Multi.Generic ( 1 )
19:13:58.0346 0x1428 Detect skipped due to KSN trusted
19:13:58.0346 0x1428 HidIr - ok
19:13:58.0406 0x1428 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:13:58.0456 0x1428 hidserv - ok
19:13:58.0486 0x1428 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:13:58.0486 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: B3BF6B5B50006DEF50B66306D99FCF6F, sha256: D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417
19:13:58.0496 0x1428 HidUsb - detected LockedFile.Multi.Generic ( 1 )
19:14:04.0386 0x1428 Detect skipped due to KSN trusted
19:14:04.0386 0x1428 HidUsb - ok
19:14:04.0496 0x1428 [ DFD1D30D8B68D883B5858748F7E35AD2, 051C9940054558DCB96746C0425A52F5294194163946B4A2A9CAEA64CFA855A1 ] HiPatchService D:\Smite\HiPatchService.exe
19:14:04.0516 0x1428 HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
19:14:10.0416 0x1428 Detect skipped due to KSN trusted
19:14:10.0416 0x1428 HiPatchService - ok
19:14:10.0486 0x1428 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
19:14:10.0536 0x1428 hkmsvc - ok
19:14:10.0576 0x1428 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:14:10.0636 0x1428 HomeGroupListener - ok
19:14:10.0696 0x1428 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:14:10.0726 0x1428 HomeGroupProvider - ok
19:14:10.0756 0x1428 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:14:10.0756 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886D440058F203EBA0E1825E4355914, sha256: BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070
19:14:10.0796 0x1428 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
19:14:17.0136 0x1428 Detect skipped due to KSN trusted
19:14:17.0136 0x1428 HpSAMD - ok
19:14:17.0226 0x1428 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:14:17.0226 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: CEE049CAC4EFA7F4E1E4AD014414A5D4, sha256: 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D
19:14:17.0236 0x1428 HTTP - detected LockedFile.Multi.Generic ( 1 )
19:14:23.0146 0x1428 Detect skipped due to KSN trusted
19:14:23.0146 0x1428 HTTP - ok
19:14:23.0206 0x1428 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:14:23.0206 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: F17766A19145F111856378DF337A5D79, sha256: FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62
19:14:23.0216 0x1428 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
19:14:33.0216 0x1428 hwpolicy ( LockedFile.Multi.Generic ) - warning
19:14:52.0166 0x1428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:14:52.0166 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
19:14:52.0166 0x1428 i8042prt - detected LockedFile.Multi.Generic ( 1 )
19:14:58.0056 0x1428 Detect skipped due to KSN trusted
19:14:58.0056 0x1428 i8042prt - ok
19:14:58.0126 0x1428 [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
19:14:58.0126 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorV.sys. md5: D83EFB6FD45DF9D55E9A1AFC63640D50, sha256: 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B
19:14:58.0136 0x1428 iaStorV - detected LockedFile.Multi.Generic ( 1 )
19:15:04.0016 0x1428 Detect skipped due to KSN trusted
19:15:04.0016 0x1428 iaStorV - ok
19:15:04.0126 0x1428 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:15:04.0156 0x1428 idsvc - ok
19:15:04.0186 0x1428 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:15:04.0186 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
19:15:04.0206 0x1428 iirsp - detected LockedFile.Multi.Generic ( 1 )
19:15:10.0116 0x1428 Detect skipped due to KSN trusted
19:15:10.0116 0x1428 iirsp - ok
19:15:10.0236 0x1428 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
19:15:10.0286 0x1428 IKEEXT - ok
19:15:10.0456 0x1428 [ D6B90D1208CFC57E9F213357BCC41A3C, E199A28618A5904E619563DB99D708FCD6BDF0FD46EB00FC7B7EE0466F736778 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:15:10.0456 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: D6B90D1208CFC57E9F213357BCC41A3C, sha256: E199A28618A5904E619563DB99D708FCD6BDF0FD46EB00FC7B7EE0466F736778
19:15:10.0466 0x1428 IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:15:16.0356 0x1428 Detect skipped due to KSN trusted
19:15:16.0366 0x1428 IntcAzAudAddService - ok
19:15:16.0396 0x1428 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:15:16.0396 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
19:15:16.0406 0x1428 intelide - detected LockedFile.Multi.Generic ( 1 )
19:15:22.0336 0x1428 Detect skipped due to KSN trusted
19:15:22.0336 0x1428 intelide - ok
19:15:22.0366 0x1428 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:15:22.0366 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
19:15:22.0386 0x1428 intelppm - detected LockedFile.Multi.Generic ( 1 )
19:15:28.0306 0x1428 Detect skipped due to KSN trusted
19:15:28.0306 0x1428 intelppm - ok
19:15:28.0366 0x1428 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:15:28.0436 0x1428 IPBusEnum - ok
19:15:28.0476 0x1428 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:15:28.0476 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722DD294DF62483CECAAE6E094B4D695, sha256: 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0
19:15:28.0486 0x1428 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
19:15:34.0396 0x1428 Detect skipped due to KSN trusted
19:15:34.0396 0x1428 IpFilterDriver - ok
19:15:34.0486 0x1428 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:15:34.0586 0x1428 iphlpsvc - ok
19:15:34.0616 0x1428 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:15:34.0616 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: E2B4A4494DB7CB9B89B55CA268C337C5, sha256: C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB
19:15:34.0616 0x1428 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
19:15:40.0536 0x1428 Detect skipped due to KSN trusted
19:15:40.0536 0x1428 IPMIDRV - ok
19:15:40.0596 0x1428 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:15:40.0596 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
19:15:40.0596 0x1428 IPNAT - detected LockedFile.Multi.Generic ( 1 )
19:15:50.0596 0x1428 Object is SCO, delete is not allowed
19:15:50.0596 0x1428 IPNAT ( LockedFile.Multi.Generic ) - warning
19:16:07.0416 0x1428 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:16:07.0416 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
19:16:07.0426 0x1428 IRENUM - detected LockedFile.Multi.Generic ( 1 )
19:16:13.0336 0x1428 Detect skipped due to KSN trusted
19:16:13.0336 0x1428 IRENUM - ok
19:16:13.0366 0x1428 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:16:13.0366 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
19:16:13.0376 0x1428 isapnp - detected LockedFile.Multi.Generic ( 1 )
19:16:19.0306 0x1428 Detect skipped due to KSN trusted
19:16:19.0306 0x1428 isapnp - ok
19:16:19.0356 0x1428 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:19.0356 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: FA4D2557DE56D45B0A346F93564BE6E1, sha256: 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C
19:16:19.0366 0x1428 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
19:16:25.0286 0x1428 Detect skipped due to KSN trusted
19:16:25.0286 0x1428 iScsiPrt - ok
19:16:25.0326 0x1428 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:25.0326 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
19:16:25.0336 0x1428 kbdclass - detected LockedFile.Multi.Generic ( 1 )
19:16:31.0236 0x1428 Detect skipped due to KSN trusted
19:16:31.0236 0x1428 kbdclass - ok
19:16:31.0266 0x1428 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:31.0266 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6DEF98F8541E1B5DCEB2C822A11F7323, sha256: F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D
19:16:31.0276 0x1428 kbdhid - detected LockedFile.Multi.Generic ( 1 )
19:16:37.0206 0x1428 Detect skipped due to KSN trusted
19:16:37.0206 0x1428 kbdhid - ok
19:16:37.0246 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
19:16:37.0276 0x1428 KeyIso - ok
19:16:37.0306 0x1428 [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:16:37.0306 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: E8B6FCC9C83535C67F835D407620BD27, sha256: 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870
19:16:37.0316 0x1428 KSecDD - detected LockedFile.Multi.Generic ( 1 )
19:16:43.0236 0x1428 Detect skipped due to KSN trusted
19:16:43.0236 0x1428 KSecDD - ok
19:16:43.0276 0x1428 [ BBE1BF6D9B661C354D4857D5FADB943B, D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:16:43.0276 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: BBE1BF6D9B661C354D4857D5FADB943B, sha256: D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF
19:16:43.0276 0x1428 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
19:16:49.0276 0x1428 Detect skipped due to KSN trusted
19:16:49.0276 0x1428 KSecPkg - ok
19:16:49.0326 0x1428 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:16:49.0326 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
19:16:49.0336 0x1428 ksthunk - detected LockedFile.Multi.Generic ( 1 )
19:16:55.0236 0x1428 Detect skipped due to KSN trusted
19:16:55.0236 0x1428 ksthunk - ok
19:16:55.0316 0x1428 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:16:55.0386 0x1428 KtmRm - ok
19:16:55.0456 0x1428 [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer C:\Windows\system32\srvsvc.dll
19:16:55.0506 0x1428 LanmanServer - ok
19:16:55.0556 0x1428 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:16:55.0586 0x1428 LanmanWorkstation - ok
19:16:55.0626 0x1428 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:16:55.0626 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\LGBusEnum.sys. md5: FA529FB35694C24BF98A9EF67C1CD9D0, sha256: 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075
19:16:55.0636 0x1428 LGBusEnum - detected LockedFile.Multi.Generic ( 1 )
19:17:05.0636 0x1428 LGBusEnum ( LockedFile.Multi.Generic ) - warning
19:17:25.0596 0x1428 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:17:25.0596 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\LGVirHid.sys. md5: 94B29CE153765E768F004FB3440BE2B0, sha256: E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024
19:17:25.0606 0x1428 LGVirHid - detected LockedFile.Multi.Generic ( 1 )
19:17:31.0546 0x1428 Detect skipped due to KSN trusted
19:17:31.0546 0x1428 LGVirHid - ok
19:17:31.0586 0x1428 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:17:31.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
19:17:31.0606 0x1428 lltdio - detected LockedFile.Multi.Generic ( 1 )
19:17:37.0536 0x1428 Detect skipped due to KSN trusted
19:17:37.0536 0x1428 lltdio - ok
19:17:37.0606 0x1428 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:17:37.0656 0x1428 lltdsvc - ok
19:17:37.0706 0x1428 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:17:37.0786 0x1428 lmhosts - ok
19:17:37.0866 0x1428 [ E299C7D4AE6AF391F38EAE78D788E678, 830D9466FED497B793BD7AFC31053A903E41E4EE02765365E4D72BADA5C45338 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
19:17:37.0896 0x1428 LMIGuardianSvc - ok
19:17:37.0936 0x1428 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:17:37.0936 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
19:17:37.0946 0x1428 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
19:17:43.0876 0x1428 Detect skipped due to KSN trusted
19:17:43.0876 0x1428 LSI_FC - ok
19:17:43.0906 0x1428 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:17:43.0906 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
19:17:43.0916 0x1428 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
19:17:49.0846 0x1428 Detect skipped due to KSN trusted
19:17:49.0846 0x1428 LSI_SAS - ok
19:17:49.0886 0x1428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:17:49.0886 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
19:17:49.0896 0x1428 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
19:17:55.0806 0x1428 Detect skipped due to KSN trusted
19:17:55.0806 0x1428 LSI_SAS2 - ok
19:17:55.0856 0x1428 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:17:55.0856 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
19:17:55.0866 0x1428 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
19:18:01.0786 0x1428 Detect skipped due to KSN trusted
19:18:01.0786 0x1428 LSI_SCSI - ok
19:18:01.0836 0x1428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:18:01.0836 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
19:18:01.0846 0x1428 luafv - detected LockedFile.Multi.Generic ( 1 )
19:18:07.0776 0x1428 Detect skipped due to KSN trusted
19:18:07.0776 0x1428 luafv - ok
19:18:07.0836 0x1428 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:18:07.0886 0x1428 Mcx2Svc - ok
19:18:07.0926 0x1428 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:18:07.0926 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
19:18:07.0936 0x1428 megasas - detected LockedFile.Multi.Generic ( 1 )
19:18:17.0936 0x1428 Object is SCO, delete is not allowed
19:18:17.0936 0x1428 megasas ( LockedFile.Multi.Generic ) - warning
19:18:17.0936 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\megasas.sys
19:18:23.0916 0x1428 Object send P2P result: true
19:18:41.0846 0x1428 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:18:41.0846 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
19:18:41.0856 0x1428 MegaSR - detected LockedFile.Multi.Generic ( 1 )
19:18:47.0766 0x1428 Detect skipped due to KSN trusted
19:18:47.0766 0x1428 MegaSR - ok
19:18:47.0836 0x1428 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:18:47.0906 0x1428 MMCSS - ok
19:18:47.0946 0x1428 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:18:47.0946 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
19:18:47.0956 0x1428 Modem - detected LockedFile.Multi.Generic ( 1 )
19:18:53.0866 0x1428 Detect skipped due to KSN trusted
19:18:53.0866 0x1428 Modem - ok
19:18:53.0916 0x1428 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:18:53.0916 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
19:18:53.0926 0x1428 monitor - detected LockedFile.Multi.Generic ( 1 )
19:18:59.0841 0x1428 Detect skipped due to KSN trusted
19:18:59.0841 0x1428 monitor - ok
19:18:59.0909 0x1428 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:18:59.0910 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
19:18:59.0916 0x1428 mouclass - detected LockedFile.Multi.Generic ( 1 )
19:19:05.0778 0x1428 Detect skipped due to KSN trusted
19:19:05.0778 0x1428 mouclass - ok
19:19:05.0808 0x1428 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:19:05.0808 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
19:19:05.0808 0x1428 mouhid - detected LockedFile.Multi.Generic ( 1 )
19:19:11.0718 0x1428 Detect skipped due to KSN trusted
19:19:11.0718 0x1428 mouhid - ok
19:19:11.0758 0x1428 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:19:11.0758 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 791AF66C4D0E7C90A3646066386FB571, sha256: BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42
19:19:11.0768 0x1428 mountmgr - detected LockedFile.Multi.Generic ( 1 )
19:19:17.0678 0x1428 Detect skipped due to KSN trusted
19:19:17.0678 0x1428 mountmgr - ok
19:19:17.0718 0x1428 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:19:17.0718 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609D1D87649ECC19796F4D76D4C15CEA, sha256: 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00
19:19:17.0728 0x1428 mpio - detected LockedFile.Multi.Generic ( 1 )
19:19:23.0658 0x1428 Detect skipped due to KSN trusted
19:19:23.0658 0x1428 mpio - ok
19:19:23.0678 0x1428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:19:23.0678 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
19:19:23.0678 0x1428 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
19:19:33.0678 0x1428 Object is SCO, delete is not allowed
19:19:33.0678 0x1428 mpsdrv ( LockedFile.Multi.Generic ) - warning
19:19:33.0678 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\mpsdrv.sys
19:19:41.0708 0x1428 Object send P2P result: true
19:20:01.0688 0x1428 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:20:01.0768 0x1428 MpsSvc - ok
19:20:01.0798 0x1428 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:20:01.0798 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261BB51D96D6FCBAC20C810183C, sha256: 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D
19:20:01.0808 0x1428 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
19:20:07.0698 0x1428 Detect skipped due to KSN trusted
19:20:07.0698 0x1428 MRxDAV - ok
19:20:07.0748 0x1428 [ CFDCD8CA87C2A657DEBC150AC35B5E08, 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:20:07.0748 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: CFDCD8CA87C2A657DEBC150AC35B5E08, sha256: 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A
19:20:07.0758 0x1428 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
19:20:13.0658 0x1428 Detect skipped due to KSN trusted
19:20:13.0658 0x1428 mrxsmb - ok
19:20:13.0708 0x1428 [ 1BEE517B220B7F024F411AEC1571DD5A, 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:20:13.0708 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 1BEE517B220B7F024F411AEC1571DD5A, sha256: 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7
19:20:13.0718 0x1428 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
19:20:19.0628 0x1428 Detect skipped due to KSN trusted
19:20:19.0628 0x1428 mrxsmb10 - ok
19:20:19.0678 0x1428 [ 6B2D5FEF385828B6E485C1C90AFB8195, A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:20:19.0678 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 6B2D5FEF385828B6E485C1C90AFB8195, sha256: A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6
19:20:19.0688 0x1428 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
19:20:25.0598 0x1428 Detect skipped due to KSN trusted
19:20:25.0598 0x1428 mrxsmb20 - ok
19:20:25.0638 0x1428 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:20:25.0638 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5C37497276E3B3A5488B23A326A754B7, sha256: 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967
19:20:25.0648 0x1428 msahci - detected LockedFile.Multi.Generic ( 1 )
19:20:31.0568 0x1428 Detect skipped due to KSN trusted
19:20:31.0568 0x1428 msahci - ok
19:20:31.0618 0x1428 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:20:31.0618 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8D27B597229AED79430FB9DB3BCBFBD0, sha256: 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248
19:20:31.0628 0x1428 msdsm - detected LockedFile.Multi.Generic ( 1 )
19:20:37.0538 0x1428 Detect skipped due to KSN trusted
19:20:37.0538 0x1428 msdsm - ok
19:20:37.0598 0x1428 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:20:37.0628 0x1428 MSDTC - ok
19:20:37.0658 0x1428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:20:37.0658 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
19:20:37.0668 0x1428 Msfs - detected LockedFile.Multi.Generic ( 1 )
19:20:47.0668 0x1428 Object is SCO, delete is not allowed
19:20:47.0668 0x1428 Msfs ( LockedFile.Multi.Generic ) - warning
19:20:54.0558 0x1428 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:20:54.0558 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
19:20:54.0558 0x1428 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
19:21:00.0468 0x1428 Detect skipped due to KSN trusted
19:21:00.0468 0x1428 mshidkmdf - ok
19:21:00.0498 0x1428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:21:00.0498 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
19:21:00.0508 0x1428 msisadrv - detected LockedFile.Multi.Generic ( 1 )
19:21:10.0508 0x1428 Object is SCO, delete is not allowed
19:21:10.0508 0x1428 msisadrv ( LockedFile.Multi.Generic ) - warning
19:21:17.0478 0x1428 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:21:17.0558 0x1428 MSiSCSI - ok
19:21:17.0568 0x1428 msiserver - ok
19:21:17.0598 0x1428 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:21:17.0598 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
19:21:17.0608 0x1428 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
19:21:23.0468 0x1428 Detect skipped due to KSN trusted
19:21:23.0468 0x1428 MSKSSRV - ok
19:21:23.0508 0x1428 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:23.0518 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
19:21:23.0518 0x1428 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
19:21:29.0448 0x1428 Detect skipped due to KSN trusted
19:21:29.0448 0x1428 MSPCLOCK - ok
19:21:29.0478 0x1428 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:21:29.0478 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
19:21:29.0488 0x1428 MSPQM - detected LockedFile.Multi.Generic ( 1 )
19:21:35.0408 0x1428 Detect skipped due to KSN trusted
19:21:35.0408 0x1428 MSPQM - ok
19:21:35.0458 0x1428 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:21:35.0458 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 89CB141AA8616D8C6A4610FA26C60964, sha256: 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC
19:21:35.0458 0x1428 MsRPC - detected LockedFile.Multi.Generic ( 1 )
19:21:41.0328 0x1428 Detect skipped due to KSN trusted
19:21:41.0328 0x1428 MsRPC - ok
19:21:41.0378 0x1428 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:21:41.0378 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
19:21:41.0388 0x1428 mssmbios - detected LockedFile.Multi.Generic ( 1 )
19:21:47.0318 0x1428 Detect skipped due to KSN trusted
19:21:47.0318 0x1428 mssmbios - ok
19:21:47.0348 0x1428 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:21:47.0358 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
19:21:47.0358 0x1428 MSTEE - detected LockedFile.Multi.Generic ( 1 )
19:21:53.0678 0x1428 Detect skipped due to KSN trusted
19:21:53.0678 0x1428 MSTEE - ok
19:21:53.0708 0x1428 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:53.0708 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
19:21:53.0718 0x1428 MTConfig - detected LockedFile.Multi.Generic ( 1 )
19:22:03.0718 0x1428 MTConfig ( LockedFile.Multi.Generic ) - warning
19:22:12.0648 0x1428 [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:22:12.0648 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 19B006B181E3875FD254F7B67ACF1E7C, sha256: 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61
19:22:12.0658 0x1428 MTsensor - detected LockedFile.Multi.Generic ( 1 )
19:22:22.0658 0x1428 MTsensor ( LockedFile.Multi.Generic ) - warning
19:22:22.0658 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ASACPI.sys
19:22:29.0818 0x1428 Object send P2P result: true
19:22:35.0718 0x1428 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:22:35.0718 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
19:22:35.0728 0x1428 Mup - detected LockedFile.Multi.Generic ( 1 )
19:22:41.0658 0x1428 Detect skipped due to KSN trusted
19:22:41.0658 0x1428 Mup - ok
19:22:41.0758 0x1428 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
19:22:41.0818 0x1428 napagent - ok
19:22:41.0868 0x1428 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:22:41.0878 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
19:22:41.0888 0x1428 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
19:22:47.0768 0x1428 Detect skipped due to KSN trusted
19:22:47.0768 0x1428 NativeWifiP - ok
19:22:47.0868 0x1428 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
19:22:47.0868 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: CAD515DBD07D082BB317D9928CE8962C, sha256: 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E
19:22:47.0878 0x1428 NDIS - detected LockedFile.Multi.Generic ( 1 )
19:22:53.0768 0x1428 Detect skipped due to KSN trusted
19:22:53.0768 0x1428 NDIS - ok
19:22:53.0808 0x1428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:53.0808 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
19:22:53.0828 0x1428 NdisCap - detected LockedFile.Multi.Generic ( 1 )
19:22:59.0748 0x1428 Detect skipped due to KSN trusted
19:22:59.0748 0x1428 NdisCap - ok
19:22:59.0768 0x1428 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:59.0768 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
19:22:59.0778 0x1428 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
19:23:05.0718 0x1428 Detect skipped due to KSN trusted
19:23:05.0718 0x1428 NdisTapi - ok
19:23:05.0758 0x1428 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:05.0758 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: F105BA1E22BF1F2EE8F005D4305E4BEC, sha256: 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F
19:23:05.0768 0x1428 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
19:23:11.0688 0x1428 Detect skipped due to KSN trusted
19:23:11.0688 0x1428 Ndisuio - ok
19:23:11.0728 0x1428 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:11.0728 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557DFAB9CA1FCB036AC77564C010DAD3, sha256: 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29
19:23:11.0738 0x1428 NdisWan - detected LockedFile.Multi.Generic ( 1 )
19:23:21.0738 0x1428 Object is SCO, delete is not allowed
19:23:21.0738 0x1428 NdisWan ( LockedFile.Multi.Generic ) - warning
19:23:21.0738 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:29.0698 0x1428 Object send P2P result: true
19:23:47.0618 0x1428 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:23:47.0628 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 659B74FB74B86228D6338D643CD3E3CF, sha256: 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80
19:23:47.0628 0x1428 NDProxy - detected LockedFile.Multi.Generic ( 1 )
19:23:53.0528 0x1428 Detect skipped due to KSN trusted
19:23:53.0528 0x1428 NDProxy - ok
19:23:53.0548 0x1428 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:23:53.0548 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
19:23:53.0568 0x1428 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
19:23:59.0498 0x1428 Detect skipped due to KSN trusted
19:23:59.0498 0x1428 NetBIOS - ok
19:23:59.0668 0x1428 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:23:59.0668 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162B273A44AB9DCE5B44362731D062A, sha256: 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39
19:23:59.0678 0x1428 NetBT - detected LockedFile.Multi.Generic ( 1 )
19:24:05.0588 0x1428 Detect skipped due to KSN trusted
19:24:05.0588 0x1428 NetBT - ok
19:24:05.0638 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
19:24:05.0668 0x1428 Netlogon - ok
19:24:05.0738 0x1428 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:24:05.0798 0x1428 Netman - ok
19:24:05.0848 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:05.0888 0x1428 NetMsmqActivator - ok
19:24:05.0918 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:05.0948 0x1428 NetPipeActivator - ok
19:24:05.0988 0x1428 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:24:06.0038 0x1428 netprofm - ok
19:24:06.0058 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:06.0058 0x1428 NetTcpActivator - ok
19:24:06.0078 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:06.0088 0x1428 NetTcpPortSharing - ok
19:24:06.0118 0x1428 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:24:06.0118 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
19:24:06.0128 0x1428 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
19:24:12.0038 0x1428 Detect skipped due to KSN trusted
19:24:12.0038 0x1428 nfrd960 - ok
19:24:12.0108 0x1428 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
19:24:12.0168 0x1428 NlaSvc - ok
19:24:12.0198 0x1428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:24:12.0198 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
19:24:12.0208 0x1428 Npfs - detected LockedFile.Multi.Generic ( 1 )
19:24:18.0138 0x1428 Detect skipped due to KSN trusted
19:24:18.0138 0x1428 Npfs - ok
19:24:18.0168 0x1428 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:24:18.0258 0x1428 nsi - ok
19:24:18.0268 0x1428 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:24:18.0268 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
19:24:18.0278 0x1428 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
19:24:24.0178 0x1428 Detect skipped due to KSN trusted
19:24:24.0178 0x1428 nsiproxy - ok
19:24:24.0308 0x1428 [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:24:24.0308 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 356698A13C4630D5B31C37378D469196, sha256: BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B
19:24:24.0308 0x1428 Ntfs - detected LockedFile.Multi.Generic ( 1 )
19:24:34.0308 0x1428 Object is SCO, delete is not allowed
19:24:34.0308 0x1428 Ntfs ( LockedFile.Multi.Generic ) - warning
19:24:34.0308 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\Ntfs.sys
19:24:41.0278 0x1428 Object send P2P result: true
19:24:47.0148 0x1428 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:24:47.0148 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
19:24:47.0158 0x1428 Null - detected LockedFile.Multi.Generic ( 1 )
19:24:57.0158 0x1428 Object is SCO, delete is not allowed
19:24:57.0158 0x1428 Null ( LockedFile.Multi.Generic ) - warning
19:25:05.0078 0x1428 [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
19:25:05.0078 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvraid.sys. md5: 3E38712941E9BB4DDBEE00AFFE3FED3D, sha256: 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7
19:25:05.0088 0x1428 nvraid - detected LockedFile.Multi.Generic ( 1 )
19:25:10.0988 0x1428 Detect skipped due to KSN trusted
19:25:10.0988 0x1428 nvraid - ok
19:25:11.0038 0x1428 [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
19:25:11.0038 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvstor.sys. md5: 477DC4D6DEB99BE37084C9AC6D013DA1, sha256: E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E
19:25:11.0048 0x1428 nvstor - detected LockedFile.Multi.Generic ( 1 )
19:25:16.0906 0x1428 Detect skipped due to KSN trusted
19:25:16.0906 0x1428 nvstor - ok
19:25:16.0956 0x1428 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:25:16.0957 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
19:25:16.0985 0x1428 nv_agp - detected LockedFile.Multi.Generic ( 1 )
19:25:22.0871 0x1428 Detect skipped due to KSN trusted
19:25:22.0871 0x1428 nv_agp - ok
19:25:22.0951 0x1428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:25:22.0951 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
19:25:22.0951 0x1428 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
19:25:28.0861 0x1428 Detect skipped due to KSN trusted
19:25:28.0861 0x1428 ohci1394 - ok
19:25:28.0911 0x1428 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:25:28.0961 0x1428 p2pimsvc - ok
19:25:29.0051 0x1428 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:25:29.0121 0x1428 p2psvc - ok
19:25:29.0171 0x1428 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:25:29.0171 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
19:25:29.0171 0x1428 Parport - detected LockedFile.Multi.Generic ( 1 )
19:25:35.0081 0x1428 Detect skipped due to KSN trusted
19:25:35.0081 0x1428 Parport - ok
19:25:35.0111 0x1428 [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:25:35.0111 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 7DAA117143316C4A1537E074A5A9EAF0, sha256: D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B
19:25:35.0121 0x1428 partmgr - detected LockedFile.Multi.Generic ( 1 )
19:25:41.0051 0x1428 Detect skipped due to KSN trusted
19:25:41.0051 0x1428 partmgr - ok
19:25:41.0101 0x1428 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:25:41.0181 0x1428 PcaSvc - ok
19:25:41.0231 0x1428 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
19:25:41.0231 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pci.sys. md5: F36F6504009F2FB0DFD1B17A116AD74B, sha256: 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918
19:25:41.0241 0x1428 pci - detected LockedFile.Multi.Generic ( 1 )
19:25:51.0241 0x1428 Object is SCO, delete is not allowed
19:25:51.0241 0x1428 pci ( LockedFile.Multi.Generic ) - warning
19:25:58.0141 0x1428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:25:58.0141 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
19:25:58.0151 0x1428 pciide - detected LockedFile.Multi.Generic ( 1 )
19:26:04.0071 0x1428 Detect skipped due to KSN trusted
19:26:04.0071 0x1428 pciide - ok
19:26:04.0121 0x1428 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:26:04.0121 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
19:26:04.0131 0x1428 pcmcia - detected LockedFile.Multi.Generic ( 1 )
19:26:14.0131 0x1428 Object is SCO, delete is not allowed
19:26:14.0131 0x1428 pcmcia ( LockedFile.Multi.Generic ) - warning
19:26:21.0051 0x1428 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:26:21.0051 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
19:26:21.0061 0x1428 pcw - detected LockedFile.Multi.Generic ( 1 )
19:26:26.0981 0x1428 Detect skipped due to KSN trusted
19:26:26.0981 0x1428 pcw - ok
19:26:27.0081 0x1428 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:26:27.0081 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
19:26:27.0091 0x1428 PEAUTH - detected LockedFile.Multi.Generic ( 1 )
19:26:33.0011 0x1428 Detect skipped due to KSN trusted
19:26:33.0011 0x1428 PEAUTH - ok
19:26:33.0161 0x1428 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:26:33.0231 0x1428 PeerDistSvc - ok
19:26:33.0321 0x1428 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:26:33.0351 0x1428 PerfHost - ok
19:26:33.0481 0x1428 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
19:26:33.0551 0x1428 pla - ok
19:26:33.0631 0x1428 [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:26:33.0681 0x1428 PlugPlay - ok
19:26:33.0691 0x1428 PnkBstrA - ok
19:26:33.0731 0x1428 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:26:33.0731 0x1428 PNRPAutoReg - ok
19:26:33.0771 0x1428 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:26:33.0791 0x1428 PNRPsvc - ok
19:26:33.0861 0x1428 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:26:33.0921 0x1428 PolicyAgent - ok
19:26:33.0951 0x1428 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:26:33.0981 0x1428 Power - ok
19:26:34.0051 0x1428 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:26:34.0051 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27CC19E81BA5E3403C48302127BDA717, sha256: C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40
19:26:34.0081 0x1428 PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
19:26:40.0001 0x1428 Detect skipped due to KSN trusted
19:26:40.0001 0x1428 PptpMiniport - ok
19:26:40.0041 0x1428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:26:40.0041 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
19:26:40.0041 0x1428 Processor - detected LockedFile.Multi.Generic ( 1 )
19:26:45.0961 0x1428 Detect skipped due to KSN trusted
19:26:45.0961 0x1428 Processor - ok
19:26:46.0031 0x1428 [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc C:\Windows\system32\profsvc.dll
19:26:46.0101 0x1428 ProfSvc - ok
|
|
13.03.2014, 20:01
| #4 |
| | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) 2 Part Code:
ATTFilter 19:26:46.0131 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:26:46.0131 0x1428 ProtectedStorage - ok
19:26:46.0181 0x1428 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:26:46.0181 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: EE992183BD8EAEFD9973F352E587A299, sha256: 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043
19:26:46.0191 0x1428 Psched - detected LockedFile.Multi.Generic ( 1 )
19:26:52.0141 0x1428 Detect skipped due to KSN trusted
19:26:52.0141 0x1428 Psched - ok
19:26:52.0241 0x1428 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:26:52.0241 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
19:26:52.0251 0x1428 ql2300 - detected LockedFile.Multi.Generic ( 1 )
19:26:58.0201 0x1428 Detect skipped due to KSN trusted
19:26:58.0201 0x1428 ql2300 - ok
19:26:58.0241 0x1428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:26:58.0241 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
19:26:58.0251 0x1428 ql40xx - detected LockedFile.Multi.Generic ( 1 )
19:27:08.0251 0x1428 Object is SCO, delete is not allowed
19:27:08.0251 0x1428 ql40xx ( LockedFile.Multi.Generic ) - warning
19:27:08.0251 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ql40xx.sys
19:27:15.0741 0x1428 Object send P2P result: true
19:27:21.0661 0x1428 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:27:21.0701 0x1428 QWAVE - ok
19:27:21.0751 0x1428 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:27:21.0751 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
19:27:21.0771 0x1428 QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
19:27:31.0771 0x1428 Object is SCO, delete is not allowed
19:27:31.0771 0x1428 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
19:27:31.0771 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\qwavedrv.sys
19:27:38.0861 0x1428 Object send P2P result: true
19:27:44.0741 0x1428 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:27:44.0741 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
19:27:44.0751 0x1428 RasAcd - detected LockedFile.Multi.Generic ( 1 )
19:27:50.0641 0x1428 Detect skipped due to KSN trusted
19:27:50.0641 0x1428 RasAcd - ok
19:27:50.0681 0x1428 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:27:50.0681 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
19:27:50.0691 0x1428 RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
19:27:56.0581 0x1428 Detect skipped due to KSN trusted
19:27:56.0581 0x1428 RasAgileVpn - ok
19:27:56.0631 0x1428 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:27:56.0711 0x1428 RasAuto - ok
19:27:56.0731 0x1428 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:56.0731 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 87A6E852A22991580D6D39ADC4790463, sha256: 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642
19:27:56.0731 0x1428 Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
19:28:02.0641 0x1428 Detect skipped due to KSN trusted
19:28:02.0641 0x1428 Rasl2tp - ok
19:28:02.0711 0x1428 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
19:28:02.0771 0x1428 RasMan - ok
19:28:02.0791 0x1428 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:02.0791 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
19:28:02.0801 0x1428 RasPppoe - detected LockedFile.Multi.Generic ( 1 )
19:28:08.0701 0x1428 Detect skipped due to KSN trusted
19:28:08.0701 0x1428 RasPppoe - ok
19:28:08.0741 0x1428 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:28:08.0741 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
19:28:08.0741 0x1428 RasSstp - detected LockedFile.Multi.Generic ( 1 )
19:28:14.0641 0x1428 Detect skipped due to KSN trusted
19:28:14.0641 0x1428 RasSstp - ok
19:28:14.0711 0x1428 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:28:14.0711 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 3BAC8142102C15D59A87757C1D41DCE5, sha256: C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C
19:28:14.0721 0x1428 rdbss - detected LockedFile.Multi.Generic ( 1 )
19:28:24.0721 0x1428 Object is SCO, delete is not allowed
19:28:24.0721 0x1428 rdbss ( LockedFile.Multi.Generic ) - warning
19:28:32.0621 0x1428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:32.0621 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
19:28:32.0621 0x1428 rdpbus - detected LockedFile.Multi.Generic ( 1 )
19:28:38.0561 0x1428 Detect skipped due to KSN trusted
19:28:38.0561 0x1428 rdpbus - ok
19:28:38.0591 0x1428 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:38.0591 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
19:28:38.0611 0x1428 RDPCDD - detected LockedFile.Multi.Generic ( 1 )
19:28:48.0611 0x1428 Object is SCO, delete is not allowed
19:28:48.0611 0x1428 RDPCDD ( LockedFile.Multi.Generic ) - warning
19:28:56.0541 0x1428 [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:28:56.0541 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpdr.sys. md5: 9706B84DBABFC4B4CA46C5A82B14DFA3, sha256: AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303
19:28:56.0551 0x1428 RDPDR - detected LockedFile.Multi.Generic ( 1 )
19:29:02.0441 0x1428 Detect skipped due to KSN trusted
19:29:02.0441 0x1428 RDPDR - ok
19:29:02.0541 0x1428 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:29:02.0541 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
19:29:02.0571 0x1428 RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
19:29:08.0481 0x1428 Detect skipped due to KSN trusted
19:29:08.0481 0x1428 RDPENCDD - ok
19:29:08.0521 0x1428 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:29:08.0521 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
19:29:08.0531 0x1428 RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
19:29:14.0391 0x1428 Detect skipped due to KSN trusted
19:29:14.0391 0x1428 RDPREFMP - ok
19:29:14.0421 0x1428 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:29:14.0421 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, sha256: 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48
19:29:14.0431 0x1428 RDPWD - detected LockedFile.Multi.Generic ( 1 )
19:29:20.0321 0x1428 Detect skipped due to KSN trusted
19:29:20.0321 0x1428 RDPWD - ok
19:29:20.0371 0x1428 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:29:20.0371 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 634B9A2181D98F15941236886164EC8B, sha256: 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8
19:29:20.0381 0x1428 rdyboost - detected LockedFile.Multi.Generic ( 1 )
19:29:26.0441 0x1428 Detect skipped due to KSN trusted
19:29:26.0441 0x1428 rdyboost - ok
19:29:26.0501 0x1428 [ EA569D48B2E755AF6D96F03F3335D98A, EED2DCDF187A69F36A38129C8A1E0D6FE0EBF9232DEAF68A116E9A26E40AB636 ] Realtek11nCU C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
19:29:26.0541 0x1428 Realtek11nCU - detected UnsignedFile.Multi.Generic ( 1 )
19:29:32.0431 0x1428 Detect skipped due to KSN trusted
19:29:32.0431 0x1428 Realtek11nCU - ok
19:29:32.0481 0x1428 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:29:32.0521 0x1428 RemoteAccess - ok
19:29:32.0591 0x1428 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:29:32.0691 0x1428 RemoteRegistry - ok
19:29:32.0721 0x1428 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:29:32.0781 0x1428 RpcEptMapper - ok
19:29:32.0811 0x1428 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:29:32.0821 0x1428 RpcLocator - ok
19:29:32.0881 0x1428 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
19:29:32.0911 0x1428 RpcSs - ok
19:29:32.0971 0x1428 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:29:32.0971 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
19:29:33.0011 0x1428 rspndr - detected LockedFile.Multi.Generic ( 1 )
19:29:43.0011 0x1428 Object is SCO, delete is not allowed
19:29:43.0011 0x1428 rspndr ( LockedFile.Multi.Generic ) - warning
19:29:51.0981 0x1428 [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:29:51.0981 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: 4FBDA07EF0A3097CE14C5CABF723B278, sha256: 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6
19:29:52.0001 0x1428 RTL8167 - detected LockedFile.Multi.Generic ( 1 )
19:30:02.0001 0x1428 RTL8167 ( LockedFile.Multi.Generic ) - warning
19:30:02.0001 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\Rt64win7.sys
19:30:09.0001 0x1428 Object send P2P result: true
19:30:14.0981 0x1428 [ 2BE8E7D6DF63183100F15B27B82EE2ED, CEF98489F7A36F06FF2961CA852386F6E7160BF2F31F12E578D778BE61D56BD6 ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
19:30:14.0981 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RTL8192cu.sys. md5: 2BE8E7D6DF63183100F15B27B82EE2ED, sha256: CEF98489F7A36F06FF2961CA852386F6E7160BF2F31F12E578D778BE61D56BD6
19:30:15.0011 0x1428 RTL8192cu - detected LockedFile.Multi.Generic ( 1 )
19:30:20.0921 0x1428 Detect skipped due to KSN trusted
19:30:20.0921 0x1428 RTL8192cu - ok
19:30:20.0951 0x1428 [ B674400273552406F11A02387222CD0F, 4937F1CE214193B990375B813FC12EFC4DBAE69F290CA44AAF9509C6B37DB44B ] rzjoystk C:\Windows\system32\DRIVERS\rzjoystk.sys
19:30:20.0951 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rzjoystk.sys. md5: B674400273552406F11A02387222CD0F, sha256: 4937F1CE214193B990375B813FC12EFC4DBAE69F290CA44AAF9509C6B37DB44B
19:30:20.0961 0x1428 rzjoystk - detected LockedFile.Multi.Generic ( 1 )
19:30:26.0861 0x1428 Detect skipped due to KSN trusted
19:30:26.0861 0x1428 rzjoystk - ok
19:30:26.0921 0x1428 [ 95CBC73E98F4A5EF4366DBB4B4E5D436, 65FAC4B83FB8B5F75A04B0CB1D8AEF5BEFB2E628DCFF0B35A463533C3585FE42 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
19:30:26.0931 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RzSynapse.sys. md5: 95CBC73E98F4A5EF4366DBB4B4E5D436, sha256: 65FAC4B83FB8B5F75A04B0CB1D8AEF5BEFB2E628DCFF0B35A463533C3585FE42
19:30:26.0941 0x1428 RzSynapse - detected LockedFile.Multi.Generic ( 1 )
19:30:32.0861 0x1428 Detect skipped due to KSN trusted
19:30:32.0861 0x1428 RzSynapse - ok
19:30:32.0911 0x1428 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6, C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
19:30:32.0911 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vms3cap.sys. md5: 88AF6E02AB19DF7FD07ECDF9C91E9AF6, sha256: C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399
19:30:32.0921 0x1428 s3cap - detected LockedFile.Multi.Generic ( 1 )
19:30:38.0831 0x1428 Detect skipped due to KSN trusted
19:30:38.0831 0x1428 s3cap - ok
19:30:38.0881 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
19:30:38.0911 0x1428 SamSs - ok
19:30:38.0931 0x1428 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:30:38.0931 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: E3BBB89983DAF5622C1D50CF49F28227, sha256: 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07
19:30:38.0941 0x1428 sbp2port - detected LockedFile.Multi.Generic ( 1 )
19:30:44.0851 0x1428 Detect skipped due to KSN trusted
19:30:44.0851 0x1428 sbp2port - ok
19:30:44.0921 0x1428 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:30:44.0981 0x1428 SCardSvr - ok
19:30:45.0021 0x1428 [ 741B338D675FE20B779E7EFFA55032FE, 667CE69AA21B618B4E12581D253568FFE53FC795B0D1328E025EE1DC6CA26EE3 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
19:30:45.0021 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\SCDEmu.sys. md5: 741B338D675FE20B779E7EFFA55032FE, sha256: 667CE69AA21B618B4E12581D253568FFE53FC795B0D1328E025EE1DC6CA26EE3
19:30:45.0031 0x1428 SCDEmu - detected LockedFile.Multi.Generic ( 1 )
19:30:50.0951 0x1428 Detect skipped due to KSN trusted
19:30:50.0951 0x1428 SCDEmu - ok
19:30:50.0991 0x1428 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:30:50.0991 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: C94DA20C7E3BA1DCA269BC8460D98387, sha256: E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61
19:30:51.0001 0x1428 scfilter - detected LockedFile.Multi.Generic ( 1 )
19:31:01.0001 0x1428 scfilter ( LockedFile.Multi.Generic ) - warning
19:31:01.0001 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\scfilter.sys
19:31:08.0721 0x1428 Object send P2P result: true
19:31:27.0721 0x1428 [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule C:\Windows\system32\schedsvc.dll
19:31:27.0781 0x1428 Schedule - ok
19:31:27.0831 0x1428 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:31:27.0851 0x1428 SCPolicySvc - ok
19:31:27.0891 0x1428 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:31:27.0951 0x1428 SDRSVC - ok
19:31:28.0011 0x1428 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:31:28.0011 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
19:31:28.0041 0x1428 secdrv - detected LockedFile.Multi.Generic ( 1 )
19:31:33.0931 0x1428 Detect skipped due to KSN trusted
19:31:33.0931 0x1428 secdrv - ok
19:31:33.0971 0x1428 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
19:31:34.0051 0x1428 seclogon - ok
19:31:34.0101 0x1428 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
19:31:34.0181 0x1428 SENS - ok
19:31:34.0221 0x1428 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:31:34.0261 0x1428 SensrSvc - ok
19:31:34.0281 0x1428 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:31:34.0281 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
19:31:34.0291 0x1428 Serenum - detected LockedFile.Multi.Generic ( 1 )
19:31:40.0181 0x1428 Detect skipped due to KSN trusted
19:31:40.0181 0x1428 Serenum - ok
19:31:40.0211 0x1428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:31:40.0211 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
19:31:40.0221 0x1428 Serial - detected LockedFile.Multi.Generic ( 1 )
19:31:46.0151 0x1428 Detect skipped due to KSN trusted
19:31:46.0151 0x1428 Serial - ok
19:31:46.0181 0x1428 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:31:46.0181 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
19:31:46.0191 0x1428 sermouse - detected LockedFile.Multi.Generic ( 1 )
19:31:52.0111 0x1428 Detect skipped due to KSN trusted
19:31:52.0111 0x1428 sermouse - ok
19:31:52.0191 0x1428 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
19:31:52.0251 0x1428 SessionEnv - ok
19:31:52.0281 0x1428 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:31:52.0281 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
19:31:52.0291 0x1428 sffdisk - detected LockedFile.Multi.Generic ( 1 )
19:31:58.0211 0x1428 Detect skipped due to KSN trusted
19:31:58.0211 0x1428 sffdisk - ok
19:31:58.0241 0x1428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:31:58.0241 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
19:31:58.0251 0x1428 sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
19:32:04.0161 0x1428 Detect skipped due to KSN trusted
19:32:04.0161 0x1428 sffp_mmc - ok
19:32:04.0191 0x1428 [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:32:04.0191 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_sd.sys. md5: 5588B8C6193EB1522490C122EB94DFFA, sha256: 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43
19:32:04.0211 0x1428 sffp_sd - detected LockedFile.Multi.Generic ( 1 )
19:32:14.0211 0x1428 Object is SCO, delete is not allowed
19:32:14.0211 0x1428 sffp_sd ( LockedFile.Multi.Generic ) - warning
19:32:14.0211 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\sffp_sd.sys
19:32:22.0181 0x1428 Object send P2P result: true
19:32:41.0101 0x1428 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:41.0101 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
19:32:41.0111 0x1428 sfloppy - detected LockedFile.Multi.Generic ( 1 )
19:32:47.0001 0x1428 Detect skipped due to KSN trusted
19:32:47.0001 0x1428 sfloppy - ok
19:32:47.0221 0x1428 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:32:47.0281 0x1428 SharedAccess - ok
19:32:47.0351 0x1428 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:47.0391 0x1428 ShellHWDetection - ok
19:32:47.0431 0x1428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:47.0431 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
19:32:47.0461 0x1428 SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
19:32:53.0381 0x1428 Detect skipped due to KSN trusted
19:32:53.0381 0x1428 SiSRaid2 - ok
19:32:53.0441 0x1428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:53.0441 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
19:32:53.0521 0x1428 SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
19:32:59.0411 0x1428 Detect skipped due to KSN trusted
19:32:59.0411 0x1428 SiSRaid4 - ok
19:32:59.0461 0x1428 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:32:59.0491 0x1428 SkypeUpdate - ok
19:32:59.0531 0x1428 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:32:59.0531 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
19:32:59.0541 0x1428 Smb - detected LockedFile.Multi.Generic ( 1 )
19:33:05.0451 0x1428 Detect skipped due to KSN trusted
19:33:05.0451 0x1428 Smb - ok
19:33:05.0551 0x1428 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:33:05.0601 0x1428 SNMPTRAP - ok
19:33:05.0651 0x1428 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:33:05.0651 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
19:33:05.0681 0x1428 spldr - detected LockedFile.Multi.Generic ( 1 )
19:33:11.0601 0x1428 Detect skipped due to KSN trusted
19:33:11.0601 0x1428 spldr - ok
19:33:11.0681 0x1428 [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler C:\Windows\System32\spoolsv.exe
19:33:11.0741 0x1428 Spooler - ok
19:33:11.0961 0x1428 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
19:33:12.0061 0x1428 sppsvc - ok
19:33:12.0111 0x1428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:33:12.0131 0x1428 sppuinotify - ok
19:33:12.0211 0x1428 [ EC8F67289105BF270498095F14963464, 454031C8AE06511DD13DBAA613B983516AF937590FB2B8C6ADC273D018D30858 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:33:12.0211 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: EC8F67289105BF270498095F14963464, sha256: 454031C8AE06511DD13DBAA613B983516AF937590FB2B8C6ADC273D018D30858
19:33:12.0241 0x1428 srv - detected LockedFile.Multi.Generic ( 1 )
19:33:18.0131 0x1428 Detect skipped due to KSN trusted
19:33:18.0131 0x1428 srv - ok
19:33:18.0191 0x1428 [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:33:18.0191 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: F773D2ED090B7BAA1C1A034F3CA476C8, sha256: C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F
19:33:18.0201 0x1428 srv2 - detected LockedFile.Multi.Generic ( 1 )
19:33:28.0201 0x1428 Object is SCO, delete is not allowed
19:33:28.0201 0x1428 srv2 ( LockedFile.Multi.Generic ) - warning
19:33:34.0201 0x1428 [ 26E84D3649019C3244622E654DFCD75B, 49BD7345AF744298698629E0D7C0C373AB2F75F542281268BCF91A6D2B278AA8 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:33:34.0201 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 26E84D3649019C3244622E654DFCD75B, sha256: 49BD7345AF744298698629E0D7C0C373AB2F75F542281268BCF91A6D2B278AA8
19:33:34.0211 0x1428 srvnet - detected LockedFile.Multi.Generic ( 1 )
19:33:40.0651 0x1428 Detect skipped due to KSN trusted
19:33:40.0651 0x1428 srvnet - ok
19:33:40.0701 0x1428 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:33:40.0761 0x1428 SSDPSRV - ok
19:33:40.0781 0x1428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:33:40.0811 0x1428 SstpSvc - ok
19:33:40.0901 0x1428 [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:33:55.0961 0x1428 Steam Client Service - detected UnsignedFile.Multi.Generic ( 1 )
19:34:01.0871 0x1428 Detect skipped due to KSN trusted
19:34:01.0871 0x1428 Steam Client Service - ok
19:34:01.0941 0x1428 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:34:01.0941 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
19:34:01.0981 0x1428 stexstor - detected LockedFile.Multi.Generic ( 1 )
19:34:07.0891 0x1428 Detect skipped due to KSN trusted
19:34:07.0891 0x1428 stexstor - ok
19:34:07.0981 0x1428 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
19:34:08.0041 0x1428 stisvc - ok
19:34:08.0071 0x1428 [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
19:34:08.0071 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vmstorfl.sys. md5: FFD7A6F15B14234B5B0E5D49E7961895, sha256: 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7
19:34:08.0081 0x1428 storflt - detected LockedFile.Multi.Generic ( 1 )
19:34:13.0951 0x1428 Detect skipped due to KSN trusted
19:34:13.0951 0x1428 storflt - ok
19:34:13.0991 0x1428 [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
19:34:13.0991 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\storvsc.sys. md5: 8FCCBEFC5C440B3C23454656E551B09A, sha256: 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7
19:34:13.0991 0x1428 storvsc - detected LockedFile.Multi.Generic ( 1 )
19:34:19.0891 0x1428 Detect skipped due to KSN trusted
19:34:19.0891 0x1428 storvsc - ok
19:34:19.0931 0x1428 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:34:19.0931 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
19:34:19.0941 0x1428 swenum - detected LockedFile.Multi.Generic ( 1 )
19:34:25.0871 0x1428 Detect skipped due to KSN trusted
19:34:25.0871 0x1428 swenum - ok
19:34:25.0951 0x1428 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:34:25.0991 0x1428 swprv - ok
19:34:26.0111 0x1428 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
19:34:26.0181 0x1428 SysMain - ok
19:34:26.0241 0x1428 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:34:26.0291 0x1428 TabletInputService - ok
19:34:26.0331 0x1428 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:34:26.0381 0x1428 TapiSrv - ok
19:34:26.0421 0x1428 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:34:26.0441 0x1428 TBS - ok
19:34:26.0601 0x1428 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:34:26.0601 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
19:34:26.0641 0x1428 Tcpip - detected LockedFile.Multi.Generic ( 1 )
19:34:32.0621 0x1428 Detect skipped due to KSN trusted
19:34:32.0621 0x1428 Tcpip - ok
19:34:32.0721 0x1428 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:34:32.0721 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
19:34:32.0761 0x1428 TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
19:34:32.0761 0x1428 Detect skipped due to KSN trusted
19:34:32.0761 0x1428 TCPIP6 - ok
19:34:32.0821 0x1428 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:34:32.0821 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 76D078AF6F587B162D50210F761EB9ED, sha256: 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9
19:34:32.0821 0x1428 tcpipreg - detected LockedFile.Multi.Generic ( 1 )
19:34:42.0821 0x1428 Object is SCO, delete is not allowed
19:34:42.0821 0x1428 tcpipreg ( LockedFile.Multi.Generic ) - warning
19:34:42.0821 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\tcpipreg.sys
19:34:52.0651 0x1428 Object send P2P result: true
19:34:58.0561 0x1428 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:34:58.0561 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
19:34:58.0571 0x1428 TDPIPE - detected LockedFile.Multi.Generic ( 1 )
19:35:08.0571 0x1428 Object is SCO, delete is not allowed
19:35:08.0571 0x1428 TDPIPE ( LockedFile.Multi.Generic ) - warning
19:35:08.0571 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\tdpipe.sys
19:35:18.0601 0x1428 Object send P2P result: true
19:35:24.0461 0x1428 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:35:24.0461 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: E4245BDA3190A582D55ED09E137401A9, sha256: F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116
19:35:24.0471 0x1428 TDTCP - detected LockedFile.Multi.Generic ( 1 )
19:35:30.0391 0x1428 Detect skipped due to KSN trusted
19:35:30.0391 0x1428 TDTCP - ok
19:35:30.0521 0x1428 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:35:30.0521 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 079125C4B17B01FCAEEBCE0BCB290C0F, sha256: B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437
19:35:30.0521 0x1428 tdx - detected LockedFile.Multi.Generic ( 1 )
19:35:36.0381 0x1428 Detect skipped due to KSN trusted
19:35:36.0381 0x1428 tdx - ok
19:35:36.0411 0x1428 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:35:36.0411 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\termdd.sys. md5: C448651339196C0E869A355171875522, sha256: C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4
19:35:36.0411 0x1428 TermDD - detected LockedFile.Multi.Generic ( 1 )
19:35:42.0307 0x1428 Detect skipped due to KSN trusted
19:35:42.0317 0x1428 TermDD - ok
19:35:42.0427 0x1428 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
19:35:42.0487 0x1428 TermService - ok
19:35:42.0527 0x1428 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:35:42.0537 0x1428 Themes - ok
19:35:42.0577 0x1428 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:35:42.0607 0x1428 THREADORDER - ok
19:35:42.0637 0x1428 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:35:42.0667 0x1428 TrkWks - ok
19:35:42.0927 0x1428 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:42.0947 0x1428 TrustedInstaller - ok
19:35:42.0987 0x1428 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:42.0987 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 61B96C26131E37B24E93327A0BD1FB95, sha256: 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF
19:35:43.0017 0x1428 tssecsrv - detected LockedFile.Multi.Generic ( 1 )
19:35:53.0017 0x1428 Object is SCO, delete is not allowed
19:35:53.0017 0x1428 tssecsrv ( LockedFile.Multi.Generic ) - warning
19:35:53.0017 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:11.0306 0x1428 Object send P2P result: true
19:36:29.0249 0x1428 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:36:29.0250 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3836171A2CDF3AF8EF10856DB9835A70, sha256: 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2
19:36:29.0280 0x1428 tunnel - detected LockedFile.Multi.Generic ( 1 )
19:36:35.0224 0x1428 Detect skipped due to KSN trusted
19:36:35.0224 0x1428 tunnel - ok
19:36:35.0269 0x1428 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:36:35.0270 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
19:36:35.0280 0x1428 uagp35 - detected LockedFile.Multi.Generic ( 1 )
19:36:41.0205 0x1428 Detect skipped due to KSN trusted
19:36:41.0206 0x1428 uagp35 - ok
19:36:41.0271 0x1428 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:36:41.0272 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: D47BAEAD86C65D4F4069D7CE0A4EDCEB, sha256: DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8
19:36:41.0279 0x1428 udfs - detected LockedFile.Multi.Generic ( 1 )
19:36:47.0186 0x1428 Detect skipped due to KSN trusted
19:36:47.0186 0x1428 udfs - ok
19:36:47.0252 0x1428 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:36:47.0302 0x1428 UI0Detect - ok
19:36:47.0343 0x1428 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:36:47.0343 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
19:36:47.0349 0x1428 uliagpkx - detected LockedFile.Multi.Generic ( 1 )
19:36:53.0245 0x1428 Detect skipped due to KSN trusted
19:36:53.0245 0x1428 uliagpkx - ok
19:36:53.0277 0x1428 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:36:53.0278 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: EAB6C35E62B1B0DB0D1B48B671D3A117, sha256: E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0
19:36:53.0283 0x1428 umbus - detected LockedFile.Multi.Generic ( 1 )
19:36:59.0179 0x1428 Detect skipped due to KSN trusted
19:36:59.0179 0x1428 umbus - ok
19:36:59.0210 0x1428 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:36:59.0210 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
19:36:59.0216 0x1428 UmPass - detected LockedFile.Multi.Generic ( 1 )
19:37:09.0217 0x1428 Object is SCO, delete is not allowed
19:37:09.0217 0x1428 UmPass ( LockedFile.Multi.Generic ) - warning
19:37:18.0146 0x1428 [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService C:\Windows\System32\umrdp.dll
19:37:18.0222 0x1428 UmRdpService - ok
19:37:18.0298 0x1428 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:37:18.0350 0x1428 upnphost - ok
19:37:18.0398 0x1428 [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:37:18.0398 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbaudio.sys. md5: 77B01BC848298223A95D4EC23E1785A1, sha256: 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2
19:37:18.0416 0x1428 usbaudio - detected LockedFile.Multi.Generic ( 1 )
19:37:24.0304 0x1428 Detect skipped due to KSN trusted
19:37:24.0304 0x1428 usbaudio - ok
19:37:24.0331 0x1428 [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:24.0331 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: B26AFB54A534D634523C4FB66765B026, sha256: A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8
19:37:24.0336 0x1428 usbccgp - detected LockedFile.Multi.Generic ( 1 )
19:37:34.0336 0x1428 Object is SCO, delete is not allowed
19:37:34.0336 0x1428 usbccgp ( LockedFile.Multi.Generic ) - warning
19:37:41.0259 0x1428 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:37:41.0259 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
19:37:41.0272 0x1428 usbcir - detected LockedFile.Multi.Generic ( 1 )
19:37:47.0191 0x1428 Detect skipped due to KSN trusted
19:37:47.0191 0x1428 usbcir - ok
19:37:47.0217 0x1428 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:37:47.0218 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: 2EA4AFF7BE7EB4632E3AA8595B0803B5, sha256: CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376
19:37:47.0225 0x1428 usbehci - detected LockedFile.Multi.Generic ( 1 )
19:37:53.0129 0x1428 Detect skipped due to KSN trusted
19:37:53.0129 0x1428 usbehci - ok
19:37:53.0190 0x1428 [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:37:53.0191 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 4C9042B8DF86C1E8E6240C218B99B39B, sha256: D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292
19:37:53.0204 0x1428 usbhub - detected LockedFile.Multi.Generic ( 1 )
19:37:59.0104 0x1428 Detect skipped due to KSN trusted
19:37:59.0104 0x1428 usbhub - ok
19:37:59.0130 0x1428 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:37:59.0130 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 58E546BBAF87664FC57E0F6081E4F609, sha256: 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9
19:37:59.0137 0x1428 usbohci - detected LockedFile.Multi.Generic ( 1 )
19:38:05.0037 0x1428 Detect skipped due to KSN trusted
19:38:05.0037 0x1428 usbohci - ok
19:38:05.0072 0x1428 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:38:05.0072 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
19:38:05.0079 0x1428 usbprint - detected LockedFile.Multi.Generic ( 1 )
19:38:10.0981 0x1428 Detect skipped due to KSN trusted
19:38:10.0981 0x1428 usbprint - ok
19:38:11.0039 0x1428 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:38:11.0056 0x1428 usbscan - ok
19:38:11.0085 0x1428 [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:11.0085 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: 080D3820DA6C046BE82FC8B45A893E83, sha256: EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A
19:38:11.0090 0x1428 USBSTOR - detected LockedFile.Multi.Generic ( 1 )
19:38:16.0984 0x1428 Detect skipped due to KSN trusted
19:38:16.0985 0x1428 USBSTOR - ok
19:38:17.0018 0x1428 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:17.0018 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 81FB2216D3A60D1284455D511797DB3D, sha256: 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E
19:38:17.0024 0x1428 usbuhci - detected LockedFile.Multi.Generic ( 1 )
19:38:27.0024 0x1428 Object is SCO, delete is not allowed
19:38:27.0024 0x1428 usbuhci ( LockedFile.Multi.Generic ) - warning
19:38:32.0952 0x1428 [ 70D05EE263568A742D14E1876DF80532, D49D7B60EE30F2398B8B532F4A4C3F17535485F2BDB9B14AB600E2A4E3F12A6B ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:38:33.0011 0x1428 usb_rndisx - ok
19:38:33.0055 0x1428 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:38:33.0094 0x1428 UxSms - ok
19:38:33.0121 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
19:38:33.0128 0x1428 VaultSvc - ok
19:38:33.0142 0x1428 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:38:33.0142 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
19:38:33.0147 0x1428 vdrvroot - detected LockedFile.Multi.Generic ( 1 )
19:38:39.0000 0x1428 Detect skipped due to KSN trusted
19:38:39.0000 0x1428 vdrvroot - ok
19:38:39.0086 0x1428 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
19:38:39.0115 0x1428 vds - ok
19:38:39.0135 0x1428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:39.0135 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
19:38:39.0145 0x1428 vga - detected LockedFile.Multi.Generic ( 1 )
19:38:49.0146 0x1428 Object is SCO, delete is not allowed
19:38:49.0146 0x1428 vga ( LockedFile.Multi.Generic ) - warning
19:38:49.0146 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:09.0148 0x1428 Object send P2P result: false
19:39:15.0054 0x1428 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:39:15.0055 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
19:39:15.0075 0x1428 VgaSave - detected LockedFile.Multi.Generic ( 1 )
19:39:20.0990 0x1428 Detect skipped due to KSN trusted
19:39:20.0990 0x1428 VgaSave - ok
19:39:21.0034 0x1428 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:39:21.0035 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: C82E748660F62A242B2DFAC1442F22A4, sha256: 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E
19:39:21.0042 0x1428 vhdmp - detected LockedFile.Multi.Generic ( 1 )
19:39:26.0927 0x1428 Detect skipped due to KSN trusted
19:39:26.0927 0x1428 vhdmp - ok
19:39:26.0971 0x1428 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:39:26.0972 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
19:39:26.0980 0x1428 viaide - detected LockedFile.Multi.Generic ( 1 )
19:39:36.0980 0x1428 Object is SCO, delete is not allowed
19:39:36.0980 0x1428 viaide ( LockedFile.Multi.Generic ) - warning
19:39:43.0891 0x1428 [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
19:39:43.0891 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vmbus.sys. md5: 1501699D7EDA984ABC4155A7DA5738D1, sha256: 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952
19:39:43.0897 0x1428 vmbus - detected LockedFile.Multi.Generic ( 1 )
19:39:49.0806 0x1428 Detect skipped due to KSN trusted
19:39:49.0806 0x1428 vmbus - ok
19:39:49.0841 0x1428 [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
19:39:49.0842 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\VMBusHID.sys. md5: AE10C35761889E65A6F7176937C5592C, sha256: 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE
19:39:49.0849 0x1428 VMBusHID - detected LockedFile.Multi.Generic ( 1 )
19:39:55.0759 0x1428 Detect skipped due to KSN trusted
19:39:55.0759 0x1428 VMBusHID - ok
19:39:55.0812 0x1428 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:39:55.0813 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, sha256: 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2
19:39:55.0820 0x1428 volmgr - detected LockedFile.Multi.Generic ( 1 )
19:40:05.0821 0x1428 Object is SCO, delete is not allowed
19:40:05.0821 0x1428 volmgr ( LockedFile.Multi.Generic ) - warning
19:40:05.0821 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\volmgr.sys
19:40:15.0126 0x1428 Object send P2P result: true
19:40:20.0997 0x1428 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:40:20.0998 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: 99B0CBB569CA79ACAED8C91461D765FB, sha256: 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B
19:40:21.0003 0x1428 volmgrx - detected LockedFile.Multi.Generic ( 1 )
19:40:26.0889 0x1428 Detect skipped due to KSN trusted
19:40:26.0889 0x1428 volmgrx - ok
19:40:26.0933 0x1428 [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
19:40:26.0934 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58F82EED8CA24B461441F9C3E4F0BF5C, sha256: 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C
19:40:26.0940 0x1428 volsnap - detected LockedFile.Multi.Generic ( 1 )
19:40:32.0841 0x1428 Detect skipped due to KSN trusted
19:40:32.0841 0x1428 volsnap - ok
19:40:32.0898 0x1428 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61, 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
19:40:32.0899 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: ABD9B4A7E2D0AE51A3B8DF1AF3152D61, sha256: 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF
19:40:32.0906 0x1428 vpcbus - detected LockedFile.Multi.Generic ( 1 )
19:40:38.0833 0x1428 Detect skipped due to KSN trusted
19:40:38.0833 0x1428 vpcbus - ok
19:40:38.0890 0x1428 [ 8ACDA395841538CE9713A67FE8B2A3EB, D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:40:38.0890 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: 8ACDA395841538CE9713A67FE8B2A3EB, sha256: D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9
19:40:38.0905 0x1428 vpcnfltr - detected LockedFile.Multi.Generic ( 1 )
19:40:44.0788 0x1428 Detect skipped due to KSN trusted
19:40:44.0788 0x1428 vpcnfltr - ok
19:40:44.0845 0x1428 [ 31924E31BC315773E6D149B157DB46D5, 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
19:40:44.0845 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 31924E31BC315773E6D149B157DB46D5, sha256: 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2
19:40:44.0854 0x1428 vpcusb - detected LockedFile.Multi.Generic ( 1 )
19:40:54.0855 0x1428 vpcusb ( LockedFile.Multi.Generic ) - warning
19:40:54.0855 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\vpcusb.sys
19:41:02.0911 0x1428 Object send P2P result: true
19:41:08.0802 0x1428 [ C5B651E52540E6F46DA66574C74B4898, 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
19:41:08.0803 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vpcvmm.sys. md5: C5B651E52540E6F46DA66574C74B4898, sha256: 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2
19:41:08.0808 0x1428 vpcvmm - detected LockedFile.Multi.Generic ( 1 )
19:41:18.0808 0x1428 vpcvmm ( LockedFile.Multi.Generic ) - warning
19:41:18.0808 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\vpcvmm.sys
19:41:33.0171 0x1428 Object send P2P result: true
19:41:39.0021 0x1428 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:41:39.0021 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
19:41:39.0031 0x1428 vsmraid - detected LockedFile.Multi.Generic ( 1 )
19:41:44.0957 0x1428 Detect skipped due to KSN trusted
19:41:44.0957 0x1428 vsmraid - ok
19:41:45.0062 0x1428 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
19:41:45.0136 0x1428 VSS - ok
19:41:45.0202 0x1428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:41:45.0203 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
19:41:45.0212 0x1428 vwifibus - detected LockedFile.Multi.Generic ( 1 )
19:41:51.0114 0x1428 Detect skipped due to KSN trusted
19:41:51.0114 0x1428 vwifibus - ok
19:41:51.0160 0x1428 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:41:51.0160 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
19:41:51.0168 0x1428 vwififlt - detected LockedFile.Multi.Generic ( 1 )
19:41:57.0074 0x1428 Detect skipped due to KSN trusted
19:41:57.0074 0x1428 vwififlt - ok
19:41:57.0118 0x1428 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:41:57.0118 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
19:41:57.0125 0x1428 vwifimp - detected LockedFile.Multi.Generic ( 1 )
19:42:07.0126 0x1428 vwifimp ( LockedFile.Multi.Generic ) - warning
19:42:07.0126 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\vwifimp.sys
19:42:23.0057 0x1428 Object send P2P result: true
19:42:40.0173 0x1428 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:42:40.0223 0x1428 W32Time - ok
19:42:40.0259 0x1428 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:42:40.0259 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
19:42:40.0264 0x1428 WacomPen - detected LockedFile.Multi.Generic ( 1 )
19:42:46.0156 0x1428 Detect skipped due to KSN trusted
19:42:46.0156 0x1428 WacomPen - ok
19:42:46.0178 0x1428 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:42:46.0178 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
19:42:46.0186 0x1428 WANARP - detected LockedFile.Multi.Generic ( 1 )
19:42:52.0062 0x1428 Detect skipped due to KSN trusted
19:42:52.0062 0x1428 WANARP - ok
19:42:52.0108 0x1428 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:42:52.0108 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
19:42:52.0115 0x1428 Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
19:42:52.0115 0x1428 Detect skipped due to KSN trusted
19:42:52.0115 0x1428 Wanarpv6 - ok
19:42:52.0213 0x1428 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
19:42:52.0281 0x1428 wbengine - ok
19:42:52.0314 0x1428 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:42:52.0329 0x1428 WbioSrvc - ok
19:42:52.0356 0x1428 [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:42:52.0375 0x1428 wcncsvc - ok
19:42:52.0414 0x1428 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:42:52.0449 0x1428 WcsPlugInService - ok
19:42:52.0499 0x1428 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:42:52.0499 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
19:42:52.0517 0x1428 Wd - detected LockedFile.Multi.Generic ( 1 )
19:42:58.0398 0x1428 Detect skipped due to KSN trusted
19:42:58.0398 0x1428 Wd - ok
19:42:58.0498 0x1428 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:42:58.0498 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
19:42:58.0504 0x1428 Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
19:43:04.0379 0x1428 Detect skipped due to KSN trusted
19:43:04.0380 0x1428 Wdf01000 - ok
19:43:04.0421 0x1428 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:43:04.0456 0x1428 WdiServiceHost - ok
19:43:04.0479 0x1428 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:43:04.0491 0x1428 WdiSystemHost - ok
19:43:04.0533 0x1428 [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient C:\Windows\System32\webclnt.dll
19:43:04.0557 0x1428 WebClient - ok
19:43:04.0608 0x1428 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:43:04.0674 0x1428 Wecsvc - ok
19:43:04.0716 0x1428 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:43:04.0775 0x1428 wercplsupport - ok
19:43:04.0824 0x1428 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:43:04.0848 0x1428 WerSvc - ok
19:43:04.0866 0x1428 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:04.0866 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
19:43:04.0884 0x1428 WfpLwf - detected LockedFile.Multi.Generic ( 1 )
19:43:11.0058 0x1428 Detect skipped due to KSN trusted
19:43:11.0058 0x1428 WfpLwf - ok
19:43:11.0101 0x1428 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:43:11.0102 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
19:43:11.0112 0x1428 WIMMount - detected LockedFile.Multi.Generic ( 1 )
19:43:21.0112 0x1428 WIMMount ( LockedFile.Multi.Generic ) - warning
19:43:21.0112 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\wimmount.sys
19:43:36.0868 0x1428 Object send P2P result: true
19:43:53.0780 0x1428 WinDefend - ok
19:43:53.0832 0x1428 WinHttpAutoProxySvc - ok
19:43:53.0938 0x1428 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:43:53.0994 0x1428 Winmgmt - ok
19:43:54.0144 0x1428 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
19:43:54.0234 0x1428 WinRM - ok
19:43:54.0322 0x1428 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:43:54.0370 0x1428 WinUsb - ok
19:43:54.0488 0x1428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:43:54.0538 0x1428 Wlansvc - ok
19:43:54.0710 0x1428 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:43:54.0770 0x1428 wlidsvc - ok
19:43:54.0824 0x1428 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:43:54.0825 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
19:43:54.0846 0x1428 WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
19:44:00.0988 0x1428 Detect skipped due to KSN trusted
19:44:00.0988 0x1428 WmiAcpi - ok
19:44:01.0038 0x1428 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:44:01.0081 0x1428 wmiApSrv - ok
19:44:01.0136 0x1428 WMPNetworkSvc - ok
19:44:01.0181 0x1428 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:44:01.0202 0x1428 WPCSvc - ok
19:44:01.0238 0x1428 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:44:01.0271 0x1428 WPDBusEnum - ok
19:44:01.0312 0x1428 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:44:01.0312 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
19:44:01.0320 0x1428 ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
19:44:07.0201 0x1428 Detect skipped due to KSN trusted
19:44:07.0201 0x1428 ws2ifsl - ok
19:44:07.0250 0x1428 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
19:44:07.0288 0x1428 wscsvc - ok
19:44:07.0304 0x1428 WSearch - ok
19:44:07.0438 0x1428 [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv C:\Windows\system32\wuaueng.dll
19:44:07.0525 0x1428 wuauserv - ok
19:44:07.0581 0x1428 [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:44:07.0582 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 7CADC74271DD6461C452C271B30BD378, sha256: D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861
19:44:07.0589 0x1428 WudfPf - detected LockedFile.Multi.Generic ( 1 )
19:44:13.0496 0x1428 Detect skipped due to KSN trusted
19:44:13.0496 0x1428 WudfPf - ok
19:44:13.0570 0x1428 [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:13.0570 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3B197AF0FFF08AA66B6B2241CA538D64, sha256: BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79
19:44:13.0577 0x1428 WUDFRd - detected LockedFile.Multi.Generic ( 1 )
19:44:19.0508 0x1428 Detect skipped due to KSN trusted
19:44:19.0508 0x1428 WUDFRd - ok
19:44:19.0573 0x1428 [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:44:19.0624 0x1428 wudfsvc - ok
19:44:19.0669 0x1428 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:44:19.0704 0x1428 WwanSvc - ok
19:44:19.0767 0x1428 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
19:44:19.0768 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\xnacc.sys. md5: 4A5CE13408945E525503B5F73D29B9C5, sha256: D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD
19:44:19.0773 0x1428 xnacc - detected LockedFile.Multi.Generic ( 1 )
19:44:25.0707 0x1428 Detect skipped due to KSN trusted
19:44:25.0707 0x1428 xnacc - ok
19:44:25.0743 0x1428 ================ Scan global ===============================
19:44:25.0803 0x1428 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:44:25.0840 0x1428 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
19:44:25.0859 0x1428 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
19:44:25.0889 0x1428 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:44:25.0934 0x1428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:44:25.0952 0x1428 [ Global ] - ok
19:44:25.0953 0x1428 ================ Scan MBR ==================================
19:44:32.0041 0x1428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:44:32.0192 0x1428 \Device\Harddisk0\DR0 - ok
19:44:32.0201 0x1428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:44:32.0672 0x1428 \Device\Harddisk1\DR1 - ok
19:44:32.0698 0x1428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:44:32.0903 0x1428 \Device\Harddisk2\DR2 - ok
19:44:32.0903 0x1428 ================ Scan VBR ==================================
19:44:32.0906 0x1428 [ B7CA045DA5355BFAF4E3D0B4BCB60A8C ] \Device\Harddisk0\DR0\Partition1
19:44:32.0954 0x1428 \Device\Harddisk0\DR0\Partition1 - ok
19:44:32.0983 0x1428 [ 43DAA32613B71A6422EE9EFD8F7DADF6 ] \Device\Harddisk1\DR1\Partition1
19:44:32.0985 0x1428 \Device\Harddisk1\DR1\Partition1 - ok
19:44:32.0989 0x1428 [ 97491B7282225EA660B0EBF7D482ECC8 ] \Device\Harddisk2\DR2\Partition1
19:44:33.0048 0x1428 \Device\Harddisk2\DR2\Partition1 - ok
19:44:33.0113 0x1428 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.3.336 ), 0x40000 ( disabled : updated )
19:44:33.0117 0x1428 Win FW state via NFP2: enabled
19:44:50.0989 0x1428 ============================================================
19:44:50.0989 0x1428 Scan finished
19:44:50.0989 0x1428 ============================================================
19:44:51.0001 0x1a5c Detected object count: 43
19:44:51.0001 0x1a5c Actual detected object count: 43
19:45:32.0855 0x1a5c b06bdrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0856 0x1a5c b06bdrv ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0857 0x1a5c Brserid ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0857 0x1a5c Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0859 0x1a5c CmBatt ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0859 0x1a5c CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0861 0x1a5c d9c0704a342146bd ( Rootkit.Win32.Necurs.gen ) - skipped by user
19:45:32.0861 0x1a5c d9c0704a342146bd ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
19:45:32.0863 0x1a5c ErrDev ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0863 0x1a5c ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0865 0x1a5c Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0865 0x1a5c Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0867 0x1a5c HidBatt ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0867 0x1a5c HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0869 0x1a5c hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0869 0x1a5c hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0871 0x1a5c IPNAT ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0871 0x1a5c IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0873 0x1a5c LGBusEnum ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0873 0x1a5c LGBusEnum ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0874 0x1a5c megasas ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0874 0x1a5c megasas ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0876 0x1a5c mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0876 0x1a5c mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0878 0x1a5c Msfs ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0878 0x1a5c Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0880 0x1a5c msisadrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0880 0x1a5c msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0881 0x1a5c MTConfig ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0881 0x1a5c MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0882 0x1a5c MTsensor ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0882 0x1a5c MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0883 0x1a5c NdisWan ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0883 0x1a5c NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0885 0x1a5c Ntfs ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0885 0x1a5c Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0886 0x1a5c Null ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0886 0x1a5c Null ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0887 0x1a5c pci ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0887 0x1a5c pci ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0888 0x1a5c pcmcia ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0888 0x1a5c pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0889 0x1a5c ql40xx ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0889 0x1a5c ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0891 0x1a5c QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0891 0x1a5c QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0892 0x1a5c rdbss ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0892 0x1a5c rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0893 0x1a5c RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0893 0x1a5c RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0895 0x1a5c rspndr ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0895 0x1a5c rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0896 0x1a5c RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0896 0x1a5c RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0897 0x1a5c scfilter ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0897 0x1a5c scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0899 0x1a5c sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0899 0x1a5c sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0900 0x1a5c srv2 ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0900 0x1a5c srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0901 0x1a5c tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0901 0x1a5c tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0902 0x1a5c TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0902 0x1a5c TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0904 0x1a5c tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0904 0x1a5c tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0905 0x1a5c UmPass ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0905 0x1a5c UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0906 0x1a5c usbccgp ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0906 0x1a5c usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0907 0x1a5c usbuhci ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0908 0x1a5c usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0909 0x1a5c vga ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0909 0x1a5c vga ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0910 0x1a5c viaide ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0910 0x1a5c viaide ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0911 0x1a5c volmgr ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0911 0x1a5c volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0912 0x1a5c vpcusb ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0913 0x1a5c vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0914 0x1a5c vpcvmm ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0914 0x1a5c vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0915 0x1a5c vwifimp ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0915 0x1a5c vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip
19:45:32.0916 0x1a5c WIMMount ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0916 0x1a5c WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
1 Bild  2 Bild  3 Bild  |
|
14.03.2014, 18:39
| #5 |
| /// the machine /// TB-Ausbilder | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Ich seh keine Bilder  Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.03.2014, 19:51
| #6 |
| | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Lieber Schrauber, habe alles nach deinen Anweisung getan. Es gab keine Störungen und Komplikationen. Den Bericht stelle ich dir zur Verfügung. Code:
ATTFilter ComboFix 14-03-13.01 - Kevin 14.03.2014 19:38:17.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.8191.5893 [GMT 1:00]
ausgeführt von:: c:\users\Kevin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kevin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-14 bis 2014-03-14 ))))))))))))))))))))))))))))))
.
.
2014-03-13 13:15 . 2014-03-13 13:15 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-03-13 02:18 . 2014-03-13 03:19 -------- d-----w- C:\FRST
2014-03-13 01:14 . 2014-03-13 01:14 -------- d-----w- c:\users\Kevin\AppData\Roaming\Avira
2014-03-13 01:13 . 2014-02-25 10:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-13 01:13 . 2014-02-25 10:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-13 01:13 . 2014-02-25 10:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-13 01:09 . 2014-03-13 01:13 -------- d-----w- c:\program files (x86)\Avira
2014-03-13 01:09 . 2014-03-13 01:13 -------- d-----w- c:\programdata\Avira
2014-03-10 02:07 . 2014-03-13 05:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-10 02:07 . 2014-03-10 02:07 -------- d-----w- c:\windows\system32\Macromed
2014-03-10 00:02 . 2014-03-13 00:46 -------- d-----w- c:\users\Kevin\AppData\Roaming\Wudenu
2014-03-10 00:02 . 2014-03-12 22:41 -------- d-----w- c:\users\Kevin\AppData\Roaming\Onyx
2014-03-09 00:52 . 2014-03-09 00:52 -------- d-----w- c:\program files (x86)\Dungeon Defenders
2014-03-06 13:56 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-06 13:50 . 2014-03-06 13:50 -------- d-----w- c:\program files (x86)\Lavalys
2014-03-02 22:41 . 2014-03-02 22:41 -------- d-----w- c:\users\Kevin\AppData\Local\Chromium
2014-03-01 04:39 . 2014-03-13 05:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-01 04:39 . 2014-03-01 04:39 -------- d-----w- c:\windows\SysWow64\Macromed
2014-03-01 03:39 . 2014-03-01 03:39 -------- d-----w- c:\users\Kevin\AppData\Roaming\Awesomium
2014-03-01 03:38 . 2014-03-01 03:38 -------- d-----w- c:\programdata\Hi-Rez Studios
2014-02-27 14:30 . 2014-02-27 14:30 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-02-25 22:05 . 2014-03-03 05:39 -------- d-----w- c:\users\Kevin\AppData\Roaming\Agamdu
2014-02-25 22:05 . 2014-03-03 03:50 -------- d-----w- c:\users\Kevin\AppData\Roaming\Epymit
2014-02-25 19:11 . 2014-02-25 19:11 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 19:11 . 2014-02-25 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-25 19:11 . 2014-02-25 19:11 -------- d-----w- c:\programdata\Malwarebytes
2014-02-25 19:11 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-25 18:33 . 2014-02-25 18:40 -------- d-----w- c:\program files (x86)\GUM9211.tmp
2014-02-25 18:33 . 2014-02-25 18:34 49940480 ----a-w- c:\program files (x86)\GUT9212.tmp
2014-02-20 12:11 . 2014-02-25 19:25 -------- d-----w- c:\users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 12:11 . 2014-02-25 19:23 -------- d-----w- c:\users\Kevin\AppData\Roaming\Osyv
2014-02-19 11:47 . 2014-02-19 11:47 -------- d-----w- c:\program files\Lenovo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 21:50 . 2013-12-15 17:21 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-02-16 21:50 . 2013-12-11 11:55 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-02-02 20:55 . 2013-12-11 11:55 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-01-25 05:13 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-15 17:21 . 2013-12-11 11:55 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UZRmedia"="c:\users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll" [2014-01-01 16896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-07 172624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - d9c0704a342146bd
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-25 18:33 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-10 05:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-20 10151968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\d9c0704a342146bd]
"ImagePath"="\SystemRoot\System32\Drivers\d9c0704a342146bd.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\regsvr32.exe
c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-14 19:47:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-03-14 18:47
.
Vor Suchlauf: 9 Verzeichnis(se), 121.495.998.464 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 121.117.806.592 Bytes frei
.
- - End Of File - - 87334A3C3936AC774D769C08E5212F03
A36C5E4F47E84449FF07ED3517B43A31
|
|
15.03.2014, 17:12
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.03.2014, 17:41
| #8 |
| | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Lieber Schrauber, ich übertrage dir nun die Logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.15.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Kevin :: KEVIN_S [Administrator] 15.03.2014 17:36:09 mbam-log-2014-03-15 (17-36-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 240273 Laufzeit: 3 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) AdwCleaner: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 15/03/2014 um 17:44:29
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : Kevin - KEVIN_S
# Gestartet von : C:\Users\Kevin\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\Users\Kevin\AppData\Local\Mobogenie
[!] Ordner Gelöscht : C:\Users\Kevin\Documents\Mobogenie
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Google Chrome v
[ Datei : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2029 octets] - [15/03/2014 17:42:53]
AdwCleaner[S0].txt - [1852 octets] - [15/03/2014 17:44:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1912 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Kevin on 15.03.2014 at 17:52:58,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2014 at 17:57:37,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRst: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014 01
Ran by Kevin (administrator) on KEVIN_S on 15-03-2014 17:59:34
Running from C:\Users\Kevin\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hi-Rez Studios) D:\Smite\HiPatchService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Thisisu) C:\Users\Kevin\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Valve Corporation) D:\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Nostromo Driver] - C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x05871061813DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google-Suche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-10]
CHR Extension: (Yulia Brodskaya) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
R2 HiPatchService; D:\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-15] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [227840 2009-07-14] ()
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] ()
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] ()
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] ()
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] ()
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] ()
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] ()
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] ()
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] ()
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [12534784 2013-10-08] ()
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [619008 2013-10-08] ()
R3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-14] ()
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] ()
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] ()
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] ()
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] ()
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] ()
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] ()
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] ()
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] ()
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] ()
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] ()
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] ()
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] ()
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] ()
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] ()
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] ()
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] ()
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] ()
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] ()
U5 d9c0704a342146bd; C:\Windows\System32\Drivers\d9c0704a342146bd.sys [78800 2014-01-02] () <===== ATTENTION Necurs Rootkit?
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2009-11-04] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] ()
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] ()
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] ()
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] ()
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] ()
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] ()
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2350240 2010-05-20] ()
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] ()
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] ()
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] ()
R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [22408 2009-11-24] ()
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [16008 2009-11-24] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] ()
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] ()
S3 msahci; C:\Windows\system32\DRIVERS\msahci.sys [30272 2009-07-14] ()
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
R3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] ()
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] ()
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] ()
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] ()
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] ()
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] ()
R0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] ()
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] ()
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] ()
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [347680 2010-05-20] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] ()
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] ()
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] ()
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] ()
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] ()
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [126912 2012-04-19] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] ()
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] ()
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] ()
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] ()
R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109568 2009-07-14] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] ()
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] ()
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-14] ()
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] ()
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] ()
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] ()
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] ()
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] ()
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] ()
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] ()
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [187904 2009-11-04] ()
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [66304 2009-11-04] ()
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2009-11-04] ()
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [359552 2009-11-04] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] ()
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] ()
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] ()
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:52 - 2014-03-15 17:52 - 01037734 _____ (Thisisu) C:\Users\Kevin\Downloads\JRT.exe
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:42 - 2014-03-15 17:45 - 00000000 ____D () C:\AdwCleaner
2014-03-15 17:42 - 2014-03-15 17:42 - 01950720 _____ () C:\Users\Kevin\Downloads\adwcleaner.exe
2014-03-14 23:36 - 2014-03-14 23:37 - 00017513 _____ () C:\Windows\DirectX.log
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:33 - 2014-03-14 19:47 - 00000000 ____D () C:\Qoobox
2014-03-14 19:33 - 2014-03-14 19:46 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-14 19:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-14 19:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-14 19:32 - 2014-03-14 19:32 - 05190279 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2014-03-14 04:40 - 2014-03-14 04:49 - 16016506 _____ () C:\Users\Kevin\Downloads\one_piece_nami_robi_5.7z
2014-03-14 03:49 - 2014-03-14 03:49 - 01467128 _____ () C:\Users\Kevin\Downloads\SystemCheck_deDE.exe
2014-03-13 19:01 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-03-13 18:53 - 2014-03-13 18:54 - 04110135 _____ () C:\Users\Kevin\Downloads\tdsskiller.zip
2014-03-13 18:49 - 2014-03-13 18:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Downloads\tdsskiller.exe
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-15 17:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 04:35 - 2014-03-13 04:36 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:22 - 2014-03-13 04:22 - 00380416 _____ () C:\Users\Kevin\Downloads\Gmer-19357.exe
2014-03-13 04:19 - 2014-03-13 04:19 - 00031518 _____ () C:\Users\Kevin\Downloads\Addition.txt
2014-03-13 04:17 - 2014-03-15 17:59 - 00027491 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:14 - 2014-03-13 04:15 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 04:06 - 2014-03-13 04:23 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:18 - 2014-03-15 17:59 - 00000000 ____D () C:\FRST
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-15 17:46 - 00000392 _____ () C:\Windows\setupact.log
2014-03-13 03:09 - 2014-03-14 19:43 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:05 - 2014-03-15 17:56 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-11 00:31 - 2014-02-21 10:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-03-10 22:49 - 2013-11-08 09:12 - 00000000 ____D () C:\Users\Kevin\Downloads\After.Earth.2013.BDRip.AC3.German.XviD-MB
2014-03-10 16:02 - 2014-03-10 16:06 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:40 - 2014-03-10 15:46 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:19 - 2014-03-10 04:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 03:43 - 2014-03-10 04:09 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 03:43 - 2014-03-10 04:07 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:43 - 2014-03-10 03:57 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:17 - 2014-03-10 03:34 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:16 - 2014-03-10 03:33 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:16 - 2014-03-10 03:32 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-13 06:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-10 01:02 - 2014-03-13 01:46 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-10 01:02 - 2014-03-12 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 14:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-06 14:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-06 14:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-13 06:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 23:05 - 2014-03-03 06:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-02-25 23:05 - 2014-03-03 04:50 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:33 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:33 - 2014-02-25 19:34 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-20 13:11 - 2014-02-25 20:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 13:11 - 2014-02-25 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
==================== One Month Modified Files and Folders =======
2014-03-15 17:59 - 2014-03-13 04:17 - 00027491 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-15 17:59 - 2014-03-13 03:18 - 00000000 ____D () C:\FRST
2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:56 - 2014-03-13 02:05 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-15 17:55 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 17:55 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 17:52 - 2014-03-15 17:52 - 01037734 _____ (Thisisu) C:\Users\Kevin\Downloads\JRT.exe
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:48 - 2013-12-10 15:04 - 00000498 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-15 17:47 - 2013-12-26 02:45 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2014-03-15 17:46 - 2014-03-13 03:09 - 00000392 _____ () C:\Windows\setupact.log
2014-03-15 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 17:45 - 2014-03-15 17:42 - 00000000 ____D () C:\AdwCleaner
2014-03-15 17:43 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2014-03-15 17:42 - 2014-03-15 17:42 - 01950720 _____ () C:\Users\Kevin\Downloads\adwcleaner.exe
2014-03-15 17:40 - 2014-03-13 06:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 12:58 - 2013-12-11 00:01 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\vlc
2014-03-14 23:37 - 2014-03-14 23:36 - 00017513 _____ () C:\Windows\DirectX.log
2014-03-14 23:37 - 2013-12-29 00:48 - 00000000 ____D () C:\Users\Kevin\Documents\my games
2014-03-14 20:24 - 2009-07-14 18:58 - 00700562 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 20:24 - 2009-07-14 18:58 - 00149462 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 20:24 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 20:23 - 2013-12-10 14:42 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-14 20:22 - 2013-12-10 21:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:47 - 2014-03-14 19:33 - 00000000 ____D () C:\Qoobox
2014-03-14 19:47 - 2013-12-10 15:57 - 00000000 ____D () C:\Users\Max
2014-03-14 19:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-14 19:46 - 2014-03-14 19:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-14 19:43 - 2014-03-13 03:09 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-14 19:32 - 2014-03-14 19:32 - 05190279 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2014-03-14 19:32 - 2013-12-11 16:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2014-03-14 19:32 - 2013-12-10 15:07 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\TS3Client
2014-03-14 04:49 - 2014-03-14 04:40 - 16016506 _____ () C:\Users\Kevin\Downloads\one_piece_nami_robi_5.7z
2014-03-14 03:49 - 2014-03-14 03:49 - 01467128 _____ () C:\Users\Kevin\Downloads\SystemCheck_deDE.exe
2014-03-13 20:04 - 2013-12-10 14:49 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-13 18:54 - 2014-03-13 18:53 - 04110135 _____ () C:\Users\Kevin\Downloads\tdsskiller.zip
2014-03-13 18:49 - 2014-03-13 18:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Downloads\tdsskiller.exe
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 06:42 - 2014-03-10 03:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 06:42 - 2014-03-01 05:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 05:14 - 2013-12-10 14:31 - 00001706 _____ () C:\Users\Kevin\Desktop\W-Lan Code.txt
2014-03-13 04:36 - 2014-03-13 04:35 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:23 - 2014-03-13 04:06 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 04:22 - 2014-03-13 04:22 - 00380416 _____ () C:\Users\Kevin\Downloads\Gmer-19357.exe
2014-03-13 04:19 - 2014-03-13 04:19 - 00031518 _____ () C:\Users\Kevin\Downloads\Addition.txt
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:15 - 2014-03-13 04:14 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:14 - 2013-12-10 14:26 - 00000000 ____D () C:\Users\Kevin
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 03:09 - 2009-07-14 01:20 - 00000000 __SHD () C:\Users\Kevin\AppData\Roaming\brjhugsc
2014-03-13 02:32 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Kevin\Desktop\Sc
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Spiele
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Programme
2014-03-13 02:30 - 2014-01-18 21:04 - 00003334 _____ () C:\Windows\System32\Tasks\{96E09B51-3767-4369-B365-95C572CD4F5D}
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:09 - 2013-12-10 14:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 01:58 - 2013-12-11 12:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-13 01:46 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-13 01:41 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Microsoft Games
2014-03-12 23:41 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-10 22:54 - 2013-12-27 04:57 - 00000000 ____D () C:\Users\Kevin\Downloads\2.Harry.Potter.und.die.Kammer.des.Schreckens-23thstreet
2014-03-10 16:06 - 2014-03-10 16:02 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:46 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:21 - 2014-03-10 04:19 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 04:09 - 2014-03-10 03:43 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 04:07 - 2014-03-10 03:43 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:57 - 2014-03-10 03:43 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:34 - 2014-03-10 03:17 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:33 - 2014-03-10 03:16 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:32 - 2014-03-10 03:16 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-07 17:31 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Battle.net
2014-03-07 05:29 - 2013-12-11 23:03 - 00000596 _____ () C:\Users\Kevin\Desktop\Neues Textdokument.txt
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-03 06:39 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-03-03 04:50 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 04:38 - 2013-12-10 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 20:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-27 15:26 - 2014-03-13 19:01 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-02-25 21:15 - 2013-12-17 01:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yjquxu
2014-02-25 20:25 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-25 20:25 - 2013-12-10 14:27 - 00000000 ___RD () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 20:23 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:40 - 2014-02-25 19:33 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-25 19:34 - 2014-02-25 19:33 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:34 - 2013-12-10 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 19:33 - 2013-12-10 14:32 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Deployment
2014-02-25 19:25 - 2014-01-21 23:30 - 00000000 ____D () C:\Windows\Minidump
2014-02-25 19:25 - 2013-12-10 14:15 - 00000000 ____D () C:\Windows\Panther
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-25 11:41 - 2014-03-13 02:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-21 10:21 - 2014-03-11 00:31 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-16 22:50 - 2013-12-15 18:21 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-16 22:50 - 2013-12-11 12:55 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\avgnt.exe
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:20] - [2009-07-14 02:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-02-28 00:40
==================== End Of Log ============================
Geändert von Hahpuh (15.03.2014 um 18:00 Uhr) |
|
16.03.2014, 17:06
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: Verdacht auf Trojaner (Probleme über Probleme)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.03.2014, 05:52
| #10 |
| | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=61cd62c916ee88448a3e905d5000b250
# engine=17486
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-18 04:49:31
# local_time=2014-03-18 05:49:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 94 0 1796907 8408 0
# compatibility_mode=5893 16776574 100 94 1763377 147523842 0 0
# scanned=191556
# found=4
# cleaned=0
# scan_time=4118
sh=ACC5638242CD8AAA80251438FB85428E2B02F856 ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\nhkdgbjgkphgeoplnokbdnclpbagempn\2.0.1\background.js"
sh=E7E50CD911B9451F343F1FDF57FBC0A786C9FDD1 ft=1 fh=ca3ea8d585515dc8 vn="a variant of Win32/Sefnit.CW trojan" ac=I fn="C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll"
sh=53DE1B6BD2D14254EC762EEBE9F57E79F4EBE9C8 ft=1 fh=1ec55d698fb78f56 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\JDwloader Dls\Godus.Beta.v2.0-3DM\steam_api.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Sefnit.CW trojan" ac=I fn="${Memory}"
SC: Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 x64 (UAC is disabled!) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 33.0.1750.117 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Frst: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Kevin (administrator) on KEVIN_S on 18-03-2014 05:58:31
Running from C:\Users\Kevin\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hi-Rez Studios) D:\Smite\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
(Valve Corporation) D:\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
(Blizzard Entertainment) D:\Blizzard\Battle.net\Battle.net.4269\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Nostromo Driver] - C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x05871061813DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google-Suche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-10]
CHR Extension: (Yulia Brodskaya) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
U2 HiPatchService; D:\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-15] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
U5 d9c0704a342146bd; C:\Windows\System32\Drivers\d9c0704a342146bd.sys [78800 2014-01-02] () <===== ATTENTION Necurs Rootkit?
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] (Realtek Semiconductor Corporation )
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] ()
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] ()
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-18 05:58 - 2014-03-18 05:58 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-18 05:58 - 2014-03-18 05:58 - 00009481 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-18 05:53 - 2014-03-18 05:53 - 00987442 _____ () C:\Users\Kevin\Desktop\SecurityCheck.exe
2014-03-18 04:38 - 2014-03-18 04:38 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu (1).exe
2014-03-18 04:38 - 2014-03-18 04:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-17 04:24 - 2014-03-17 04:24 - 00185001 _____ () C:\Users\Kevin\Desktop\gfh.xps
2014-03-16 18:27 - 2014-03-16 18:28 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu.exe
2014-03-16 00:57 - 2014-03-16 00:57 - 710317926 _____ () C:\Windows\MEMORY.DMP
2014-03-16 00:57 - 2014-03-16 00:57 - 00276200 _____ () C:\Windows\Minidump\031614-24148-01.dmp
2014-03-15 18:29 - 2014-03-15 18:29 - 04479832 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x86.exe
2014-03-15 18:27 - 2014-03-15 18:28 - 10274136 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x64.exe
2014-03-15 18:27 - 2014-03-15 18:27 - 04657496 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_IA64.exe
2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:42 - 2014-03-15 17:45 - 00000000 ____D () C:\AdwCleaner
2014-03-14 23:36 - 2014-03-15 23:54 - 00035026 _____ () C:\Windows\DirectX.log
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:33 - 2014-03-14 19:47 - 00000000 ____D () C:\Qoobox
2014-03-14 19:33 - 2014-03-14 19:46 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-14 19:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-14 19:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-13 19:01 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-18 05:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 04:35 - 2014-03-13 04:36 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:06 - 2014-03-13 04:23 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:18 - 2014-03-18 05:58 - 00000000 ____D () C:\FRST
2014-03-13 03:09 - 2014-03-16 17:24 - 00003183 _____ () C:\Windows\setupact.log
2014-03-13 03:09 - 2014-03-14 19:43 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 02:09 - 2014-03-15 23:23 - 00002556 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:05 - 2014-03-18 05:45 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-11 00:31 - 2014-02-21 10:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-03-10 22:49 - 2013-11-08 09:12 - 00000000 ____D () C:\Users\Kevin\Downloads\After.Earth.2013.BDRip.AC3.German.XviD-MB
2014-03-10 16:02 - 2014-03-10 16:06 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:40 - 2014-03-10 15:46 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:19 - 2014-03-10 04:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 03:43 - 2014-03-10 04:09 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 03:43 - 2014-03-10 04:07 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:43 - 2014-03-10 03:57 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:07 - 2014-03-13 06:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-10 01:02 - 2014-03-13 01:46 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-10 01:02 - 2014-03-12 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 14:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-06 14:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-06 14:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-13 06:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 23:05 - 2014-03-03 06:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-02-25 23:05 - 2014-03-03 04:50 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:33 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:33 - 2014-02-25 19:34 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-20 13:11 - 2014-02-25 20:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 13:11 - 2014-02-25 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
==================== One Month Modified Files and Folders =======
2014-03-18 05:58 - 2014-03-18 05:58 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-18 05:58 - 2014-03-18 05:58 - 00009481 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-18 05:58 - 2014-03-13 03:18 - 00000000 ____D () C:\FRST
2014-03-18 05:55 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2014-03-18 05:53 - 2014-03-18 05:53 - 00987442 _____ () C:\Users\Kevin\Desktop\SecurityCheck.exe
2014-03-18 05:45 - 2014-03-13 02:05 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-18 05:40 - 2014-03-13 06:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 05:39 - 2013-12-11 16:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2014-03-18 04:43 - 2013-12-10 15:07 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\TS3Client
2014-03-18 04:38 - 2014-03-18 04:38 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu (1).exe
2014-03-18 04:38 - 2014-03-18 04:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-17 21:50 - 2013-12-11 00:01 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\vlc
2014-03-17 05:19 - 2013-12-26 02:45 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2014-03-17 04:24 - 2014-03-17 04:24 - 00185001 _____ () C:\Users\Kevin\Desktop\gfh.xps
2014-03-16 18:28 - 2014-03-16 18:27 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu.exe
2014-03-16 17:27 - 2009-07-14 18:58 - 00700562 _____ () C:\Windows\system32\perfh007.dat
2014-03-16 17:27 - 2009-07-14 18:58 - 00149462 _____ () C:\Windows\system32\perfc007.dat
2014-03-16 17:27 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 17:24 - 2014-03-13 03:09 - 00003183 _____ () C:\Windows\setupact.log
2014-03-16 08:43 - 2013-12-10 14:42 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-16 08:32 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 08:32 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 08:25 - 2013-12-10 15:04 - 00000497 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-16 08:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 01:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 00:57 - 2014-03-16 00:57 - 710317926 _____ () C:\Windows\MEMORY.DMP
2014-03-16 00:57 - 2014-03-16 00:57 - 00276200 _____ () C:\Windows\Minidump\031614-24148-01.dmp
2014-03-16 00:57 - 2014-01-21 23:30 - 00000000 ____D () C:\Windows\Minidump
2014-03-15 23:54 - 2014-03-14 23:36 - 00035026 _____ () C:\Windows\DirectX.log
2014-03-15 23:23 - 2014-03-13 02:09 - 00002556 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 18:29 - 2014-03-15 18:29 - 04479832 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x86.exe
2014-03-15 18:28 - 2014-03-15 18:27 - 10274136 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x64.exe
2014-03-15 18:27 - 2014-03-15 18:27 - 04657496 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_IA64.exe
2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:45 - 2014-03-15 17:42 - 00000000 ____D () C:\AdwCleaner
2014-03-14 23:37 - 2013-12-29 00:48 - 00000000 ____D () C:\Users\Kevin\Documents\my games
2014-03-14 20:22 - 2013-12-10 21:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:47 - 2014-03-14 19:33 - 00000000 ____D () C:\Qoobox
2014-03-14 19:47 - 2013-12-10 15:57 - 00000000 ____D () C:\Users\Max
2014-03-14 19:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-14 19:46 - 2014-03-14 19:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-14 19:43 - 2014-03-13 03:09 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-13 20:04 - 2013-12-10 14:49 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 06:42 - 2014-03-10 03:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 06:42 - 2014-03-01 05:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 05:14 - 2013-12-10 14:31 - 00001706 _____ () C:\Users\Kevin\Desktop\W-Lan Code.txt
2014-03-13 04:36 - 2014-03-13 04:35 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:23 - 2014-03-13 04:06 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:14 - 2013-12-10 14:26 - 00000000 ____D () C:\Users\Kevin
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 03:09 - 2009-07-14 01:20 - 00000000 __SHD () C:\Users\Kevin\AppData\Roaming\brjhugsc
2014-03-13 02:32 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Kevin\Desktop\Sc
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Spiele
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Programme
2014-03-13 02:30 - 2014-01-18 21:04 - 00003334 _____ () C:\Windows\System32\Tasks\{96E09B51-3767-4369-B365-95C572CD4F5D}
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2013-12-10 14:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 01:58 - 2013-12-11 12:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-13 01:46 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-13 01:41 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Microsoft Games
2014-03-12 23:41 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-10 22:54 - 2013-12-27 04:57 - 00000000 ____D () C:\Users\Kevin\Downloads\2.Harry.Potter.und.die.Kammer.des.Schreckens-23thstreet
2014-03-10 16:06 - 2014-03-10 16:02 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:46 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:21 - 2014-03-10 04:19 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 04:09 - 2014-03-10 03:43 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 04:07 - 2014-03-10 03:43 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:57 - 2014-03-10 03:43 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-07 17:31 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Battle.net
2014-03-07 05:29 - 2013-12-11 23:03 - 00000596 _____ () C:\Users\Kevin\Desktop\Neues Textdokument.txt
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-03 06:39 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-03-03 04:50 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 04:38 - 2013-12-10 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-27 15:26 - 2014-03-13 19:01 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-02-25 21:15 - 2013-12-17 01:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yjquxu
2014-02-25 20:25 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-25 20:25 - 2013-12-10 14:27 - 00000000 ___RD () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 20:23 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:40 - 2014-02-25 19:33 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-25 19:34 - 2014-02-25 19:33 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:34 - 2013-12-10 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 19:33 - 2013-12-10 14:32 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Deployment
2014-02-25 19:25 - 2013-12-10 14:15 - 00000000 ____D () C:\Windows\Panther
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-25 11:41 - 2014-03-13 02:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-21 10:21 - 2014-03-11 00:31 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-16 22:50 - 2013-12-15 18:21 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-16 22:50 - 2013-12-11 12:55 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\avgnt.exe
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:20] - [2009-07-14 02:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-03-15 19:03
==================== End Of Log ============================
--- --- --- Bis auf eine bestimmte Sache soweit schon: Zwischendurch öffnet sich manchmal ganz schnell ein kleines weißes Fenster und ich hab im Task-Manager auf einmal den I-Net Explorer auf. Jedoch nur unter "Prozesse". Zudem bekomme ich in Spielen unheimliche Spikes und die Verbindung bricht öfters ab. Ansonsten super Arbeit. Geändert von Hahpuh (18.03.2014 um 06:02 Uhr) |
|
18.03.2014, 12:23
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) Adobe updaten, unbedingt Windows updaten, da fehlt ein ganzes Servicepack. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Kevin\AppData\Local\UZRmedia
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Verdacht auf Trojaner (Probleme über Probleme) |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, branding, computer, desktop, dxgkrnl, fehler, flash player, help, homepage, installation, langsam, launch, mobogenie, mobogenie entfernen, realtek, registry, rootkit, scan, security, software, spielen, svchost.exe, system, taskmanager, teamspeak, tunnel, usb, win32/boaxxe.be, win32/packed.vmprotect.abd, win32/sefnit.cw |
WARNUNG an die MITLESER: 
Linear-Darstellung
