| |
| |||||||
Log-Analyse und Auswertung: Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur EntfernungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2014, 18:25
| #1 |
 |  Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Am 21.04.2014 haben wir uns wohl den o.g. Trojaner irgendwo eingefangen. Am nächsten Tag war der Laptop sehr langsam und zeigte seltsame Reaktionen. Später kam eine Mail vom Telekom-Abuse-Team, dass vom Internet-Zugang aus Spam-Mails versendet wurden. Der Scan mit Microsoft Security Essentials zeigte den Trojaner, sagte auch, er würde entfernt, die Fehler blieben aber bestehen. Ergebnis von MSE:  Ich konnte kein anderes Virenschutzprogramm downloaden, auch MSE ließ sich nicht mehr auf Echtzeitschutz umstellen. Hier die FRST-Txts: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by kaisermuecke (administrator) on VAIO on 28-04-2014 17:57:02
Running from C:\Users\kaisermuecke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GX1Z2ZVS
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(AVEO) C:\Program Files (x86)\AVEO USB2.0 PC Camera\CamAppSTI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [CamAppSTI.exe] => C:\Program Files (x86)\AVEO USB2.0 PC Camera\CamAppSTI.exe [28672 2009-01-04] (AVEO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-3801510222-125144055-1401985464-1000\...\Run: [SsAAD.exe] => C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe [476728 2007-02-05] ()
HKU\S-1-5-21-3801510222-125144055-1401985464-1000\...\Run: [] => [X]
HKU\S-1-5-21-3801510222-125144055-1401985464-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\S-1-5-21-3801510222-125144055-1401985464-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3801510222-125144055-1401985464-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-04] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=7D54D724A51E68AFE99F44534D6FA371
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3321037&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP8118B7E3-3057-4B07-ABA4-F0DCB45F937D&q={searchTerms}&SSPV=
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321037&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP8118B7E3-3057-4B07-ABA4-F0DCB45F937D&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3321037&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP8118B7E3-3057-4B07-ABA4-F0DCB45F937D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2F70B110-5528-4E48-AFED-FD8103503BA8} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {338A4BAC-CFAC-49A1-9D6C-669466AD76E6} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {60052143-1FD5-4EB7-B5CC-674026E76B28} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {617D36F0-9211-472B-A781-A52E2AFC34BB} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {82343DB4-4710-409E-99FB-C7C54B300FFE} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {EE4B1268-064F-4D9C-A283-EAAAE25FED37} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {F5A2BA37-BF8C-4253-B5F1-2E4EBB9949CD} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-25]
Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=7D54D724A51E68AFE99F44534D6FA371
CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=7D54D724A51E68AFE99F44534D6FA371", "hxxp://search.conduit.com/?ctid=CT3321037&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8118B7E3-3057-4B07-ABA4-F0DCB45F937D&SSPV="
CHR DefaultSearchKeyword: securesearch
CHR DefaultSearchProvider: SecureSearch
CHR DefaultSearchURL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\kaisermuecke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
==================== Services (Whitelisted) =================
Locked "fc65432756c619f5" service could not be unlocked. <===== ATTENTION
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 HPSLPSVC; C:\Users\kaisermuecke\AppData\Local\Temp\7zS6C3F\HPSLPSVC64.DLL [1039360 2011-11-14] (Hewlett-Packard Co.)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S2 syshost32; No ImagePath
==================== Drivers (Whitelisted) ====================
R3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] ()
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] ()
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] ()
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-14] ()
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-14] ()
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-28] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] ()
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] ()
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] ()
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] ()
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-03-11] ()
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-14] ()
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] ()
R3 ApfiltrService; C:\Windows\system32\drivers\Apfiltr.sys [299568 2010-05-14] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] ()
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] ()
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] ()
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] ()
S3 atapi; C:\Windows\system32\drivers\atapi.sys [24128 2009-07-14] ()
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2203136 2010-05-16] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [307072 2010-04-01] ()
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] ()
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] ()
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] ()
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] ()
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] ()
S3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [41984 2009-07-14] ()
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] ()
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] ()
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-07-06] ()
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2011-04-28] ()
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [342056 2010-06-21] ()
S3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102952 2010-06-21] ()
S3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [135720 2010-06-21] ()
S3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2010-06-21] ()
S3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2010-06-21] ()
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] ()
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] ()
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] ()
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] ()
S3 Dot4; C:\Windows\System32\DRIVERS\Dot4.sys [145920 2009-07-14] ()
S3 Dot4Print; C:\Windows\system32\drivers\Dot4Prt.sys [19968 2010-11-20] ()
S3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [43008 2009-07-14] ()
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
U5 fc65432756c619f5; C:\Windows\System32\Drivers\fc65432756c619f5.sys [78808 2014-04-10] () <===== ATTENTION Necurs Rootkit?
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] ()
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] ()
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [30208 2010-11-20] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] ()
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] ()
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [540696 2010-03-04] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] ()
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] ()
R3 Impcd; C:\Windows\system32\drivers\Impcd.sys [158720 2010-07-16] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2357024 2010-06-21] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] ()
R3 intelppm; C:\Windows\system32\drivers\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] ()
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [50768 2009-07-14] ()
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-20] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2013-09-25] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154560 2013-09-25] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\system32\drivers\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] ()
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] ()
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
R3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [83080 2010-04-27] ()
R3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [184968 2010-04-27] ()
R3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [86120 2010-07-29] ()
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [12460136 2010-07-29] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] ()
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] ()
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-27] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] ()
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] ()
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55024 2008-06-16] ()
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] ()
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] ()
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] ()
R2 rimspci; C:\Windows\system32\drivers\rimssne64.sys [94208 2010-06-23] ()
R2 risdsnpe; C:\Windows\system32\drivers\risdsne64.sys [78848 2010-06-23] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] ()
R3 sdbus; C:\Windows\system32\drivers\sdbus.sys [109056 2010-11-20] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [158720 2012-07-30] ()
S3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] ()
R3 SFEP; C:\Windows\system32\drivers\SFEP.sys [12032 2010-04-26] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] ()
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] ()
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] ()
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] ()
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] ()
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] ()
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] ()
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] ()
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] ()
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] ()
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] ()
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [402720 2010-06-23] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-28 17:56 - 2014-04-28 17:57 - 00000000 ____D () C:\FRST
2014-04-28 17:20 - 2014-04-28 17:23 - 00000486 _____ () C:\Users\kaisermuecke\Desktop\defogger_disable.log
2014-04-28 17:20 - 2014-04-28 17:20 - 00000000 _____ () C:\Users\kaisermuecke\defogger_reenable
2014-04-28 17:19 - 2014-04-28 17:19 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-04-28 17:18 - 2014-04-28 17:18 - 00001675 _____ () C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-04-21 11:39 - 2014-04-21 11:39 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-21 11:39 - 2014-04-21 11:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-21 11:39 - 2014-04-21 11:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-21 11:38 - 2014-04-21 11:39 - 13849784 _____ (Microsoft Corporation) C:\Users\kaisermuecke\Downloads\mseinstall.exe
2014-04-21 11:25 - 2014-04-21 11:26 - 26747104 _____ (Microsoft Corporation) C:\Users\kaisermuecke\Downloads\Windows-KB890830-x64-V5.11 (1).exe
2014-04-21 10:23 - 2014-04-21 10:23 - 00001173 _____ () C:\Users\kaisermuecke\Downloads\Crombie_Die-stillen-Wasser-des-Todes.acsm
2014-04-21 10:17 - 2014-04-21 10:32 - 256314176 _____ () C:\Users\kaisermuecke\Downloads\kis14.0.0.4651abDE_5169 (1).exe
2014-04-20 22:02 - 2014-04-20 22:02 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-20 22:01 - 2014-04-20 22:01 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-04-20 21:56 - 2014-04-20 22:15 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\systweak
2014-04-20 21:56 - 2014-04-20 21:56 - 18058688 _____ (Simply Super Software ) C:\Users\kaisermuecke\Downloads\trjsetup691.exe
2014-04-20 21:56 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-20 21:12 - 2014-04-20 21:13 - 26747104 _____ (Microsoft Corporation) C:\Users\kaisermuecke\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-20 20:44 - 2014-04-20 21:01 - 256314176 _____ () C:\Users\kaisermuecke\Downloads\kis14.0.0.4651abDE_5169.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00000000 ____D () C:\Users\kaisermuecke\Documents\Criterion Games
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\ProgramData\EA Core
2014-04-20 11:39 - 2014-04-20 12:00 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-04-20 11:39 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-04-20 11:39 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-04-20 11:39 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-04-20 11:39 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-04-20 11:39 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-04-20 11:39 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-04-20 11:39 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-04-20 11:39 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-04-20 11:39 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-04-20 11:39 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-04-20 11:39 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-04-20 11:39 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-04-20 11:39 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-04-20 11:39 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-04-20 11:39 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-04-20 11:39 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-04-20 11:39 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-04-20 11:39 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-04-20 11:39 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-04-20 11:39 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-04-20 11:39 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-04-20 11:39 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-04-20 11:39 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-04-20 11:39 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-04-20 11:39 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-04-20 11:39 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-04-20 11:39 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-04-20 11:39 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-04-20 11:39 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-04-20 11:39 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-04-20 11:39 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-04-20 11:39 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-04-20 11:39 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-04-20 11:39 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-04-20 11:39 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-04-20 11:39 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-04-20 11:39 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-04-20 11:39 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-04-20 11:39 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-04-20 11:39 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-04-20 11:39 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-04-20 11:39 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-04-20 11:39 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-04-20 11:39 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-04-20 11:39 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-04-20 11:39 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-04-20 11:39 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-04-20 11:39 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-04-20 11:39 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-04-20 11:39 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-04-20 11:39 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-04-20 11:39 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-04-20 11:39 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-04-20 11:39 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-04-20 11:39 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-04-20 11:39 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-04-20 11:39 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-04-20 11:39 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-04-20 11:39 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-04-20 11:39 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-04-20 11:39 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-04-20 11:39 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-04-20 11:39 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-04-20 11:39 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-04-20 11:39 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-04-20 11:39 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-04-20 11:39 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-04-20 11:39 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-04-20 11:39 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-04-20 11:39 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-04-20 11:39 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-04-20 11:39 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-04-20 11:39 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-04-20 11:39 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-04-20 11:39 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-04-20 11:39 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-04-20 11:39 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-04-20 11:39 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-04-20 11:39 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-04-20 11:39 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-04-20 11:39 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-04-20 11:39 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-04-20 11:39 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-04-20 11:39 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-04-20 11:39 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-04-20 11:39 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-04-20 11:39 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-04-20 11:39 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-04-20 11:39 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-04-20 11:39 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-04-20 11:39 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-04-20 11:39 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-04-20 11:39 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-04-20 11:39 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-04-20 11:39 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-04-20 11:39 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-04-20 11:39 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-04-20 11:39 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-04-20 11:39 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-04-20 11:39 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-04-20 11:39 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-04-20 11:39 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-04-20 11:39 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-04-20 11:39 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-04-20 11:39 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-04-20 11:39 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-04-20 11:39 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-04-20 11:39 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-04-20 11:39 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-04-20 11:39 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-04-20 11:39 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-04-20 11:39 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-04-20 11:39 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-04-20 11:39 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-04-20 11:39 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-04-20 11:39 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-04-20 11:39 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-04-20 11:39 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-04-20 11:39 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-04-20 11:39 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-04-20 11:39 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-04-20 11:38 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-04-20 11:38 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-04-20 11:38 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-04-20 11:38 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-04-20 11:38 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-04-20 11:38 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-04-20 11:38 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-04-20 11:38 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-04-20 11:38 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-04-20 11:38 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-04-20 11:38 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-04-20 11:38 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-04-20 11:38 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-04-20 11:38 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-04-20 11:38 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-04-20 11:38 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-04-20 11:32 - 2014-04-20 11:35 - 00000000 ____D () C:\ProgramData\Solidshield
2014-04-15 20:13 - 2014-04-15 20:13 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\LavasoftStatistics
2014-04-15 20:04 - 2014-04-15 20:04 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-15 19:43 - 2014-04-20 20:41 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-15 19:43 - 2014-04-15 19:43 - 00000061 _____ () C:\prefs.js
2014-04-15 19:43 - 2014-04-15 19:43 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\SecureSearch
2014-04-15 19:43 - 2014-04-15 19:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-15 19:40 - 2014-04-15 19:40 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-15 18:40 - 2014-04-15 18:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-15 17:36 - 2014-04-15 17:36 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\TuneUp Software
2014-04-15 17:24 - 2014-04-15 19:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-15 17:24 - 2014-04-15 17:24 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Local\MFAData
2014-04-15 14:42 - 2014-04-15 14:42 - 00185944 _____ (Лаборатория Касперского) C:\Users\kaisermuecke\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5623.exe
2014-04-15 13:51 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140415-135137
2014-04-14 20:04 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140414-200411
2014-04-14 15:33 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140414-153355
2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-14 14:46 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140414-144609
2014-04-14 14:30 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140414-143036
2014-04-14 14:09 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140414-140952
2014-04-14 13:55 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140414-135557
2014-04-13 23:14 - 2014-04-16 14:27 - 00000000 ____D () C:\Windows\SysWOW64\140413-231407
2014-04-13 21:35 - 2014-04-13 21:35 - 00000000 ____D () C:\Windows\SysWOW64\140413-213519
2014-04-13 15:35 - 2014-04-13 15:35 - 00001528 _____ () C:\Users\kaisermuecke\Downloads\URLLink (96).acsm
2014-04-12 18:00 - 2014-04-12 18:01 - 00001508 _____ () C:\Users\kaisermuecke\Downloads\URLLink (95).acsm
2014-04-10 14:14 - 2014-04-10 14:14 - 00078808 _____ () C:\Windows\system32\Drivers\fc65432756c619f5.sys
2014-04-09 14:03 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 14:03 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 14:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 14:03 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 14:02 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:02 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:02 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:02 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:02 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:02 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:02 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:02 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:02 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:02 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:02 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:02 - 2014-02-04 04:35 - 00274880 _____ () C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:02 - 2014-02-04 04:35 - 00190912 _____ () C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:02 - 2014-02-04 04:35 - 00027584 _____ () C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:02 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:02 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:02 - 2014-01-24 04:37 - 01684928 _____ () C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 20:20 - 2014-04-06 20:20 - 00001488 _____ () C:\Users\kaisermuecke\Downloads\URLLink (94).acsm
==================== One Month Modified Files and Folders =======
2014-04-28 17:57 - 2014-04-28 17:56 - 00000000 ____D () C:\FRST
2014-04-28 17:54 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 17:54 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 17:53 - 2011-02-13 11:43 - 01577041 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 17:49 - 2011-02-13 11:51 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B773CA8F-B2ED-4BFB-8A77-50CDB650C6F5}
2014-04-28 17:49 - 2010-12-04 18:10 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-28 17:49 - 2010-12-04 18:10 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-28 17:49 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 17:46 - 2014-02-22 16:56 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-28 17:46 - 2010-12-04 09:32 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 17:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 17:46 - 2009-07-14 06:51 - 00220459 _____ () C:\Windows\setupact.log
2014-04-28 17:30 - 2011-02-26 19:10 - 00000000 ____D () C:\Users\kaisermuecke\Anja
2014-04-28 17:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-28 17:23 - 2014-04-28 17:20 - 00000486 _____ () C:\Users\kaisermuecke\Desktop\defogger_disable.log
2014-04-28 17:22 - 2010-12-04 09:32 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 17:20 - 2014-04-28 17:20 - 00000000 _____ () C:\Users\kaisermuecke\defogger_reenable
2014-04-28 17:20 - 2011-02-13 11:43 - 00000000 ____D () C:\Users\kaisermuecke
2014-04-28 17:19 - 2014-04-28 17:19 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-04-28 17:18 - 2014-04-28 17:18 - 00001675 _____ () C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-04-28 16:24 - 2013-04-06 17:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 14:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-27 14:41 - 2013-02-21 19:02 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\Skype
2014-04-27 12:52 - 2011-05-25 17:12 - 00000000 ____D () C:\Users\kaisermuecke\Matthias
2014-04-21 11:40 - 2011-05-11 14:28 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-04-21 11:39 - 2014-04-21 11:39 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-21 11:39 - 2014-04-21 11:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-21 11:39 - 2014-04-21 11:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-21 11:39 - 2014-04-21 11:38 - 13849784 _____ (Microsoft Corporation) C:\Users\kaisermuecke\Downloads\mseinstall.exe
2014-04-21 11:26 - 2014-04-21 11:25 - 26747104 _____ (Microsoft Corporation) C:\Users\kaisermuecke\Downloads\Windows-KB890830-x64-V5.11 (1).exe
2014-04-21 11:18 - 2010-10-11 22:06 - 00151454 _____ () C:\Windows\PFRO.log
2014-04-21 10:32 - 2014-04-21 10:17 - 256314176 _____ () C:\Users\kaisermuecke\Downloads\kis14.0.0.4651abDE_5169 (1).exe
2014-04-21 10:24 - 2013-01-02 14:45 - 00000000 ____D () C:\Users\kaisermuecke\Documents\My Digital Editions
2014-04-21 10:23 - 2014-04-21 10:23 - 00001173 _____ () C:\Users\kaisermuecke\Downloads\Crombie_Die-stillen-Wasser-des-Todes.acsm
2014-04-20 22:15 - 2014-04-20 21:56 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\systweak
2014-04-20 22:02 - 2014-04-20 22:02 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-20 22:01 - 2014-04-20 22:01 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-04-20 21:56 - 2014-04-20 21:56 - 18058688 _____ (Simply Super Software ) C:\Users\kaisermuecke\Downloads\trjsetup691.exe
2014-04-20 21:13 - 2014-04-20 21:12 - 26747104 _____ (Microsoft Corporation) C:\Users\kaisermuecke\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-20 21:01 - 2014-04-20 20:44 - 256314176 _____ () C:\Users\kaisermuecke\Downloads\kis14.0.0.4651abDE_5169.exe
2014-04-20 20:41 - 2014-04-15 19:43 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-20 13:48 - 2014-04-20 13:48 - 00000000 ____D () C:\Users\kaisermuecke\Documents\Criterion Games
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\ProgramData\EA Core
2014-04-20 12:34 - 2011-02-13 12:11 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\Adobe
2014-04-20 12:00 - 2014-04-20 11:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-04-20 12:00 - 2011-02-18 16:08 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Local\Adobe
2014-04-20 11:59 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-20 11:39 - 2010-12-04 09:39 - 00083098 _____ () C:\Windows\DirectX.log
2014-04-20 11:35 - 2014-04-20 11:32 - 00000000 ____D () C:\ProgramData\Solidshield
2014-04-16 14:27 - 2014-04-15 13:51 - 00000000 ____D () C:\Windows\SysWOW64\140415-135137
2014-04-16 14:27 - 2014-04-14 20:04 - 00000000 ____D () C:\Windows\SysWOW64\140414-200411
2014-04-16 14:27 - 2014-04-14 15:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-153355
2014-04-16 14:27 - 2014-04-14 14:46 - 00000000 ____D () C:\Windows\SysWOW64\140414-144609
2014-04-16 14:27 - 2014-04-14 14:30 - 00000000 ____D () C:\Windows\SysWOW64\140414-143036
2014-04-16 14:27 - 2014-04-14 14:09 - 00000000 ____D () C:\Windows\SysWOW64\140414-140952
2014-04-16 14:27 - 2014-04-14 13:55 - 00000000 ____D () C:\Windows\SysWOW64\140414-135557
2014-04-16 14:27 - 2014-04-13 23:14 - 00000000 ____D () C:\Windows\SysWOW64\140413-231407
2014-04-16 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-15 20:13 - 2014-04-15 20:13 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\LavasoftStatistics
2014-04-15 20:04 - 2014-04-15 20:04 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-15 19:43 - 2014-04-15 19:43 - 00000061 _____ () C:\prefs.js
2014-04-15 19:43 - 2014-04-15 19:43 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\SecureSearch
2014-04-15 19:43 - 2014-04-15 19:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-15 19:40 - 2014-04-15 19:40 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-15 19:22 - 2013-12-03 16:16 - 00011833 _____ () C:\Windows\IE11_main.log
2014-04-15 19:10 - 2014-04-15 17:24 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-15 18:46 - 2014-04-15 18:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-15 18:10 - 2013-11-19 10:46 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\Dropbox
2014-04-15 18:10 - 2011-02-13 11:50 - 00000000 ___RD () C:\Users\kaisermuecke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 17:42 - 2013-11-19 10:48 - 00000000 ___RD () C:\Users\kaisermuecke\Dropbox
2014-04-15 17:36 - 2014-04-15 17:36 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Roaming\TuneUp Software
2014-04-15 17:24 - 2014-04-15 17:24 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Local\MFAData
2014-04-15 14:42 - 2014-04-15 14:42 - 00185944 _____ (Лаборатория Касперского) C:\Users\kaisermuecke\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5623.exe
2014-04-14 20:02 - 2013-01-26 13:46 - 00000000 ____D () C:\Program Files (x86)\EasternGraphics
2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-13 21:35 - 2014-04-13 21:35 - 00000000 ____D () C:\Windows\SysWOW64\140413-213519
2014-04-13 21:35 - 2011-02-27 19:31 - 00000000 ____D () C:\Users\kaisermuecke\HubertM
2014-04-13 15:35 - 2014-04-13 15:35 - 00001528 _____ () C:\Users\kaisermuecke\Downloads\URLLink (96).acsm
2014-04-12 18:01 - 2014-04-12 18:00 - 00001508 _____ () C:\Users\kaisermuecke\Downloads\URLLink (95).acsm
2014-04-11 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 14:14 - 2014-04-10 14:14 - 00078808 _____ () C:\Windows\system32\Drivers\fc65432756c619f5.sys
2014-04-09 21:08 - 2013-08-21 12:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:08 - 2011-02-13 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 13:39 - 2014-02-08 20:28 - 00641348 _____ () C:\test.xml
2014-04-06 20:20 - 2014-04-06 20:20 - 00001488 _____ () C:\Users\kaisermuecke\Downloads\URLLink (94).acsm
2014-03-31 14:38 - 2011-02-13 11:53 - 00000000 ____D () C:\Users\kaisermuecke\AppData\Local\Google
2014-03-31 03:51 - 2012-08-02 10:18 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-31 03:16 - 2014-04-09 14:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 14:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
Files to move or delete:
====================
C:\Users\kaisermuecke\SF_CDA_Full_Non-Network_deu_NB.exe
Some content of TEMP:
====================
C:\Users\kaisermuecke\AppData\Local\Temp\4cb74b45-0ecd-41b3-b6e4-294058ab0de7.exe
C:\Users\kaisermuecke\AppData\Local\Temp\com.eteks.sweethome3d.SweetHome3D-cache-1996988-1369242702-j3dcore-ogl.dll
C:\Users\kaisermuecke\AppData\Local\Temp\com.eteks.sweethome3d.SweetHome3D-cache-2312429-1383175418-j3dcore-d3d.dll
C:\Users\kaisermuecke\AppData\Local\Temp\com.eteks.sweethome3d.SweetHome3D-cache-2312429-1383175418-j3dcore-ogl-cg.dll
C:\Users\kaisermuecke\AppData\Local\Temp\com.eteks.sweethome3d.SweetHome3D-cache-2312429-1383175418-j3dcore-ogl-chk.dll
C:\Users\kaisermuecke\AppData\Local\Temp\com.eteks.sweethome3d.SweetHome3D-cache-2312429-1383175418-j3dcore-ogl.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension1096286369013197500.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension2268505130427104391.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension5965258010252498393.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension6831948464727515653.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension7554990340652922147.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension8508895884554969576.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension9213642823373890068.dll
C:\Users\kaisermuecke\AppData\Local\Temp\extension950928769442576110.dll
C:\Users\kaisermuecke\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\kaisermuecke\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kaisermuecke\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\kaisermuecke\AppData\Local\Temp\ose00000.exe
C:\Users\kaisermuecke\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\kaisermuecke\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kaisermuecke\AppData\Local\Temp\UninstallEACore.dll
C:\Users\kaisermuecke\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\kaisermuecke\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-06-25 21:02] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-04-20 13:04
==================== End Of Log ============================
Und Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by kaisermuecke at 2014-04-28 17:57:40
Running from C:\Users\kaisermuecke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GX1Z2ZVS
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.4 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
AVEO USB2.0 PC Camera (HKLM-x32\...\{7235252A-39A3-4889-AF58-18B82040310E}) (Version: 2.0.0.5 - )
calibre (HKLM-x32\...\{F3586612-687E-4F67-B070-CB511E18B5B3}) (Version: 0.9.13 - Kovid Goyal)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - )
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender 12.1.0.6164p) (Version: 15.0.13587 - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.60.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Photosmart Essential (HKLM-x32\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPSSupply (HKLM-x32\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
InstantMask 1.2 (HKLM-x32\...\{13D0A392-F027-4A0A-AC76-B6F3109E1A35}_is1) (Version: - clipping-path-studio.com)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.1.5 - Kobo Inc.)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Nokia Connectivity Cable Driver (HKLM-x32\...\{0906982B-A432-4C06-8F01-C01BE1143779}) (Version: 7.1.92.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.6.36.0 - Nokia)
Nokia Suite (x32 Version: 3.6.36.0 - Nokia) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5903 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}) (Version: 12.0.48.0 - Nokia)
PDF24 Creator 5.5.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.3.00.06040 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.3.00.06040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06210 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Remote-Tastatur mit PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.1 - Renesas Electronics Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Sweet Home 3D (HKCU\...\Sweet Home 3D) (Version: - eTeks)
Teachmaster 4.3 (nur Entfernen) (HKLM-x32\...\Teachmaster 4.3) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VAIO - Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.3.0.06230 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.3.00.06040 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.3.00.06180 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.06110 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.3.00.06180 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.2.2.07150 - Sony Corporation)
VAIO Care (x32 Version: 6.2.2.07150 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.2.00.05120 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.0.06080 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.2.0.07020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.18210 - Sony Corporation)
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 2.1.0.13220 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.3.00.06040 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.3.0.06041 - Sony Corporation)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.4.0.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05072BD5-CEF1-4FBD-8945-C5E090F2ECAE} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {21333491-2470-4D7E-AAC5-8C29B274791E} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {35691734-2B6B-4E59-AD2C-D7CC4C81BC84} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {39484CFD-5010-4DB5-9EF4-D0933B1F3602} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe [2010-05-26] (Sony Corporation)
Task: {3A8270FE-8B6E-424E-A01E-32FD34B5958B} - System32\Tasks\{A0EC8181-0301-4D4B-B1BA-6A37A05A3DFB} => C:\Users\kaisermuecke\SF_CDA_Full_Non-Network_deu_NB.exe [2012-02-19] ()
Task: {3CF1C93D-D7A2-4949-B2AE-C80050E9471E} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {3DDEC1BC-3A8B-4FF9-A678-16B558547A14} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-06-08] (Sony Corporation)
Task: {47DC26C4-C1F1-46B2-94E9-E2FD80004740} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {4A39E7D9-5D2C-4E68-8A83-2B43AA7E1BD1} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {4F6B4994-33C7-4956-92B2-52656EDCF467} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {72B1ED4A-C2A7-423B-912D-37A19A925895} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {910F9334-2B1A-4E32-A93E-FF43FAAC1600} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-06-08] (Sony Corporation)
Task: {93DFF172-BFBF-451C-B4E5-179B981DB62D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {96955B03-0ACA-4471-95B0-BCDF6FE9442E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {AE618C07-42AA-49F7-8D46-7246A15FF998} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2010-07-15] (Sony Corporation)
Task: {B48433CF-263B-4E55-8B78-F304AEC3248D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {C3CE1633-B38B-4835-9043-8E0CA1002DE9} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {EC651792-0F49-40FF-A43F-2A32B8EC81B3} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {FE3C28C9-FEFE-4370-9E4F-6BB4C45E4529} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-11 10:48 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2011-06-01 16:55 - 2007-02-05 10:11 - 00476728 _____ () C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe
2010-12-04 09:22 - 2010-05-31 20:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-12-04 09:22 - 2010-05-31 20:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 08506792 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 02353576 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 01013672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00363944 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 02480552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 01346472 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00205736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 02652584 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00032680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00035240 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00206760 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 11166120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00276392 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2012-10-13 02:31 - 2012-10-13 02:31 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2012-10-13 02:31 - 2012-10-13 02:31 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2012-10-13 02:54 - 2012-10-13 02:54 - 00437672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00445864 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00520104 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00720296 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2012-10-13 02:53 - 2012-10-13 02:53 - 00605608 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-10-13 02:55 - 2012-10-13 02:55 - 00092584 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2012-10-13 02:30 - 2012-10-13 02:30 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
2012-05-09 08:23 - 2008-10-20 15:28 - 00045056 _____ () C:\Program Files (x86)\AVEO USB2.0 PC Camera\AVEOCamSDK.dll
2014-02-13 16:09 - 2014-02-13 16:09 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-10-11 22:03 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2014 05:41:31 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0xD0000022
6.1.7601.17514
Error: (04/28/2014 02:54:07 PM) (Source: RasClient) (User: )
Description: CoID={E486D038-99F7-455E-8F0F-4076100760DF}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.
Error: (04/28/2014 02:52:05 PM) (Source: RasClient) (User: )
Description: CoID={5FAF4920-6D5B-4D76-855F-3B27403D66A4}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung 2" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.
Error: (04/28/2014 02:46:45 PM) (Source: RasClient) (User: )
Description: CoID={289B2405-1AF0-41B5-BD3F-C79072C42F05}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.
Error: (04/28/2014 02:29:18 PM) (Source: RasClient) (User: )
Description: CoID={74A66808-A394-442D-A21C-13A240E0E026}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung 2" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.
Error: (04/27/2014 11:37:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (04/26/2014 01:17:45 PM) (Source: RasClient) (User: )
Description: CoID={BFADA88C-9FD8-464B-9EC7-7668F8AF1D62}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.
Error: (04/26/2014 01:08:04 PM) (Source: RasClient) (User: )
Description: CoID={49FF4909-4DA5-4E58-AA9E-BD6584B181E9}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung 2" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
Error: (04/26/2014 01:05:50 PM) (Source: RasClient) (User: )
Description: CoID={8B76DD9D-CCCF-4863-9D8B-B31926CD68B1}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
Error: (04/26/2014 11:50:47 AM) (Source: RasClient) (User: )
Description: CoID={CD77762E-73A9-43FE-BB31-20BD1813E282}: Der Benutzer "VAIO\kaisermuecke" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.
System errors:
=============
Error: (04/28/2014 05:47:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (04/28/2014 05:47:38 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (04/28/2014 05:47:38 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (04/28/2014 05:47:37 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (04/28/2014 05:47:37 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (04/28/2014 05:46:51 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
MpFilter
Error: (04/28/2014 05:46:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (04/28/2014 05:41:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%5
Error: (04/28/2014 05:24:38 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
MpFilter
Error: (04/28/2014 05:24:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Microsoft Office Sessions:
=========================
Error: (01/24/2013 05:05:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 77 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/28/2012 09:15:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 651 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-10 14:14:17.059
Description: N/A
Date: 2014-04-10 14:14:16.857
Description: N/A
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 4012.96 MB
Available physical RAM: 2221.65 MB
Total Pagefile: 8024.1 MB
Available Pagefile: 5929.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:452.89 GB) (Free:341.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F098936E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 Weitere Infos habe ich nicht, außer dass ich blutiger Laie bin. lg 3Mücken |
|
28.04.2014, 18:27
| #2 |
  | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld  |
|
28.04.2014, 19:36
| #3 | |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Hallo 3Mücken und
__________________Ich werde dir bei der Bereinigung des Computers helfen.
Zitat:
Schritt 1 Scan mit Combofix
|
|
28.04.2014, 20:29
| #4 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur EntfernungCode:
ATTFilter ComboFix 14-04-26.01 - kaisermuecke 28.04.2014 20:50:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4013.2282 [GMT 2:00]
ausgeführt von:: c:\users\kaisermuecke\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\prefs.js
c:\users\KAISER~1\AppData\Local\Temp\7zS6C3F\HPSLPSVC64.DLL
c:\users\kaisermuecke\AppData\Local\Temp\7zS6C3F\HPSLPSVC64.DLL
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI271C.txt
c:\windows\tmp\dd_vcredistUI271C.txt
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
c:\windows\Installer\{9A5D25FE-9729-C0FD-B1BB-0A16916455F5}\syshost.exe . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-28 bis 2014-04-28 ))))))))))))))))))))))))))))))
.
.
2014-04-28 19:04 . 2014-04-28 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-28 15:56 . 2014-04-28 15:58 -------- d-----w- C:\FRST
2014-04-28 15:19 . 2014-04-28 15:19 -------- d-----w- c:\program files (x86)\iMesh Applications
2014-04-28 15:10 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35706DCE-8F07-4886-9280-EBA465A8B079}\mpengine.dll
2014-04-28 12:27 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-21 09:39 . 2014-04-21 09:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-04-21 09:39 . 2014-04-21 09:39 -------- d-----w- c:\program files\Microsoft Security Client
2014-04-20 20:02 . 2014-04-20 20:02 -------- d-----w- c:\programdata\Licenses
2014-04-20 20:01 . 2014-04-20 20:01 -------- d-----w- c:\programdata\Simply Super Software
2014-04-20 19:56 . 2014-01-21 15:28 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-04-20 19:56 . 2014-04-20 20:15 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\systweak
2014-04-20 10:34 . 2014-04-20 10:34 -------- d-----w- c:\programdata\Electronic Arts
2014-04-20 10:34 . 2014-04-20 10:34 -------- d-----w- c:\programdata\EA Core
2014-04-20 09:38 . 2006-02-03 06:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2014-04-20 09:32 . 2014-04-20 09:35 -------- d-----w- c:\programdata\Solidshield
2014-04-15 18:13 . 2014-04-15 18:13 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\LavasoftStatistics
2014-04-15 18:04 . 2014-04-15 18:04 -------- d-----w- c:\programdata\BitDefender
2014-04-15 17:43 . 2014-04-15 17:43 -------- d-----w- c:\program files\Lavasoft
2014-04-15 17:43 . 2014-04-15 17:43 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\SecureSearch
2014-04-15 17:43 . 2014-04-20 18:41 -------- d-----w- c:\program files (x86)\Lavasoft
2014-04-15 17:40 . 2014-04-15 17:40 -------- d-----w- c:\programdata\Lavasoft
2014-04-15 16:40 . 2014-04-15 16:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2014-04-15 15:36 . 2014-04-15 15:36 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\TuneUp Software
2014-04-15 15:24 . 2014-04-15 17:10 -------- d-----w- c:\programdata\MFAData
2014-04-15 15:24 . 2014-04-15 15:24 -------- d--h--w- c:\programdata\Common Files
2014-04-15 15:24 . 2014-04-15 15:24 -------- d-----w- c:\users\kaisermuecke\AppData\Local\MFAData
2014-04-15 11:51 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140415-135137
2014-04-14 18:04 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-200411
2014-04-14 13:33 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-153355
2014-04-14 13:30 . 2014-04-14 13:30 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-14 13:30 . 2014-04-14 13:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-04-14 12:46 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-144609
2014-04-14 12:30 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-143036
2014-04-14 12:09 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-140952
2014-04-14 11:55 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-135557
2014-04-13 21:14 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140413-231407
2014-04-13 19:35 . 2014-04-13 19:35 -------- d-----w- c:\windows\SysWow64\140413-213519
2014-04-09 12:03 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-09 12:03 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 12:03 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 01:51 . 2012-08-02 08:18 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 13:24 . 2013-04-06 15:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-13 13:24 . 2011-11-07 10:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 07:52 . 2014-03-11 07:52 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-09 12:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-13 11:08 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-13 11:08 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-13 11:08 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-13 11:08 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-13 11:08 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-13 11:08 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-13 11:08 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-13 11:08 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-13 11:08 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-13 11:08 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-13 11:08 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-13 11:08 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-13 11:08 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-13 11:08 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-13 11:08 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-13 11:08 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-13 11:08 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-13 11:08 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-13 11:08 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-13 11:08 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-13 11:08 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-13 11:08 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-13 11:08 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-13 11:08 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-13 11:08 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-13 11:08 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-13 11:08 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-02-07 01:23 . 2014-03-13 11:08 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 11:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 11:06 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 11:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 11:06 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 11:09 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 11:09 381440 ----a-w- c:\windows\SysWow64\wer.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~2\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"CamAppSTI.exe"="c:\program files (x86)\AVEO USB2.0 PC Camera\CamAppSTI.exe" [2009-01-04 28672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-06-04 162856]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-10-16 1766464]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVEO;USB PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys;c:\windows\SYSNATIVE\DRIVERS\AVEOdcnt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - fc65432756c619f5
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 17:22 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 13:24]
.
2014-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 07:32]
.
2014-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 07:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=7D54D724A51E68AFE99F44534D6FA371
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fc65432756c619f5]
"ImagePath"="\SystemRoot\System32\Drivers\fc65432756c619f5.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-28 21:26:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-04-28 19:26
.
Vor Suchlauf: 14 Verzeichnis(se), 370.810.785.792 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 382.300.000.256 Bytes frei
.
- - End Of File - - A2B259FAADB022196FA171ADC9AF42CC
|
|
29.04.2014, 16:48
| #5 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Wir schauen noch ob Necurs nun weg ist. Wir sind danach aber noch nicht fertig. Schritt 1 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
29.04.2014, 20:51
| #6 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Das ist ja eine langwierige Sache .... vielen Dank, dass du dich meiner annimmst! Leider hat der Scan sich 2x aufgehängt. Ich habe das Malewarebytes Anti-Rootkit installiert, es beginnt zu scannen und hängt sich immer bei derselben Datei auf. Oder ist es möglich, dass das Programm bei einer Datei länger als eine halbe Stunde bleibt??? |
|
29.04.2014, 21:02
| #7 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Probieren wir mal ein anderes Programm. Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
29.04.2014, 21:33
| #8 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Das hat geklappt, allerdings ist das logfile zu lang, ich habe es gezippt und hänge es an. |
|
29.04.2014, 21:50
| #9 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Das Log ist nicht komplett. Wenn es zu lang ist kannst du es auf mehrere Post aufteilen. |
|
02.05.2014, 11:04
| #10 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Ich kann zur Zeit leider nicht weitermachen, da unser DSL-Anschluss defekt ist. Dies schreibe ich vom Büro aus, nur als Info, dass ich deine Hilfe sehr zu schätzen weiß und mich baldmöglichst wieder melde. lg 3Mücken |
|
07.05.2014, 14:03
| #11 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung 22:08:41.0492 0x0e68 TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50 22:08:41.0694 0x0e68 ============================================================ 22:08:41.0694 0x0e68 Current date / time: 2014/04/29 22:08:41.0694 22:08:41.0694 0x0e68 SystemInfo: 22:08:41.0694 0x0e68 22:08:41.0694 0x0e68 OS Version: 6.1.7601 ServicePack: 1.0 22:08:41.0694 0x0e68 Product type: Workstation 22:08:41.0694 0x0e68 ComputerName: VAIO 22:08:41.0694 0x0e68 UserName: kaisermuecke 22:08:41.0694 0x0e68 Windows directory: C:\Windows 22:08:41.0694 0x0e68 System windows directory: C:\Windows 22:08:41.0694 0x0e68 Running under WOW64 22:08:41.0694 0x0e68 Processor architecture: Intel x64 22:08:41.0694 0x0e68 Number of processors: 4 22:08:41.0694 0x0e68 Page size: 0x1000 22:08:41.0694 0x0e68 Boot type: Normal boot 22:08:41.0694 0x0e68 ============================================================ 22:08:41.0694 0x0e68 BG loaded 22:08:41.0850 0x0e68 System UUID: {5CB5E5AA-9D09-625E-983E-5FD119AE1041} 22:08:42.0630 0x0e68 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:08:42.0646 0x0e68 ============================================================ 22:08:42.0646 0x0e68 \Device\Harddisk0\DR0: 22:08:42.0646 0x0e68 MBR partitions: 22:08:42.0646 0x0e68 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x198A800, BlocksNum 0x32000 22:08:42.0646 0x0e68 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19BC800, BlocksNum 0x389C9030 22:08:42.0646 0x0e68 ============================================================ 22:08:42.0708 0x0e68 C: <-> \Device\Harddisk0\DR0\Partition2 22:08:42.0708 0x0e68 ============================================================ 22:08:42.0708 0x0e68 Initialize success 22:08:42.0708 0x0e68 ============================================================ 22:08:49.0348 0x0ccc ============================================================ 22:08:49.0348 0x0ccc Scan started 22:08:49.0348 0x0ccc Mode: Manual; 22:08:49.0348 0x0ccc ============================================================ 22:08:49.0348 0x0ccc KSN ping started 22:08:53.0277 0x0ccc KSN ping finished: true 22:09:23.0258 0x0ccc ================ Scan system memory ======================== 22:09:23.0258 0x0ccc System memory - ok 22:09:23.0261 0x0ccc ================ Scan services ============================= 22:09:24.0644 0x0ccc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:09:24.0654 0x0ccc 1394ohci - ok 22:09:24.0940 0x0ccc [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 22:09:24.0953 0x0ccc ACDaemon - ok 22:09:25.0079 0x0ccc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:09:25.0120 0x0ccc ACPI - ok 22:09:25.0178 0x0ccc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:09:25.0181 0x0ccc AcpiPmi - ok 22:09:25.0499 0x0ccc [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 22:09:25.0639 0x0ccc AdobeActiveFileMonitor8.0 - ok 22:09:26.0683 0x0ccc [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:09:26.0700 0x0ccc AdobeFlashPlayerUpdateSvc - ok 22:09:26.0934 0x0ccc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:09:26.0969 0x0ccc adp94xx - ok 22:09:27.0153 0x0ccc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:09:27.0170 0x0ccc adpahci - ok 22:09:27.0223 0x0ccc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:09:27.0230 0x0ccc adpu320 - ok 22:09:27.0322 0x0ccc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:09:27.0325 0x0ccc AeLookupSvc - ok 22:09:27.0559 0x0ccc [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys 22:09:27.0575 0x0ccc AFD - ok 22:09:27.0671 0x0ccc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 22:09:27.0678 0x0ccc agp440 - ok 22:09:27.0768 0x0ccc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 22:09:27.0771 0x0ccc ALG - ok 22:09:27.0853 0x0ccc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 22:09:27.0855 0x0ccc aliide - ok 22:09:27.0908 0x0ccc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 22:09:27.0918 0x0ccc amdide - ok 22:09:27.0954 0x0ccc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:09:27.0957 0x0ccc AmdK8 - ok 22:09:27.0981 0x0ccc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 22:09:27.0984 0x0ccc AmdPPM - ok 22:09:28.0094 0x0ccc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:09:28.0099 0x0ccc amdsata - ok 22:09:28.0140 0x0ccc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 22:09:28.0146 0x0ccc amdsbs - ok 22:09:28.0170 0x0ccc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:09:28.0175 0x0ccc amdxata - ok 22:09:28.0364 0x0ccc [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38, 916CA4FE1899609AB36E66CB90D69EC487C1913C9C542760564BCFFF1B6E8070 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys 22:09:28.0373 0x0ccc ApfiltrService - ok 22:09:28.0460 0x0ccc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 22:09:28.0465 0x0ccc AppID - ok 22:09:28.0531 0x0ccc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:09:28.0535 0x0ccc AppIDSvc - ok 22:09:28.0651 0x0ccc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 22:09:28.0653 0x0ccc Appinfo - ok 22:09:28.0782 0x0ccc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 22:09:28.0786 0x0ccc arc - ok 22:09:28.0824 0x0ccc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:09:28.0828 0x0ccc arcsas - ok 22:09:28.0850 0x0ccc [ C130BC4A51B1382B2BE8E44579EC4C0A, CC1FD33ED7CAD87A504D8678F8482CAECACD18C727BB97FFB86F39255563EEF2 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 22:09:28.0851 0x0ccc ArcSoftKsUFilter - ok 22:09:29.0234 0x0ccc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 22:09:29.0521 0x0ccc aspnet_state - ok 22:09:29.0604 0x0ccc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:09:29.0608 0x0ccc AsyncMac - ok 22:09:29.0738 0x0ccc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 22:09:29.0742 0x0ccc atapi - ok 22:09:29.0958 0x0ccc [ 08BAAA2432E81031A6C3B11AD5A67E2B, BB909746B0FBC731BA7D64E9332FF367C8D37E7053B304F0FC08B270D3683D57 ] athr C:\Windows\system32\DRIVERS\athrx.sys 22:09:29.0995 0x0ccc athr - ok 22:09:30.0218 0x0ccc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:09:30.0234 0x0ccc AudioEndpointBuilder - ok 22:09:30.0308 0x0ccc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:09:30.0321 0x0ccc AudioSrv - ok 22:09:30.0461 0x0ccc [ 662EA4D04F34C872A62E44FD92526223, 32B33666697F12D6D729C20293B31482B9ACBA58E5BE6672D6E387FB703078A1 ] AVEO C:\Windows\system32\DRIVERS\AVEOdcnt.sys 22:09:30.0482 0x0ccc AVEO - ok 22:09:30.0594 0x0ccc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:09:30.0605 0x0ccc AxInstSV - ok 22:09:30.0723 0x0ccc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 22:09:30.0753 0x0ccc b06bdrv - ok 22:09:30.0833 0x0ccc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:09:30.0873 0x0ccc b57nd60a - ok 22:09:31.0053 0x0ccc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 22:09:31.0063 0x0ccc BDESVC - ok 22:09:31.0193 0x0ccc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 22:09:31.0193 0x0ccc Beep - ok 22:09:31.0363 0x0ccc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 22:09:31.0383 0x0ccc BFE - ok 22:09:31.0523 0x0ccc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll 22:09:31.0563 0x0ccc BITS - ok 22:09:31.0613 0x0ccc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 22:09:31.0643 0x0ccc blbdrive - ok 22:09:31.0743 0x0ccc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:09:31.0753 0x0ccc bowser - ok 22:09:31.0833 0x0ccc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 22:09:31.0843 0x0ccc BrFiltLo - ok 22:09:32.0023 0x0ccc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 22:09:32.0103 0x0ccc BrFiltUp - ok 22:09:32.0303 0x0ccc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 22:09:32.0313 0x0ccc BridgeMP - ok 22:09:32.0493 0x0ccc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 22:09:32.0493 0x0ccc Browser - ok 22:09:32.0603 0x0ccc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:09:32.0663 0x0ccc Brserid - ok 22:09:32.0723 0x0ccc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:09:32.0793 0x0ccc BrSerWdm - ok 22:09:32.0833 0x0ccc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:09:32.0843 0x0ccc BrUsbMdm - ok 22:09:32.0883 0x0ccc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:09:32.0883 0x0ccc BrUsbSer - ok 22:09:32.0973 0x0ccc [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 22:09:33.0293 0x0ccc BthEnum - ok 22:09:33.0383 0x0ccc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:09:33.0383 0x0ccc BTHMODEM - ok 22:09:33.0583 0x0ccc [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 22:09:33.0623 0x0ccc BthPan - ok 22:09:33.0753 0x0ccc [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 22:09:33.0823 0x0ccc BTHPORT - ok 22:09:33.0873 0x0ccc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 22:09:33.0883 0x0ccc bthserv - ok 22:09:34.0033 0x0ccc [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 22:09:34.0053 0x0ccc BTHUSB - ok 22:09:34.0143 0x0ccc [ 59E3510784548C6939C1B3B985C232E3, 7284A4A880307A88C431DE8BA9195C2B256C8598757958B02DB6A80EBB57698E ] btwampfl C:\Windows\system32\drivers\btwampfl.sys 22:09:34.0163 0x0ccc btwampfl - ok 22:09:34.0233 0x0ccc [ 1872074ED0A3FB22E3F1E3197B984BFA, 112F289BFE63B46D1E007E3C6761B5C5C8F499B6638CE896DF528FDDBBC1EA12 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 22:09:34.0233 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: 1872074ED0A3FB22E3F1E3197B984BFA, sha256: 112F289BFE63B46D1E007E3C6761B5C5C8F499B6638CE896DF528FDDBBC1EA12 22:09:34.0233 0x0ccc btwaudio - detected LockedFile.Multi.Generic ( 1 ) 22:09:42.0996 0x0ccc Detect skipped due to KSN trusted 22:09:42.0996 0x0ccc btwaudio - ok 22:09:43.0044 0x0ccc [ 691CF076C33AB1C3A5B2FD5450300733, C2C943D42B0A135BD255FA8985A00D36B0DD91546291E2D819FACE7C0B08287D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 22:09:43.0045 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwavdt.sys. md5: 691CF076C33AB1C3A5B2FD5450300733, sha256: C2C943D42B0A135BD255FA8985A00D36B0DD91546291E2D819FACE7C0B08287D 22:09:43.0045 0x0ccc btwavdt - detected LockedFile.Multi.Generic ( 1 ) 22:09:45.0814 0x0ccc Detect skipped due to KSN trusted 22:09:45.0814 0x0ccc btwavdt - ok 22:09:46.0054 0x0ccc [ 8BA6E93A182126781952A7895EC1E4B2, C11F7187278BA72016D2168E653D6C904E0DFB5B173E4DFBF7D86AD73631D5A6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 22:09:46.0071 0x0ccc btwdins - ok 22:09:46.0117 0x0ccc [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 22:09:46.0117 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwl2cap.sys. md5: 07096D2BC22CCB6CEA5A532DF0BE8A75, sha256: A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E 22:09:46.0118 0x0ccc btwl2cap - detected LockedFile.Multi.Generic ( 1 ) 22:09:48.0530 0x0ccc Detect skipped due to KSN trusted 22:09:48.0530 0x0ccc btwl2cap - ok 22:09:48.0555 0x0ccc [ C9273B20DEC8CE38DBCE5D29DE63C907, 71D67A1A2EDA81351E8D8129824565E2ECA0CFA4DC844CE12F90AB7906ABA737 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 22:09:48.0555 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwrchid.sys. md5: C9273B20DEC8CE38DBCE5D29DE63C907, sha256: 71D67A1A2EDA81351E8D8129824565E2ECA0CFA4DC844CE12F90AB7906ABA737 22:09:48.0556 0x0ccc btwrchid - detected LockedFile.Multi.Generic ( 1 ) 22:09:50.0956 0x0ccc Detect skipped due to KSN trusted 22:09:50.0956 0x0ccc btwrchid - ok 22:09:51.0017 0x0ccc catchme - ok 22:09:51.0052 0x0ccc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:09:51.0052 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 22:09:51.0052 0x0ccc cdfs - detected LockedFile.Multi.Generic ( 1 ) 22:09:53.0452 0x0ccc Detect skipped due to KSN trusted 22:09:53.0452 0x0ccc cdfs - ok 22:09:53.0540 0x0ccc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys 22:09:53.0540 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B 22:09:53.0559 0x0ccc cdrom - detected LockedFile.Multi.Generic ( 1 ) 22:09:55.0970 0x0ccc Detect skipped due to KSN trusted 22:09:55.0970 0x0ccc cdrom - ok 22:09:56.0119 0x0ccc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 22:09:56.0123 0x0ccc CertPropSvc - ok 22:09:56.0156 0x0ccc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 22:09:56.0156 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 22:09:56.0158 0x0ccc circlass - detected LockedFile.Multi.Generic ( 1 ) 22:09:58.0578 0x0ccc Detect skipped due to KSN trusted 22:09:58.0578 0x0ccc circlass - ok 22:09:58.0635 0x0ccc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 22:09:58.0636 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE 22:09:58.0654 0x0ccc CLFS - detected LockedFile.Multi.Generic ( 1 ) 22:10:01.0057 0x0ccc Detect skipped due to KSN trusted 22:10:01.0057 0x0ccc CLFS - ok 22:10:01.0117 0x0ccc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:10:01.0121 0x0ccc clr_optimization_v2.0.50727_32 - ok 22:10:01.0151 0x0ccc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:10:01.0155 0x0ccc clr_optimization_v2.0.50727_64 - ok 22:10:01.0236 0x0ccc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:10:01.0344 0x0ccc clr_optimization_v4.0.30319_32 - ok 22:10:01.0367 0x0ccc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:10:01.0425 0x0ccc clr_optimization_v4.0.30319_64 - ok 22:10:01.0455 0x0ccc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 22:10:01.0455 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A 22:10:01.0455 0x0ccc CmBatt - detected LockedFile.Multi.Generic ( 1 ) 22:10:03.0871 0x0ccc Detect skipped due to KSN trusted 22:10:03.0872 0x0ccc CmBatt - ok 22:10:03.0908 0x0ccc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:10:03.0908 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B 22:10:03.0909 0x0ccc cmdide - detected LockedFile.Multi.Generic ( 1 ) 22:10:06.0324 0x0ccc Detect skipped due to KSN trusted 22:10:06.0324 0x0ccc cmdide - ok 22:10:06.0380 0x0ccc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys 22:10:06.0381 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: EBF28856F69CF094A902F884CF989706, sha256: AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F 22:10:06.0381 0x0ccc CNG - detected LockedFile.Multi.Generic ( 1 ) 22:10:08.0787 0x0ccc Detect skipped due to KSN trusted 22:10:08.0787 0x0ccc CNG - ok 22:10:08.0854 0x0ccc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:10:08.0855 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 22:10:08.0855 0x0ccc Compbatt - detected LockedFile.Multi.Generic ( 1 ) 22:10:11.0275 0x0ccc Detect skipped due to KSN trusted 22:10:11.0275 0x0ccc Compbatt - ok 22:10:11.0366 0x0ccc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:10:11.0367 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 22:10:11.0385 0x0ccc CompositeBus - detected LockedFile.Multi.Generic ( 1 ) 22:10:13.0790 0x0ccc Detect skipped due to KSN trusted 22:10:13.0790 0x0ccc CompositeBus - ok 22:10:13.0809 0x0ccc COMSysApp - ok 22:10:13.0835 0x0ccc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:10:13.0835 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 22:10:13.0835 0x0ccc crcdisk - detected LockedFile.Multi.Generic ( 1 ) 22:10:16.0249 0x0ccc Detect skipped due to KSN trusted 22:10:16.0249 0x0ccc crcdisk - ok 22:10:16.0341 0x0ccc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:10:16.0345 0x0ccc CryptSvc - ok 22:10:16.0392 0x0ccc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:10:16.0402 0x0ccc DcomLaunch - ok 22:10:16.0441 0x0ccc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 22:10:16.0451 0x0ccc defragsvc - ok 22:10:16.0481 0x0ccc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:10:16.0481 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F 22:10:16.0482 0x0ccc DfsC - detected LockedFile.Multi.Generic ( 1 ) 22:10:18.0902 0x0ccc Detect skipped due to KSN trusted 22:10:18.0902 0x0ccc DfsC - ok 22:10:19.0111 0x0ccc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 22:10:19.0122 0x0ccc Dhcp - ok 22:10:19.0156 0x0ccc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 22:10:19.0156 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 22:10:19.0157 0x0ccc discache - detected LockedFile.Multi.Generic ( 1 ) 22:10:21.0586 0x0ccc Detect skipped due to KSN trusted 22:10:21.0586 0x0ccc discache - ok 22:10:21.0657 0x0ccc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 22:10:21.0657 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 22:10:21.0658 0x0ccc Disk - detected LockedFile.Multi.Generic ( 1 ) 22:10:24.0080 0x0ccc Detect skipped due to KSN trusted 22:10:24.0080 0x0ccc Disk - ok 22:10:24.0163 0x0ccc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:10:24.0172 0x0ccc Dnscache - ok 22:10:24.0234 0x0ccc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 22:10:24.0243 0x0ccc dot3svc - ok 22:10:24.0297 0x0ccc [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 22:10:24.0297 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Dot4.sys. md5: B42ED0320C6E41102FDE0005154849BB, sha256: 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A 22:10:24.0298 0x0ccc Dot4 - detected LockedFile.Multi.Generic ( 1 ) 22:10:26.0706 0x0ccc Detect skipped due to KSN trusted 22:10:26.0706 0x0ccc Dot4 - ok 22:10:26.0762 0x0ccc [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys 22:10:26.0762 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Dot4Prt.sys. md5: E9F5969233C5D89F3C35E3A66A52A361, sha256: C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C 22:10:26.0763 0x0ccc Dot4Print - detected LockedFile.Multi.Generic ( 1 ) 22:10:29.0175 0x0ccc Detect skipped due to KSN trusted 22:10:29.0175 0x0ccc Dot4Print - ok 22:10:29.0239 0x0ccc [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 22:10:29.0239 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\dot4usb.sys. md5: FD05A02B0370BC3000F402E543CA5814, sha256: 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 22:10:29.0239 0x0ccc dot4usb - detected LockedFile.Multi.Generic ( 1 ) 22:10:31.0655 0x0ccc Detect skipped due to KSN trusted 22:10:31.0655 0x0ccc dot4usb - ok 22:10:31.0715 0x0ccc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 22:10:31.0720 0x0ccc DPS - ok 22:10:31.0766 0x0ccc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:10:31.0767 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 22:10:31.0767 0x0ccc drmkaud - detected LockedFile.Multi.Generic ( 1 ) 22:10:34.0771 0x0ccc Detect skipped due to KSN trusted 22:10:34.0771 0x0ccc drmkaud - ok 22:10:34.0866 0x0ccc [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:10:34.0866 0x0ccc Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 88612F1CE3BF42256913BF6E61C70D52, sha256: 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 22:10:34.0867 0x0ccc DXGKrnl - detected LockedFile.Multi.Generic ( 1 ) 22:10:37.0286 0x0ccc Detect skipped due to KSN trusted 22:10:37.0286 0x0ccc DXGKrnl - ok 22:10:37.0316 0x0ccc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 22:10:37.0319 0x0ccc EapHost - ok 22:10:37.0440 0x0ccc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 22:10:37.0440 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 22:10:37.0444 0x0ccc ebdrv - detected LockedFile.Multi.Generic ( 1 ) 22:10:39.0857 0x0ccc Detect skipped due to KSN trusted 22:10:39.0858 0x0ccc ebdrv - ok 22:10:39.0909 0x0ccc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe 22:10:39.0912 0x0ccc EFS - ok 22:10:39.0996 0x0ccc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:10:40.0041 0x0ccc ehRecvr - ok 22:10:40.0064 0x0ccc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 22:10:40.0069 0x0ccc ehSched - ok 22:10:40.0123 0x0ccc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:10:40.0124 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 22:10:40.0124 0x0ccc elxstor - detected LockedFile.Multi.Generic ( 1 ) 22:10:42.0530 0x0ccc Detect skipped due to KSN trusted 22:10:42.0530 0x0ccc elxstor - ok 22:10:42.0646 0x0ccc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:10:42.0646 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 22:10:42.0647 0x0ccc ErrDev - detected LockedFile.Multi.Generic ( 1 ) 22:10:52.0718 0x0ccc Object is SCO, delete is not allowed 22:10:52.0718 0x0ccc ErrDev ( LockedFile.Multi.Generic ) - warning 22:10:56.0189 0x0ccc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 22:10:56.0197 0x0ccc EventSystem - ok 22:10:56.0226 0x0ccc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 22:10:56.0226 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 22:10:56.0227 0x0ccc exfat - detected LockedFile.Multi.Generic ( 1 ) 22:10:58.0640 0x0ccc Detect skipped due to KSN trusted 22:10:58.0640 0x0ccc exfat - ok 22:10:58.0667 0x0ccc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:10:58.0668 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 22:10:58.0668 0x0ccc fastfat - detected LockedFile.Multi.Generic ( 1 ) 22:11:01.0082 0x0ccc Detect skipped due to KSN trusted 22:11:01.0083 0x0ccc fastfat - ok 22:11:01.0222 0x0ccc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 22:11:01.0239 0x0ccc Fax - ok 22:11:01.0255 0x0ccc Suspicious service (NoAccess): fc65432756c619f5 22:11:01.0300 0x0ccc [ C3EEA17006F5A91ABF2C7D6C6F8F6537, 27A9E1FFF09A31F9B78EE1A4120E1411036AA12B0C3C87BCDD678DE88376A0C8 ] fc65432756c619f5 C:\Windows\System32\Drivers\fc65432756c619f5.sys 22:11:01.0300 0x0ccc Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\fc65432756c619f5.sys. md5: C3EEA17006F5A91ABF2C7D6C6F8F6537, sha256: 27A9E1FFF09A31F9B78EE1A4120E1411036AA12B0C3C87BCDD678DE88376A0C8 22:11:01.0375 0x0ccc fc65432756c619f5 - detected Rootkit.Win32.Necurs.gen ( 0 ) 22:11:03.0796 0x0ccc fc65432756c619f5 ( Rootkit.Win32.Necurs.gen ) - infected 22:11:03.0796 0x0ccc Force sending object to P2P due to detect: C:\Windows\System32\Drivers\fc65432756c619f5.sys 22:11:06.0563 0x0ccc Object send P2P result: true 22:11:09.0042 0x0ccc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 22:11:09.0042 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE 22:11:09.0043 0x0ccc fdc - detected LockedFile.Multi.Generic ( 1 ) 22:11:11.0460 0x0ccc Detect skipped due to KSN trusted 22:11:11.0460 0x0ccc fdc - ok 22:11:11.0538 0x0ccc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 22:11:11.0540 0x0ccc fdPHost - ok 22:11:11.0560 0x0ccc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 22:11:11.0562 0x0ccc FDResPub - ok 22:11:11.0588 0x0ccc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:11:11.0588 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A 22:11:11.0588 0x0ccc FileInfo - detected LockedFile.Multi.Generic ( 1 ) 22:11:14.0000 0x0ccc Detect skipped due to KSN trusted 22:11:14.0000 0x0ccc FileInfo - ok 22:11:14.0061 0x0ccc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:11:14.0061 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 22:11:14.0062 0x0ccc Filetrace - detected LockedFile.Multi.Generic ( 1 ) 22:11:16.0490 0x0ccc Detect skipped due to KSN trusted 22:11:16.0490 0x0ccc Filetrace - ok 22:11:16.0627 0x0ccc [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 22:11:16.0661 0x0ccc FLEXnet Licensing Service - ok 22:11:16.0689 0x0ccc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 22:11:16.0689 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B 22:11:16.0689 0x0ccc flpydisk - detected LockedFile.Multi.Generic ( 1 ) 22:11:19.0094 0x0ccc Detect skipped due to KSN trusted 22:11:19.0094 0x0ccc flpydisk - ok 22:11:19.0196 0x0ccc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:11:19.0196 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 22:11:19.0197 0x0ccc FltMgr - detected LockedFile.Multi.Generic ( 1 ) 22:11:21.0607 0x0ccc Detect skipped due to KSN trusted 22:11:21.0607 0x0ccc FltMgr - ok 22:11:21.0741 0x0ccc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 22:11:21.0766 0x0ccc FontCache - ok 22:11:21.0832 0x0ccc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:11:21.0837 0x0ccc FontCache3.0.0.0 - ok 22:11:21.0864 0x0ccc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:11:21.0864 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E 22:11:21.0865 0x0ccc FsDepends - detected LockedFile.Multi.Generic ( 1 ) 22:11:24.0284 0x0ccc Detect skipped due to KSN trusted 22:11:24.0284 0x0ccc FsDepends - ok 22:11:24.0486 0x0ccc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:11:24.0486 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 22:11:24.0486 0x0ccc Fs_Rec - detected LockedFile.Multi.Generic ( 1 ) 22:11:26.0902 0x0ccc Detect skipped due to KSN trusted 22:11:26.0902 0x0ccc Fs_Rec - ok 22:11:27.0015 0x0ccc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:11:27.0015 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 8F6322049018354F45F05A2FD2D4E5E0, sha256: 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 22:11:27.0015 0x0ccc fvevol - detected LockedFile.Multi.Generic ( 1 ) 22:11:29.0433 0x0ccc Detect skipped due to KSN trusted 22:11:29.0433 0x0ccc fvevol - ok 22:11:29.0512 0x0ccc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:11:29.0513 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 22:11:29.0513 0x0ccc gagp30kx - detected LockedFile.Multi.Generic ( 1 ) 22:11:31.0929 0x0ccc Detect skipped due to KSN trusted 22:11:31.0929 0x0ccc gagp30kx - ok 22:11:32.0052 0x0ccc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 22:11:32.0072 0x0ccc gpsvc - ok 22:11:32.0116 0x0ccc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:11:32.0122 0x0ccc gupdate - ok 22:11:32.0172 0x0ccc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:11:32.0178 0x0ccc gupdatem - ok 22:11:32.0231 0x0ccc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:11:32.0239 0x0ccc gusvc - ok 22:11:32.0260 0x0ccc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:11:32.0260 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 22:11:32.0261 0x0ccc hcw85cir - detected LockedFile.Multi.Generic ( 1 ) 22:11:34.0688 0x0ccc Detect skipped due to KSN trusted 22:11:34.0688 0x0ccc hcw85cir - ok 22:11:34.0811 0x0ccc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:11:34.0812 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 22:11:34.0812 0x0ccc HdAudAddService - detected LockedFile.Multi.Generic ( 1 ) 22:11:37.0240 0x0ccc Detect skipped due to KSN trusted 22:11:37.0240 0x0ccc HdAudAddService - ok 22:11:37.0324 0x0ccc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:11:37.0324 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 22:11:37.0345 0x0ccc HDAudBus - detected LockedFile.Multi.Generic ( 1 ) 22:11:39.0772 0x0ccc Detect skipped due to KSN trusted 22:11:39.0772 0x0ccc HDAudBus - ok 22:11:39.0848 0x0ccc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 22:11:39.0848 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 22:11:39.0848 0x0ccc HidBatt - detected LockedFile.Multi.Generic ( 1 ) 22:11:42.0264 0x0ccc Detect skipped due to KSN trusted 22:11:42.0264 0x0ccc HidBatt - ok 22:11:42.0331 0x0ccc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:11:42.0332 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 22:11:42.0332 0x0ccc HidBth - detected LockedFile.Multi.Generic ( 1 ) 22:11:44.0743 0x0ccc Detect skipped due to KSN trusted 22:11:44.0744 0x0ccc HidBth - ok 22:11:44.0826 0x0ccc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 22:11:44.0826 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D 22:11:44.0827 0x0ccc HidIr - detected LockedFile.Multi.Generic ( 1 ) 22:11:47.0247 0x0ccc Detect skipped due to KSN trusted 22:11:47.0247 0x0ccc HidIr - ok 22:11:47.0323 0x0ccc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 22:11:47.0327 0x0ccc hidserv - ok 22:11:47.0391 0x0ccc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys 22:11:47.0392 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F 22:11:47.0407 0x0ccc HidUsb - detected LockedFile.Multi.Generic ( 1 ) 22:11:49.0840 0x0ccc Detect skipped due to KSN trusted 22:11:49.0840 0x0ccc HidUsb - ok 22:11:49.0925 0x0ccc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:11:49.0930 0x0ccc hkmsvc - ok 22:11:49.0991 0x0ccc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:11:50.0002 0x0ccc HomeGroupListener - ok 22:11:50.0049 0x0ccc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:11:50.0056 0x0ccc HomeGroupProvider - ok 22:11:50.0098 0x0ccc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:11:50.0098 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 22:11:50.0098 0x0ccc HpSAMD - detected LockedFile.Multi.Generic ( 1 ) 22:11:52.0513 0x0ccc Detect skipped due to KSN trusted 22:11:52.0513 0x0ccc HpSAMD - ok 22:11:52.0645 0x0ccc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:11:52.0645 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 22:11:52.0647 0x0ccc HTTP - detected LockedFile.Multi.Generic ( 1 ) 22:11:55.0062 0x0ccc Detect skipped due to KSN trusted 22:11:55.0062 0x0ccc HTTP - ok 22:11:55.0158 0x0ccc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:11:55.0158 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 22:11:55.0159 0x0ccc hwpolicy - detected LockedFile.Multi.Generic ( 1 ) 22:12:05.0160 0x0ccc hwpolicy ( LockedFile.Multi.Generic ) - warning 22:12:05.0160 0x0ccc Force sending object to P2P due to detect: C:\Windows\system32\drivers\hwpolicy.sys 22:12:08.0902 0x0ccc Object send P2P result: true 22:12:11.0453 0x0ccc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:12:11.0453 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD 22:12:11.0454 0x0ccc i8042prt - detected LockedFile.Multi.Generic ( 1 ) 22:12:13.0890 0x0ccc Detect skipped due to KSN trusted 22:12:13.0890 0x0ccc i8042prt - ok 22:12:13.0982 0x0ccc [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\drivers\iaStor.sys 22:12:13.0982 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStor.sys. md5: ABBF174CB394F5C437410A788B7E404A, sha256: 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 22:12:13.0993 0x0ccc iaStor - detected LockedFile.Multi.Generic ( 1 ) 22:12:16.0404 0x0ccc Detect skipped due to KSN trusted 22:12:16.0404 0x0ccc iaStor - ok 22:12:16.0497 0x0ccc [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 22:12:16.0498 0x0ccc IAStorDataMgrSvc - ok 22:12:16.0540 0x0ccc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:12:16.0541 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 22:12:16.0541 0x0ccc iaStorV - detected LockedFile.Multi.Generic ( 1 ) 22:12:18.0964 0x0ccc Detect skipped due to KSN trusted 22:12:18.0964 0x0ccc iaStorV - ok 22:12:19.0116 0x0ccc [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 22:12:19.0125 0x0ccc IDriverT - ok 22:12:19.0203 0x0ccc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:12:19.0241 0x0ccc idsvc - ok 22:12:19.0299 0x0ccc IEEtwCollectorService - ok 22:12:19.0343 0x0ccc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:12:19.0343 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 22:12:19.0343 0x0ccc iirsp - detected LockedFile.Multi.Generic ( 1 ) 22:12:21.0757 0x0ccc Detect skipped due to KSN trusted 22:12:21.0757 0x0ccc iirsp - ok 22:12:21.0901 0x0ccc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 22:12:21.0917 0x0ccc IKEEXT - ok 22:12:21.0952 0x0ccc [ 4B6363CD4610BB848531BB260B15DFCC, 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04 ] Impcd C:\Windows\system32\drivers\Impcd.sys 22:12:21.0953 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Impcd.sys. md5: 4B6363CD4610BB848531BB260B15DFCC, sha256: 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04 22:12:21.0953 0x0ccc Impcd - detected LockedFile.Multi.Generic ( 1 ) 22:12:24.0358 0x0ccc Detect skipped due to KSN trusted 22:12:24.0358 0x0ccc Impcd - ok 22:12:24.0617 0x0ccc [ 526E482AFB586CB1CDD687869DECF686, DCF1D4772181AD14E8846C9B34387ADB6A8D56BE305A8926896AE35D3496A49F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:12:24.0617 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 526E482AFB586CB1CDD687869DECF686, sha256: DCF1D4772181AD14E8846C9B34387ADB6A8D56BE305A8926896AE35D3496A49F 22:12:24.0620 0x0ccc IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 ) 22:12:27.0034 0x0ccc Detect skipped due to KSN trusted 22:12:27.0035 0x0ccc IntcAzAudAddService - ok 22:12:27.0126 0x0ccc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 22:12:27.0126 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 22:12:27.0127 0x0ccc intelide - detected LockedFile.Multi.Generic ( 1 ) 22:12:29.0544 0x0ccc Detect skipped due to KSN trusted 22:12:29.0544 0x0ccc intelide - ok 22:12:29.0629 0x0ccc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys 22:12:29.0630 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 22:12:29.0645 0x0ccc intelppm - detected LockedFile.Multi.Generic ( 1 ) 22:12:32.0066 0x0ccc Detect skipped due to KSN trusted 22:12:32.0066 0x0ccc intelppm - ok 22:12:32.0101 0x0ccc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:12:32.0111 0x0ccc IPBusEnum - ok 22:12:32.0148 0x0ccc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:12:32.0148 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 22:12:32.0149 0x0ccc IpFilterDriver - detected LockedFile.Multi.Generic ( 1 ) 22:12:34.0566 0x0ccc Detect skipped due to KSN trusted 22:12:34.0566 0x0ccc IpFilterDriver - ok 22:12:34.0715 0x0ccc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:12:34.0734 0x0ccc iphlpsvc - ok 22:12:34.0788 0x0ccc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:12:34.0789 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 22:12:34.0789 0x0ccc IPMIDRV - detected LockedFile.Multi.Generic ( 1 ) 22:12:37.0198 0x0ccc Detect skipped due to KSN trusted 22:12:37.0198 0x0ccc IPMIDRV - ok 22:12:37.0245 0x0ccc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:12:37.0245 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E 22:12:37.0246 0x0ccc IPNAT - detected LockedFile.Multi.Generic ( 1 ) 22:12:39.0658 0x0ccc Detect skipped due to KSN trusted 22:12:39.0658 0x0ccc IPNAT - ok 22:12:39.0687 0x0ccc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:12:39.0688 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE 22:12:39.0688 0x0ccc IRENUM - detected LockedFile.Multi.Generic ( 1 ) 22:12:42.0102 0x0ccc Detect skipped due to KSN trusted 22:12:42.0102 0x0ccc IRENUM - ok 22:12:42.0143 0x0ccc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:12:42.0144 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 22:12:42.0144 0x0ccc isapnp - detected LockedFile.Multi.Generic ( 1 ) 22:12:44.0562 0x0ccc Detect skipped due to KSN trusted 22:12:44.0562 0x0ccc isapnp - ok 22:12:44.0676 0x0ccc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:12:44.0677 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: 96BB922A0981BC7432C8CF52B5410FE6, sha256: 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA 22:12:44.0677 0x0ccc iScsiPrt - detected LockedFile.Multi.Generic ( 1 ) 22:12:47.0089 0x0ccc Detect skipped due to KSN trusted 22:12:47.0089 0x0ccc iScsiPrt - ok 22:12:47.0157 0x0ccc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:12:47.0157 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 22:12:47.0158 0x0ccc kbdclass - detected LockedFile.Multi.Generic ( 1 ) 22:12:49.0580 0x0ccc Detect skipped due to KSN trusted 22:12:49.0580 0x0ccc kbdclass - ok 22:12:49.0660 0x0ccc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:12:49.0660 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 22:12:49.0661 0x0ccc kbdhid - detected LockedFile.Multi.Generic ( 1 ) 22:12:52.0081 0x0ccc Detect skipped due to KSN trusted 22:12:52.0081 0x0ccc kbdhid - ok 22:12:52.0139 0x0ccc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe 22:12:52.0141 0x0ccc KeyIso - ok 22:12:52.0176 0x0ccc [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:12:52.0176 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A 22:12:52.0177 0x0ccc KSecDD - detected LockedFile.Multi.Generic ( 1 ) 22:12:54.0597 0x0ccc Detect skipped due to KSN trusted 22:12:54.0597 0x0ccc KSecDD - ok 22:12:54.0637 0x0ccc [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:12:54.0638 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD 22:12:54.0638 0x0ccc KSecPkg - detected LockedFile.Multi.Generic ( 1 ) 22:12:57.0055 0x0ccc Detect skipped due to KSN trusted 22:12:57.0056 0x0ccc KSecPkg - ok 22:12:57.0132 0x0ccc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:12:57.0133 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B 22:12:57.0133 0x0ccc ksthunk - detected LockedFile.Multi.Generic ( 1 ) 22:13:00.0081 0x0ccc Detect skipped due to KSN trusted 22:13:00.0081 0x0ccc ksthunk - ok 22:13:00.0176 0x0ccc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 22:13:00.0203 0x0ccc KtmRm - ok 22:13:00.0272 0x0ccc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 22:13:00.0279 0x0ccc LanmanServer - ok 22:13:00.0316 0x0ccc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:13:00.0320 0x0ccc LanmanWorkstation - ok 22:13:00.0342 0x0ccc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:13:00.0343 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C 22:13:00.0343 0x0ccc lltdio - detected LockedFile.Multi.Generic ( 1 ) 22:13:02.0759 0x0ccc Detect skipped due to KSN trusted 22:13:02.0759 0x0ccc lltdio - ok 22:13:02.0799 0x0ccc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:13:02.0822 0x0ccc lltdsvc - ok 22:13:02.0847 0x0ccc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:13:02.0848 0x0ccc lmhosts - ok 22:13:02.0875 0x0ccc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:13:02.0876 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B 22:13:02.0876 0x0ccc LSI_FC - detected LockedFile.Multi.Generic ( 1 ) 22:13:05.0308 0x0ccc Detect skipped due to KSN trusted 22:13:05.0308 0x0ccc LSI_FC - ok 22:13:05.0386 0x0ccc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:13:05.0386 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B 22:13:05.0387 0x0ccc LSI_SAS - detected LockedFile.Multi.Generic ( 1 ) 22:13:07.0999 0x0ccc Detect skipped due to KSN trusted 22:13:07.0999 0x0ccc LSI_SAS - ok 22:13:08.0040 0x0ccc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 22:13:08.0040 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 22:13:08.0041 0x0ccc LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 ) 22:13:18.0042 0x0ccc LSI_SAS2 ( LockedFile.Multi.Generic ) - warning 22:13:18.0042 0x0ccc Force sending object to P2P due to detect: C:\Windows\system32\drivers\lsi_sas2.sys 22:13:21.0598 0x0ccc Object send P2P result: true 22:13:24.0034 0x0ccc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:13:24.0034 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D 22:13:24.0035 0x0ccc LSI_SCSI - detected LockedFile.Multi.Generic ( 1 ) 22:13:26.0454 0x0ccc Detect skipped due to KSN trusted 22:13:26.0454 0x0ccc LSI_SCSI - ok 22:13:26.0526 0x0ccc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 22:13:26.0526 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 22:13:26.0527 0x0ccc luafv - detected LockedFile.Multi.Generic ( 1 ) 22:13:28.0949 0x0ccc Detect skipped due to KSN trusted 22:13:28.0949 0x0ccc luafv - ok 22:13:29.0070 0x0ccc [ CD51E1D0D638F1E07A6EDC98CD7F5DDA, 360AC29DFE46C96BB41045DE325729397F17912DBAF83D5119EBD2A3A8C9A5FB ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys 22:13:29.0074 0x0ccc mbamchameleon - ok 22:13:29.0108 0x0ccc [ F24BD06AE917F57408999F79E91FD6BC, 29B92E1F7EE7093B927F55157FC6B0321507E02ABE23F1E4397131465692F738 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 22:13:29.0113 0x0ccc MBAMSwissArmy - ok 22:13:29.0150 0x0ccc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:13:29.0154 0x0ccc Mcx2Svc - ok 22:13:29.0185 0x0ccc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 22:13:29.0185 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 22:13:29.0186 0x0ccc megasas - detected LockedFile.Multi.Generic ( 1 ) 22:13:31.0596 0x0ccc Detect skipped due to KSN trusted 22:13:31.0596 0x0ccc megasas - ok 22:13:31.0701 0x0ccc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 22:13:31.0701 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 22:13:31.0702 0x0ccc MegaSR - detected LockedFile.Multi.Generic ( 1 ) 22:13:34.0136 0x0ccc Detect skipped due to KSN trusted 22:13:34.0137 0x0ccc MegaSR - ok 22:13:34.0214 0x0ccc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 22:13:34.0216 0x0ccc MMCSS - ok 22:13:34.0236 0x0ccc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 22:13:34.0236 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 22:13:34.0236 0x0ccc Modem - detected LockedFile.Multi.Generic ( 1 ) 22:13:36.0676 0x0ccc Detect skipped due to KSN trusted 22:13:36.0676 0x0ccc Modem - ok 22:13:36.0751 0x0ccc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:13:36.0752 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 22:13:36.0753 0x0ccc monitor - detected LockedFile.Multi.Generic ( 1 ) 22:13:39.0197 0x0ccc Detect skipped due to KSN trusted 22:13:39.0197 0x0ccc monitor - ok 22:13:39.0256 0x0ccc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys 22:13:39.0256 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 22:13:39.0257 0x0ccc mouclass - detected LockedFile.Multi.Generic ( 1 ) 22:13:41.0689 0x0ccc Detect skipped due to KSN trusted 22:13:41.0690 0x0ccc mouclass - ok 22:13:41.0753 0x0ccc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:13:41.0754 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 22:13:41.0754 0x0ccc mouhid - detected LockedFile.Multi.Generic ( 1 ) 22:13:44.0193 0x0ccc Detect skipped due to KSN trusted 22:13:44.0193 0x0ccc mouhid - ok 22:13:44.0223 0x0ccc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:13:44.0224 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 22:13:44.0224 0x0ccc mountmgr - detected LockedFile.Multi.Generic ( 1 ) 22:13:46.0648 0x0ccc Detect skipped due to KSN trusted 22:13:46.0648 0x0ccc mountmgr - ok 22:13:46.0768 0x0ccc [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 22:13:46.0777 0x0ccc MpFilter - ok 22:13:46.0824 0x0ccc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 22:13:46.0825 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 22:13:46.0825 0x0ccc mpio - detected LockedFile.Multi.Generic ( 1 ) 22:13:49.0245 0x0ccc Detect skipped due to KSN trusted 22:13:49.0245 0x0ccc mpio - ok 22:13:49.0313 0x0ccc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:13:49.0313 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 22:13:49.0313 0x0ccc mpsdrv - detected LockedFile.Multi.Generic ( 1 ) 22:13:51.0763 0x0ccc Detect skipped due to KSN trusted 22:13:51.0763 0x0ccc mpsdrv - ok 22:13:51.0830 0x0ccc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:13:51.0845 0x0ccc MpsSvc - ok 22:13:51.0892 0x0ccc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:13:51.0892 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 1A4F75E63C9FB84B85DFFC6B63FD5404, sha256: 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F 22:13:51.0892 0x0ccc MRxDAV - detected LockedFile.Multi.Generic ( 1 ) 22:13:54.0319 0x0ccc Detect skipped due to KSN trusted 22:13:54.0319 0x0ccc MRxDAV - ok 22:13:54.0411 0x0ccc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:13:54.0411 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 22:13:54.0412 0x0ccc mrxsmb - detected LockedFile.Multi.Generic ( 1 ) 22:13:56.0828 0x0ccc Detect skipped due to KSN trusted 22:13:56.0828 0x0ccc mrxsmb - ok 22:13:56.0937 0x0ccc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:13:56.0937 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF 22:13:56.0938 0x0ccc mrxsmb10 - detected LockedFile.Multi.Generic ( 1 ) 22:13:59.0356 0x0ccc Detect skipped due to KSN trusted 22:13:59.0356 0x0ccc mrxsmb10 - ok 22:13:59.0443 0x0ccc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:13:59.0443 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC 22:13:59.0443 0x0ccc mrxsmb20 - detected LockedFile.Multi.Generic ( 1 ) 22:14:01.0870 0x0ccc Detect skipped due to KSN trusted 22:14:01.0870 0x0ccc mrxsmb20 - ok 22:14:01.0978 0x0ccc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 22:14:01.0978 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 22:14:01.0979 0x0ccc msahci - detected LockedFile.Multi.Generic ( 1 ) 22:14:04.0406 0x0ccc Detect skipped due to KSN trusted 22:14:04.0406 0x0ccc msahci - ok 22:14:04.0549 0x0ccc [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D, FEA8FB1B8752660EC6174542B24D234A61EBFF8318A5855B3E5C91DB86856CAB ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe 22:14:04.0554 0x0ccc MSCSPTISRV - ok 22:14:04.0571 0x0ccc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:14:04.0572 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 22:14:04.0572 0x0ccc msdsm - detected LockedFile.Multi.Generic ( 1 ) 22:14:06.0992 0x0ccc Detect skipped due to KSN trusted 22:14:06.0993 0x0ccc msdsm - ok 22:14:07.0060 0x0ccc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 22:14:07.0068 0x0ccc MSDTC - ok 22:14:07.0118 0x0ccc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:14:07.0118 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 22:14:07.0119 0x0ccc Msfs - detected LockedFile.Multi.Generic ( 1 ) 22:14:10.0374 0x0ccc Detect skipped due to KSN trusted 22:14:10.0374 0x0ccc Msfs - ok 22:14:10.0450 0x0ccc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:14:10.0450 0x0ccc Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 22:14:10.0451 0x0ccc mshidkmdf - detected LockedFile.Multi.Generic ( 1 ) 22:14:12.0859 0x0ccc Detect skipped due to KSN trusted 22:14:12.0859 0x0ccc mshidkmdf - ok 22:14:12.0939 0x0ccc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:14:12.0940 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 22:14:12.0951 0x0ccc msisadrv - detected LockedFile.Multi.Generic ( 1 ) 22:14:15.0370 0x0ccc Detect skipped due to KSN trusted 22:14:15.0370 0x0ccc msisadrv - ok 22:14:15.0468 0x0ccc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:14:15.0479 0x0ccc MSiSCSI - ok 22:14:15.0484 0x0ccc msiserver - ok 22:14:15.0507 0x0ccc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:14:15.0508 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 22:14:15.0508 0x0ccc MSKSSRV - detected LockedFile.Multi.Generic ( 1 ) 22:14:17.0933 0x0ccc Detect skipped due to KSN trusted 22:14:17.0933 0x0ccc MSKSSRV - ok 22:14:18.0069 0x0ccc [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 22:14:18.0070 0x0ccc MsMpSvc - ok 22:14:18.0080 0x0ccc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:14:18.0080 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB 22:14:18.0080 0x0ccc MSPCLOCK - detected LockedFile.Multi.Generic ( 1 ) 22:14:20.0503 0x0ccc Detect skipped due to KSN trusted 22:14:20.0503 0x0ccc MSPCLOCK - ok 22:14:20.0588 0x0ccc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:14:20.0588 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC 22:14:20.0588 0x0ccc MSPQM - detected LockedFile.Multi.Generic ( 1 ) 22:14:30.0589 0x0ccc Object is SCO, delete is not allowed 22:14:30.0589 0x0ccc MSPQM ( LockedFile.Multi.Generic ) - warning 22:14:30.0589 0x0ccc Force sending object to P2P due to detect: C:\Windows\system32\drivers\MSPQM.sys 22:14:35.0150 0x0ccc Object send P2P result: true 22:14:37.0643 0x0ccc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:14:37.0644 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 22:14:37.0644 0x0ccc MsRPC - detected LockedFile.Multi.Generic ( 1 ) 22:14:40.0061 0x0ccc Detect skipped due to KSN trusted 22:14:40.0061 0x0ccc MsRPC - ok 22:14:40.0161 0x0ccc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:14:40.0162 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 22:14:40.0163 0x0ccc mssmbios - detected LockedFile.Multi.Generic ( 1 ) 22:14:42.0580 0x0ccc Detect skipped due to KSN trusted 22:14:42.0580 0x0ccc mssmbios - ok 22:14:42.0659 0x0ccc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:14:42.0659 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD 22:14:42.0660 0x0ccc MSTEE - detected LockedFile.Multi.Generic ( 1 ) 22:14:45.0073 0x0ccc Detect skipped due to KSN trusted 22:14:45.0073 0x0ccc MSTEE - ok 22:14:45.0145 0x0ccc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 22:14:45.0145 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 22:14:45.0146 0x0ccc MTConfig - detected LockedFile.Multi.Generic ( 1 ) 22:14:47.0571 0x0ccc Detect skipped due to KSN trusted 22:14:47.0571 0x0ccc MTConfig - ok 22:14:47.0644 0x0ccc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 22:14:47.0645 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A 22:14:47.0646 0x0ccc Mup - detected LockedFile.Multi.Generic ( 1 ) 22:14:50.0069 0x0ccc Detect skipped due to KSN trusted 22:14:50.0069 0x0ccc Mup - ok 22:14:50.0177 0x0ccc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 22:14:50.0198 0x0ccc napagent - ok 22:14:50.0245 0x0ccc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:14:50.0245 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 22:14:50.0256 0x0ccc NativeWifiP - detected LockedFile.Multi.Generic ( 1 ) 22:14:52.0669 0x0ccc Detect skipped due to KSN trusted 22:14:52.0669 0x0ccc NativeWifiP - ok 22:14:52.0792 0x0ccc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 22:14:52.0792 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D 22:14:52.0794 0x0ccc NDIS - detected LockedFile.Multi.Generic ( 1 ) 22:14:55.0207 0x0ccc Detect skipped due to KSN trusted 22:14:55.0207 0x0ccc NDIS - ok 22:14:55.0256 0x0ccc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:14:55.0257 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC 22:14:55.0257 0x0ccc NdisCap - detected LockedFile.Multi.Generic ( 1 ) 22:14:57.0680 0x0ccc Detect skipped due to KSN trusted 22:14:57.0680 0x0ccc NdisCap - ok 22:14:57.0752 0x0ccc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:14:57.0752 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 22:14:57.0752 0x0ccc NdisTapi - detected LockedFile.Multi.Generic ( 1 ) 22:15:00.0193 0x0ccc Detect skipped due to KSN trusted 22:15:00.0193 0x0ccc NdisTapi - ok 22:15:00.0297 0x0ccc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:15:00.0298 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 22:15:00.0298 0x0ccc Ndisuio - detected LockedFile.Multi.Generic ( 1 ) 22:15:02.0741 0x0ccc Detect skipped due to KSN trusted 22:15:02.0741 0x0ccc Ndisuio - ok 22:15:02.0842 0x0ccc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:15:02.0842 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 22:15:02.0842 0x0ccc NdisWan - detected LockedFile.Multi.Generic ( 1 ) 22:15:05.0282 0x0ccc Detect skipped due to KSN trusted 22:15:05.0283 0x0ccc NdisWan - ok 22:15:05.0359 0x0ccc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:15:05.0359 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 22:15:05.0360 0x0ccc NDProxy - detected LockedFile.Multi.Generic ( 1 ) 22:15:07.0826 0x0ccc Detect skipped due to KSN trusted 22:15:07.0826 0x0ccc NDProxy - ok 22:15:07.0983 0x0ccc [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 22:15:07.0987 0x0ccc Net Driver HPZ12 - ok 22:15:08.0026 0x0ccc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:15:08.0027 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 22:15:08.0027 0x0ccc NetBIOS - detected LockedFile.Multi.Generic ( 1 ) 22:15:10.0460 0x0ccc Detect skipped due to KSN trusted 22:15:10.0460 0x0ccc NetBIOS - ok 22:15:10.0565 0x0ccc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:15:10.0566 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 22:15:10.0576 0x0ccc NetBT - detected LockedFile.Multi.Generic ( 1 ) 22:15:13.0049 0x0ccc Detect skipped due to KSN trusted 22:15:13.0049 0x0ccc NetBT - ok 22:15:13.0112 0x0ccc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe 22:15:13.0114 0x0ccc Netlogon - ok 22:15:13.0171 0x0ccc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 22:15:13.0185 0x0ccc Netman - ok 22:15:13.0242 0x0ccc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:15:13.0266 0x0ccc NetMsmqActivator - ok 22:15:13.0304 0x0ccc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:15:13.0308 0x0ccc NetPipeActivator - ok 22:15:13.0338 0x0ccc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 22:15:13.0347 0x0ccc netprofm - ok 22:15:13.0374 0x0ccc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:15:13.0377 0x0ccc NetTcpActivator - ok 22:15:13.0384 0x0ccc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:15:13.0387 0x0ccc NetTcpPortSharing - ok 22:15:13.0414 0x0ccc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:15:13.0415 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 22:15:13.0415 0x0ccc nfrd960 - detected LockedFile.Multi.Generic ( 1 ) 22:15:15.0833 0x0ccc Detect skipped due to KSN trusted 22:15:15.0833 0x0ccc nfrd960 - ok 22:15:15.0940 0x0ccc [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 22:15:15.0940 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\NisDrvWFP.sys. md5: C3E0696C3B42F694C5822776AA6FFFDF, sha256: 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B 22:15:15.0942 0x0ccc NisDrv - detected LockedFile.Multi.Generic ( 1 ) 22:15:18.0356 0x0ccc Detect skipped due to KSN trusted 22:15:18.0356 0x0ccc NisDrv - ok 22:15:18.0501 0x0ccc [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 22:15:18.0524 0x0ccc NisSrv - ok 22:15:18.0545 0x0ccc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:15:18.0551 0x0ccc NlaSvc - ok 22:15:18.0571 0x0ccc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:15:18.0571 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F 22:15:18.0572 0x0ccc Npfs - detected LockedFile.Multi.Generic ( 1 ) 22:15:20.0988 0x0ccc Detect skipped due to KSN trusted 22:15:20.0988 0x0ccc Npfs - ok 22:15:21.0079 0x0ccc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 22:15:21.0083 0x0ccc nsi - ok 22:15:21.0097 0x0ccc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:15:21.0097 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 22:15:21.0098 0x0ccc nsiproxy - detected LockedFile.Multi.Generic ( 1 ) 22:15:23.0558 0x0ccc Detect skipped due to KSN trusted 22:15:23.0558 0x0ccc nsiproxy - ok 22:15:23.0705 0x0ccc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:15:23.0705 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 1A29A59A4C5BA6F8C85062A613B7E2B2, sha256: CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 22:15:23.0707 0x0ccc Ntfs - detected LockedFile.Multi.Generic ( 1 ) 22:15:26.0110 0x0ccc Detect skipped due to KSN trusted 22:15:26.0110 0x0ccc Ntfs - ok 22:15:26.0120 0x0ccc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 22:15:26.0121 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 22:15:26.0121 0x0ccc Null - detected LockedFile.Multi.Generic ( 1 ) 22:15:28.0556 0x0ccc Detect skipped due to KSN trusted 22:15:28.0556 0x0ccc Null - ok 22:15:28.0626 0x0ccc [ 285ACEC1B13A15BA520AAE06BACB9CFF, A6F576763818D4EAB2CDA3857F2963F61FDA67D7B581C52E1EB1DDB32FD642C3 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys 22:15:28.0627 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nusb3hub.sys. md5: 285ACEC1B13A15BA520AAE06BACB9CFF, sha256: A6F576763818D4EAB2CDA3857F2963F61FDA67D7B581C52E1EB1DDB32FD642C3 22:15:28.0627 0x0ccc nusb3hub - detected LockedFile.Multi.Generic ( 1 ) 22:15:31.0052 0x0ccc Detect skipped due to KSN trusted 22:15:31.0052 0x0ccc nusb3hub - ok 22:15:31.0140 0x0ccc [ F6D625FF7B56BB6EA063F0D3A5BBC996, 830196E96C120367BDA8C0EC9D7B85A642D41E8108189B1A72193299A6C005B1 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys 22:15:31.0141 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nusb3xhc.sys. md5: F6D625FF7B56BB6EA063F0D3A5BBC996, sha256: 830196E96C120367BDA8C0EC9D7B85A642D41E8108189B1A72193299A6C005B1 22:15:31.0154 0x0ccc nusb3xhc - detected LockedFile.Multi.Generic ( 1 ) 22:15:33.0611 0x0ccc Detect skipped due to KSN trusted 22:15:33.0611 0x0ccc nusb3xhc - ok 22:15:33.0716 0x0ccc [ A842341EF3C702EF8208E610BE0FD1D9, 1240EF1BCEE6137A6D6A9A51DC74508EF1637AD62E975A5DD5A5778972AD3864 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 22:15:33.0717 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvhda64v.sys. md5: A842341EF3C702EF8208E610BE0FD1D9, sha256: 1240EF1BCEE6137A6D6A9A51DC74508EF1637AD62E975A5DD5A5778972AD3864 22:15:33.0717 0x0ccc NVHDA - detected LockedFile.Multi.Generic ( 1 ) 22:15:43.0717 0x0ccc NVHDA ( LockedFile.Multi.Generic ) - warning 22:15:47.0580 0x0ccc [ B4402E1D61A3015FC29BEF94BB1C81FD, 5D82BD1B94521B1748FA9C542BDD18B5B362317E5EE89D21F6A74FC4D51E5DF8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:15:47.0580 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: B4402E1D61A3015FC29BEF94BB1C81FD, sha256: 5D82BD1B94521B1748FA9C542BDD18B5B362317E5EE89D21F6A74FC4D51E5DF8 22:15:47.0609 0x0ccc nvlddmkm - detected LockedFile.Multi.Generic ( 1 ) 22:15:50.0022 0x0ccc Detect skipped due to KSN trusted 22:15:50.0023 0x0ccc nvlddmkm - ok 22:15:50.0133 0x0ccc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:15:50.0134 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 22:15:50.0134 0x0ccc nvraid - detected LockedFile.Multi.Generic ( 1 ) 22:15:52.0553 0x0ccc Detect skipped due to KSN trusted 22:15:52.0553 0x0ccc nvraid - ok 22:15:52.0627 0x0ccc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:15:52.0628 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 22:15:52.0628 0x0ccc nvstor - detected LockedFile.Multi.Generic ( 1 ) 22:15:55.0058 0x0ccc Detect skipped due to KSN trusted 22:15:55.0058 0x0ccc nvstor - ok 22:15:55.0139 0x0ccc [ 3446574A40B1F355B9CE636FC49DA5F1, 694C634B1316D81D7937F66A87C310A34BA7165AD292CAE2F6F34AAEC67895D9 ] nvsvc C:\Windows\system32\nvvsvc.exe 22:15:55.0146 0x0ccc nvsvc - ok 22:15:55.0179 0x0ccc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:15:55.0179 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F 22:15:55.0179 0x0ccc nv_agp - detected LockedFile.Multi.Generic ( 1 ) 22:15:57.0601 0x0ccc Detect skipped due to KSN trusted 22:15:57.0602 0x0ccc nv_agp - ok 22:15:57.0746 0x0ccc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:15:57.0773 0x0ccc odserv - ok 22:15:57.0808 0x0ccc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:15:57.0808 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 22:15:57.0809 0x0ccc ohci1394 - detected LockedFile.Multi.Generic ( 1 ) 22:16:00.0219 0x0ccc Detect skipped due to KSN trusted 22:16:00.0219 0x0ccc ohci1394 - ok 22:16:00.0313 0x0ccc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:16:00.0321 0x0ccc ose - ok 22:16:00.0360 0x0ccc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:16:00.0373 0x0ccc p2pimsvc - ok 22:16:00.0405 0x0ccc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 22:16:00.0435 0x0ccc p2psvc - ok 22:16:00.0485 0x0ccc [ 753A8F339F231D2B857E2CCD51A6E6CA, 59510E69D623B9DA725A8097A44FD210FCF05BB3BA27D5296EA4610359DA0831 ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe 22:16:00.0502 0x0ccc PACSPTISVR - ok 22:16:00.0519 0x0ccc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 22:16:00.0520 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 22:16:00.0520 0x0ccc Parport - detected LockedFile.Multi.Generic ( 1 ) 22:16:02.0941 0x0ccc Detect skipped due to KSN trusted 22:16:02.0941 0x0ccc Parport - ok 22:16:03.0028 0x0ccc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:16:03.0029 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 22:16:03.0029 0x0ccc partmgr - detected LockedFile.Multi.Generic ( 1 ) 22:16:05.0447 0x0ccc Detect skipped due to KSN trusted 22:16:05.0447 0x0ccc partmgr - ok 22:16:05.0525 0x0ccc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll 22:16:05.0531 0x0ccc PcaSvc - ok 22:16:05.0606 0x0ccc [ 3FDE033DFB0D07F8B7D5C9A3044AA121, 2C23B4FA34BA3060884B0168A830DD395A3853855CD6DF4065FBB303DFB4A87E ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 22:16:05.0606 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pccsmcfdx64.sys. md5: 3FDE033DFB0D07F8B7D5C9A3044AA121, sha256: 2C23B4FA34BA3060884B0168A830DD395A3853855CD6DF4065FBB303DFB4A87E 22:16:05.0607 0x0ccc pccsmcfd - detected LockedFile.Multi.Generic ( 1 ) 22:16:08.0009 0x0ccc Detect skipped due to KSN trusted 22:16:08.0010 0x0ccc pccsmcfd - ok 22:16:08.0100 0x0ccc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 22:16:08.0101 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 22:16:08.0101 0x0ccc pci - detected LockedFile.Multi.Generic ( 1 ) 22:16:10.0508 0x0ccc Detect skipped due to KSN trusted 22:16:10.0508 0x0ccc pci - ok 22:16:10.0595 0x0ccc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 22:16:10.0595 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 22:16:10.0596 0x0ccc pciide - detected LockedFile.Multi.Generic ( 1 ) 22:16:12.0999 0x0ccc Detect skipped due to KSN trusted 22:16:12.0999 0x0ccc pciide - ok 22:16:13.0084 0x0ccc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:16:13.0085 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 22:16:13.0085 0x0ccc pcmcia - detected LockedFile.Multi.Generic ( 1 ) 22:16:15.0506 0x0ccc Detect skipped due to KSN trusted 22:16:15.0507 0x0ccc pcmcia - ok 22:16:15.0587 0x0ccc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 22:16:15.0588 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 22:16:15.0588 0x0ccc pcw - detected LockedFile.Multi.Generic ( 1 ) 22:16:17.0998 0x0ccc Detect skipped due to KSN trusted 22:16:17.0998 0x0ccc pcw - ok 22:16:18.0101 0x0ccc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:16:18.0101 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C 22:16:18.0120 0x0ccc PEAUTH - detected LockedFile.Multi.Generic ( 1 ) 22:16:20.0536 0x0ccc Detect skipped due to KSN trusted 22:16:20.0536 0x0ccc PEAUTH - ok 22:16:20.0663 0x0ccc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:16:20.0667 0x0ccc PerfHost - ok 22:16:20.0769 0x0ccc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 22:16:20.0817 0x0ccc pla - ok 22:16:20.0881 0x0ccc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:16:20.0895 0x0ccc PlugPlay - ok 22:16:20.0995 0x0ccc [ 80E85394D8CD7F84340B1C6F4B9D698F, 13FE588297445F25DAA56AA9ED8EB307A7349381CC158DBB8213FE2E04BEB9DC ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 22:16:21.0011 0x0ccc PMBDeviceInfoProvider - ok 22:16:21.0103 0x0ccc [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 22:16:21.0107 0x0ccc Pml Driver HPZ12 - ok 22:16:21.0137 0x0ccc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:16:21.0141 0x0ccc PNRPAutoReg - ok 22:16:21.0169 0x0ccc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:16:21.0180 0x0ccc PNRPsvc - ok 22:16:21.0231 0x0ccc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:16:21.0241 0x0ccc PolicyAgent - ok 22:16:21.0261 0x0ccc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 22:16:21.0265 0x0ccc Power - ok 22:16:21.0309 0x0ccc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:16:21.0310 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 22:16:21.0310 0x0ccc PptpMiniport - detected LockedFile.Multi.Generic ( 1 ) 22:16:23.0729 0x0ccc Detect skipped due to KSN trusted 22:16:23.0729 0x0ccc PptpMiniport - ok 22:16:23.0809 0x0ccc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 22:16:23.0810 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 22:16:23.0810 0x0ccc Processor - detected LockedFile.Multi.Generic ( 1 ) 22:16:26.0230 0x0ccc Detect skipped due to KSN trusted 22:16:26.0231 0x0ccc Processor - ok 22:16:26.0332 0x0ccc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll 22:16:26.0341 0x0ccc ProfSvc - ok 22:16:26.0351 0x0ccc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe 22:16:26.0353 0x0ccc ProtectedStorage - ok 22:16:26.0400 0x0ccc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:16:26.0400 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 22:16:26.0402 0x0ccc Psched - detected LockedFile.Multi.Generic ( 1 ) 22:16:28.0817 0x0ccc Detect skipped due to KSN trusted 22:16:28.0817 0x0ccc Psched - ok 22:16:28.0916 0x0ccc [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 22:16:28.0917 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: FBF4DB6D53585437E41A113300002A2B, sha256: A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 22:16:28.0917 0x0ccc PxHlpa64 - detected LockedFile.Multi.Generic ( 1 ) 22:16:31.0341 0x0ccc Detect skipped due to KSN trusted 22:16:31.0341 0x0ccc PxHlpa64 - ok 22:16:31.0484 0x0ccc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:16:31.0484 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 22:16:31.0487 0x0ccc ql2300 - detected LockedFile.Multi.Generic ( 1 ) 22:16:33.0897 0x0ccc Detect skipped due to KSN trusted 22:16:33.0897 0x0ccc ql2300 - ok 22:16:33.0988 0x0ccc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:16:33.0988 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE 22:16:33.0989 0x0ccc ql40xx - detected LockedFile.Multi.Generic ( 1 ) 22:16:36.0409 0x0ccc Detect skipped due to KSN trusted 22:16:36.0409 0x0ccc ql40xx - ok 22:16:36.0496 0x0ccc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 22:16:36.0518 0x0ccc QWAVE - ok 22:16:36.0549 0x0ccc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:16:36.0549 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 22:16:36.0549 0x0ccc QWAVEdrv - detected LockedFile.Multi.Generic ( 1 ) 22:16:38.0972 0x0ccc Detect skipped due to KSN trusted 22:16:38.0972 0x0ccc QWAVEdrv - ok 22:16:39.0040 0x0ccc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:16:39.0041 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF 22:16:39.0042 0x0ccc RasAcd - detected LockedFile.Multi.Generic ( 1 ) 22:16:41.0460 0x0ccc Detect skipped due to KSN trusted 22:16:41.0460 0x0ccc RasAcd - ok 22:16:41.0542 0x0ccc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:16:41.0542 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 22:16:41.0543 0x0ccc RasAgileVpn - detected LockedFile.Multi.Generic ( 1 ) 22:16:43.0958 0x0ccc Detect skipped due to KSN trusted 22:16:43.0959 0x0ccc RasAgileVpn - ok 22:16:43.0985 0x0ccc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 22:16:43.0991 0x0ccc RasAuto - ok 22:16:44.0036 0x0ccc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:16:44.0036 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 22:16:44.0036 0x0ccc Rasl2tp - detected LockedFile.Multi.Generic ( 1 ) 22:16:46.0446 0x0ccc Detect skipped due to KSN trusted 22:16:46.0446 0x0ccc Rasl2tp - ok 22:16:46.0553 0x0ccc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 22:16:46.0565 0x0ccc RasMan - ok |
|
07.05.2014, 14:07
| #12 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung 22:16:46.0591 0x0ccc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:16:46.0591 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 22:16:46.0591 0x0ccc RasPppoe - detected LockedFile.Multi.Generic ( 1 ) 22:16:56.0592 0x0ccc Object is SCO, delete is not allowed 22:16:56.0592 0x0ccc RasPppoe ( LockedFile.Multi.Generic ) - warning 22:16:56.0592 0x0ccc Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\raspppoe.sys 22:17:00.0149 0x0ccc Object send P2P result: true 22:17:02.0696 0x0ccc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:17:02.0696 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C 22:17:02.0697 0x0ccc RasSstp - detected LockedFile.Multi.Generic ( 1 ) 22:17:05.0117 0x0ccc Detect skipped due to KSN trusted 22:17:05.0117 0x0ccc RasSstp - ok 22:17:05.0222 0x0ccc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:17:05.0222 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA 22:17:05.0223 0x0ccc rdbss - detected LockedFile.Multi.Generic ( 1 ) 22:17:07.0642 0x0ccc Detect skipped due to KSN trusted 22:17:07.0642 0x0ccc rdbss - ok 22:17:07.0722 0x0ccc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 22:17:07.0723 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 22:17:07.0723 0x0ccc rdpbus - detected LockedFile.Multi.Generic ( 1 ) 22:17:10.0149 0x0ccc Detect skipped due to KSN trusted 22:17:10.0149 0x0ccc rdpbus - ok 22:17:10.0234 0x0ccc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:17:10.0234 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 22:17:10.0234 0x0ccc RDPCDD - detected LockedFile.Multi.Generic ( 1 ) 22:17:12.0661 0x0ccc Detect skipped due to KSN trusted 22:17:12.0661 0x0ccc RDPCDD - ok 22:17:12.0748 0x0ccc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:17:12.0749 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F 22:17:12.0749 0x0ccc RDPENCDD - detected LockedFile.Multi.Generic ( 1 ) 22:17:15.0157 0x0ccc Detect skipped due to KSN trusted 22:17:15.0157 0x0ccc RDPENCDD - ok 22:17:15.0242 0x0ccc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:17:15.0242 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 22:17:15.0243 0x0ccc RDPREFMP - detected LockedFile.Multi.Generic ( 1 ) 22:17:17.0674 0x0ccc Detect skipped due to KSN trusted 22:17:17.0674 0x0ccc RDPREFMP - ok 22:17:17.0785 0x0ccc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:17:17.0785 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 22:17:17.0786 0x0ccc RDPWD - detected LockedFile.Multi.Generic ( 1 ) 22:17:20.0194 0x0ccc Detect skipped due to KSN trusted 22:17:20.0194 0x0ccc RDPWD - ok 22:17:20.0352 0x0ccc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:17:20.0353 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F 22:17:20.0375 0x0ccc rdyboost - detected LockedFile.Multi.Generic ( 1 ) 22:17:22.0801 0x0ccc Detect skipped due to KSN trusted 22:17:22.0801 0x0ccc rdyboost - ok 22:17:22.0881 0x0ccc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:17:22.0887 0x0ccc RemoteAccess - ok 22:17:22.0927 0x0ccc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:17:22.0937 0x0ccc RemoteRegistry - ok 22:17:22.0957 0x0ccc [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 22:17:22.0957 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932, sha256: 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D 22:17:22.0958 0x0ccc RFCOMM - detected LockedFile.Multi.Generic ( 1 ) 22:17:25.0373 0x0ccc Detect skipped due to KSN trusted 22:17:25.0373 0x0ccc RFCOMM - ok 22:17:25.0457 0x0ccc [ FA6ABC06B629DA29634D31F1FE0347BD, 6469EB5C43CFBF9D774DE09042E3E0B4A08B8A146A43450F591725418BF5104E ] rimspci C:\Windows\system32\drivers\rimssne64.sys 22:17:25.0458 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rimssne64.sys. md5: FA6ABC06B629DA29634D31F1FE0347BD, sha256: 6469EB5C43CFBF9D774DE09042E3E0B4A08B8A146A43450F591725418BF5104E 22:17:25.0458 0x0ccc rimspci - detected LockedFile.Multi.Generic ( 1 ) 22:17:27.0876 0x0ccc Detect skipped due to KSN trusted 22:17:27.0876 0x0ccc rimspci - ok 22:17:27.0975 0x0ccc [ 8F8539A7F5C117D4407B2985995671F2, D598C2F1F7B20E88386EADAFCA2616C3E4277521DDADF05C54933CCD9F5CA39B ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys 22:17:27.0976 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\risdsne64.sys. md5: 8F8539A7F5C117D4407B2985995671F2, sha256: D598C2F1F7B20E88386EADAFCA2616C3E4277521DDADF05C54933CCD9F5CA39B 22:17:27.0976 0x0ccc risdsnpe - detected LockedFile.Multi.Generic ( 1 ) 22:17:30.0398 0x0ccc Detect skipped due to KSN trusted 22:17:30.0398 0x0ccc risdsnpe - ok 22:17:30.0485 0x0ccc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:17:30.0489 0x0ccc RpcEptMapper - ok 22:17:30.0514 0x0ccc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 22:17:30.0517 0x0ccc RpcLocator - ok 22:17:30.0577 0x0ccc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 22:17:30.0594 0x0ccc RpcSs - ok 22:17:30.0616 0x0ccc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:17:30.0616 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD 22:17:30.0616 0x0ccc rspndr - detected LockedFile.Multi.Generic ( 1 ) 22:17:33.0056 0x0ccc Detect skipped due to KSN trusted 22:17:33.0056 0x0ccc rspndr - ok 22:17:33.0141 0x0ccc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe 22:17:33.0144 0x0ccc SamSs - ok 22:17:33.0190 0x0ccc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:17:33.0191 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 22:17:33.0191 0x0ccc sbp2port - detected LockedFile.Multi.Generic ( 1 ) 22:17:35.0624 0x0ccc Detect skipped due to KSN trusted 22:17:35.0625 0x0ccc sbp2port - ok 22:17:35.0714 0x0ccc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:17:35.0737 0x0ccc SCardSvr - ok 22:17:35.0768 0x0ccc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:17:35.0769 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 22:17:35.0769 0x0ccc scfilter - detected LockedFile.Multi.Generic ( 1 ) 22:17:38.0203 0x0ccc Detect skipped due to KSN trusted 22:17:38.0203 0x0ccc scfilter - ok 22:17:38.0342 0x0ccc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 22:17:38.0362 0x0ccc Schedule - ok 22:17:38.0398 0x0ccc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:17:38.0400 0x0ccc SCPolicySvc - ok 22:17:38.0457 0x0ccc [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys 22:17:38.0458 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sdbus.sys. md5: 111E0EBC0AD79CB0FA014B907B231CF0, sha256: B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F 22:17:38.0459 0x0ccc sdbus - detected LockedFile.Multi.Generic ( 1 ) 22:17:40.0889 0x0ccc Detect skipped due to KSN trusted 22:17:40.0889 0x0ccc sdbus - ok 22:17:41.0007 0x0ccc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:17:41.0026 0x0ccc SDRSVC - ok 22:17:41.0073 0x0ccc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:17:41.0073 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D 22:17:41.0073 0x0ccc secdrv - detected LockedFile.Multi.Generic ( 1 ) 22:17:43.0490 0x0ccc Detect skipped due to KSN trusted 22:17:43.0490 0x0ccc secdrv - ok 22:17:43.0586 0x0ccc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 22:17:43.0589 0x0ccc seclogon - ok 22:17:43.0618 0x0ccc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 22:17:43.0623 0x0ccc SENS - ok 22:17:43.0655 0x0ccc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:17:43.0660 0x0ccc SensrSvc - ok 22:17:43.0722 0x0ccc [ 052D4299E72FFFCCD9A168ADCDF5C450, 5A0BD695C166BCF57DFE71BAC7E745005A6D575F885E720EA070B791781BAE4B ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys 22:17:43.0722 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ser2pl64.sys. md5: 052D4299E72FFFCCD9A168ADCDF5C450, sha256: 5A0BD695C166BCF57DFE71BAC7E745005A6D575F885E720EA070B791781BAE4B 22:17:43.0723 0x0ccc Ser2pl - detected LockedFile.Multi.Generic ( 1 ) 22:17:46.0144 0x0ccc Detect skipped due to KSN trusted 22:17:46.0144 0x0ccc Ser2pl - ok 22:17:46.0213 0x0ccc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:17:46.0213 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 22:17:46.0213 0x0ccc Serenum - detected LockedFile.Multi.Generic ( 1 ) 22:17:48.0647 0x0ccc Detect skipped due to KSN trusted 22:17:48.0647 0x0ccc Serenum - ok 22:17:48.0746 0x0ccc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 22:17:48.0747 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D 22:17:48.0747 0x0ccc Serial - detected LockedFile.Multi.Generic ( 1 ) 22:17:51.0187 0x0ccc Detect skipped due to KSN trusted 22:17:51.0187 0x0ccc Serial - ok 22:17:51.0278 0x0ccc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:17:51.0278 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D 22:17:51.0279 0x0ccc sermouse - detected LockedFile.Multi.Generic ( 1 ) 22:17:53.0710 0x0ccc Detect skipped due to KSN trusted 22:17:53.0710 0x0ccc sermouse - ok 22:17:53.0856 0x0ccc [ 9BDE8F1F5D060E912FCF9FB58B71CBC1, 632F92CF96D9A48FD6F56D4BB18D354AACEB1048B6725759496BF4CD2DFC8863 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 22:17:53.0881 0x0ccc ServiceLayer - ok 22:17:53.0930 0x0ccc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 22:17:53.0936 0x0ccc SessionEnv - ok 22:17:53.0969 0x0ccc [ 286D3889E6AB5589646FF8A63CB928AE, 98D9D34521328F4F0B0B7C2CAB97BA0EC998B9F3F996B5ED08E17292F1CD9452 ] SFEP C:\Windows\system32\drivers\SFEP.sys 22:17:53.0969 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\SFEP.sys. md5: 286D3889E6AB5589646FF8A63CB928AE, sha256: 98D9D34521328F4F0B0B7C2CAB97BA0EC998B9F3F996B5ED08E17292F1CD9452 22:17:53.0969 0x0ccc SFEP - detected LockedFile.Multi.Generic ( 1 ) 22:17:56.0409 0x0ccc Detect skipped due to KSN trusted 22:17:56.0409 0x0ccc SFEP - ok 22:17:56.0497 0x0ccc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:17:56.0497 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 22:17:56.0498 0x0ccc sffdisk - detected LockedFile.Multi.Generic ( 1 ) 22:17:58.0947 0x0ccc Detect skipped due to KSN trusted 22:17:58.0947 0x0ccc sffdisk - ok 22:17:59.0016 0x0ccc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:17:59.0017 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 22:17:59.0017 0x0ccc sffp_mmc - detected LockedFile.Multi.Generic ( 1 ) 22:18:09.0017 0x0ccc Object is SCO, delete is not allowed 22:18:09.0017 0x0ccc sffp_mmc ( LockedFile.Multi.Generic ) - warning 22:18:12.0603 0x0ccc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:18:12.0603 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 22:18:12.0604 0x0ccc sffp_sd - detected LockedFile.Multi.Generic ( 1 ) 22:18:15.0035 0x0ccc Detect skipped due to KSN trusted 22:18:15.0035 0x0ccc sffp_sd - ok 22:18:15.0112 0x0ccc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:18:15.0113 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 22:18:15.0113 0x0ccc sfloppy - detected LockedFile.Multi.Generic ( 1 ) 22:18:17.0918 0x0ccc Detect skipped due to KSN trusted 22:18:17.0918 0x0ccc sfloppy - ok 22:18:18.0060 0x0ccc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:18:18.0066 0x0ccc SharedAccess - ok 22:18:18.0106 0x0ccc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:18:18.0114 0x0ccc ShellHWDetection - ok 22:18:18.0146 0x0ccc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 22:18:18.0146 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 22:18:18.0146 0x0ccc SiSRaid2 - detected LockedFile.Multi.Generic ( 1 ) 22:18:20.0569 0x0ccc Detect skipped due to KSN trusted 22:18:20.0569 0x0ccc SiSRaid2 - ok 22:18:20.0717 0x0ccc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:18:20.0718 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E 22:18:20.0718 0x0ccc SiSRaid4 - detected LockedFile.Multi.Generic ( 1 ) 22:18:23.0169 0x0ccc Detect skipped due to KSN trusted 22:18:23.0169 0x0ccc SiSRaid4 - ok 22:18:23.0268 0x0ccc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 22:18:23.0274 0x0ccc SkypeUpdate - ok 22:18:23.0311 0x0ccc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:18:23.0312 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 22:18:23.0324 0x0ccc Smb - detected LockedFile.Multi.Generic ( 1 ) 22:18:25.0765 0x0ccc Detect skipped due to KSN trusted 22:18:25.0765 0x0ccc Smb - ok 22:18:25.0828 0x0ccc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:18:25.0831 0x0ccc SNMPTRAP - ok 22:18:25.0878 0x0ccc [ C3E69DB0A4E59564230E053232F39AC7, D7E4AC42C0731F69869E96F3AE9021ABD968E17C92283A54F265E73E6BD60ED5 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe 22:18:25.0885 0x0ccc SOHCImp - ok 22:18:25.0915 0x0ccc [ 65CC4779A29C3E82B987BD4961790DFF, 91D072ADBCD4AEB2E10D0CC97E89E92099E8061A601F1A88425B4A20FC50FF78 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe 22:18:25.0937 0x0ccc SOHDms - ok 22:18:25.0950 0x0ccc [ F47D75CEE1844EEF4A9EA6EE768828FB, 242550EB5879476DD2CFC0E38FAF3C6D0263FEA7504BD73ED3B004E274D7CDF6 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe 22:18:25.0953 0x0ccc SOHDs - ok 22:18:25.0996 0x0ccc [ 977AAA4398D7D6FA65D973F5B3F54E40, 9E7DD68E62A0BC6A8F512582E7B7BA00CC90CEA65B1F46EA6922C38C2D340021 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe 22:18:26.0001 0x0ccc SonicStage Back-End Service - ok 22:18:26.0089 0x0ccc [ 5449FC97476F52E027409E703791E6A9, 88AFFBD1970575AB0E16B07AC7C6364879298320540F3451603DCBF54D551273 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe 22:18:26.0118 0x0ccc SpfService - ok 22:18:26.0148 0x0ccc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 22:18:26.0148 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 22:18:26.0149 0x0ccc spldr - detected LockedFile.Multi.Generic ( 1 ) 22:18:28.0647 0x0ccc Detect skipped due to KSN trusted 22:18:28.0647 0x0ccc spldr - ok 22:18:28.0756 0x0ccc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 22:18:28.0775 0x0ccc Spooler - ok 22:18:28.0929 0x0ccc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 22:18:28.0988 0x0ccc sppsvc - ok 22:18:29.0013 0x0ccc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:18:29.0018 0x0ccc sppuinotify - ok 22:18:29.0058 0x0ccc [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1, BDCCF36D760B8B92BD8DF54C6F2992D66B76EBA1999623F60F0D68CD91D3CEE1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe 22:18:29.0062 0x0ccc SPTISRV - ok 22:18:29.0125 0x0ccc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:18:29.0125 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 22:18:29.0126 0x0ccc srv - detected LockedFile.Multi.Generic ( 1 ) 22:18:31.0557 0x0ccc Detect skipped due to KSN trusted 22:18:31.0558 0x0ccc srv - ok 22:18:31.0663 0x0ccc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:18:31.0663 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 22:18:31.0664 0x0ccc srv2 - detected LockedFile.Multi.Generic ( 1 ) 22:18:34.0127 0x0ccc Detect skipped due to KSN trusted 22:18:34.0127 0x0ccc srv2 - ok 22:18:34.0202 0x0ccc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:18:34.0203 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 22:18:34.0203 0x0ccc srvnet - detected LockedFile.Multi.Generic ( 1 ) 22:18:36.0635 0x0ccc Detect skipped due to KSN trusted 22:18:36.0635 0x0ccc srvnet - ok 22:18:36.0720 0x0ccc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:18:36.0726 0x0ccc SSDPSRV - ok 22:18:36.0781 0x0ccc [ 756E371B3B86A3D3039926D32EAC0E8D, 7D3EE49848B90F0815599EC35897E23ECB69BF2686A8F1907E974B4F21419F5D ] SSScsiSV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe 22:18:36.0785 0x0ccc SSScsiSV - ok 22:18:36.0802 0x0ccc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:18:36.0805 0x0ccc SstpSvc - ok 22:18:36.0841 0x0ccc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 22:18:36.0841 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 22:18:36.0841 0x0ccc stexstor - detected LockedFile.Multi.Generic ( 1 ) 22:18:39.0259 0x0ccc Detect skipped due to KSN trusted 22:18:39.0260 0x0ccc stexstor - ok 22:18:39.0375 0x0ccc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 22:18:39.0390 0x0ccc stisvc - ok 22:18:39.0422 0x0ccc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 22:18:39.0422 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 22:18:39.0435 0x0ccc swenum - detected LockedFile.Multi.Generic ( 1 ) 22:18:41.0854 0x0ccc Detect skipped due to KSN trusted 22:18:41.0854 0x0ccc swenum - ok 22:18:41.0951 0x0ccc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 22:18:41.0979 0x0ccc swprv - ok 22:18:42.0067 0x0ccc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 22:18:42.0097 0x0ccc SysMain - ok 22:18:42.0138 0x0ccc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:18:42.0143 0x0ccc TabletInputService - ok 22:18:42.0167 0x0ccc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 22:18:42.0174 0x0ccc TapiSrv - ok 22:18:42.0192 0x0ccc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 22:18:42.0196 0x0ccc TBS - ok 22:18:42.0300 0x0ccc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:18:42.0301 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 40AF23633D197905F03AB5628C558C51, sha256: 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C 22:18:42.0318 0x0ccc Tcpip - detected LockedFile.Multi.Generic ( 1 ) 22:18:44.0752 0x0ccc Detect skipped due to KSN trusted 22:18:44.0752 0x0ccc Tcpip - ok 22:18:44.0886 0x0ccc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:18:44.0886 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 40AF23633D197905F03AB5628C558C51, sha256: 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C 22:18:44.0888 0x0ccc TCPIP6 - detected LockedFile.Multi.Generic ( 1 ) 22:18:44.0888 0x0ccc Detect skipped due to KSN trusted 22:18:44.0889 0x0ccc TCPIP6 - ok 22:18:44.0925 0x0ccc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:18:44.0926 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 1B16D0BD9841794A6E0CDE0CEF744ABC, sha256: 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C 22:18:44.0926 0x0ccc tcpipreg - detected LockedFile.Multi.Generic ( 1 ) 22:18:47.0376 0x0ccc Detect skipped due to KSN trusted 22:18:47.0376 0x0ccc tcpipreg - ok 22:18:47.0445 0x0ccc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:18:47.0446 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D 22:18:47.0446 0x0ccc TDPIPE - detected LockedFile.Multi.Generic ( 1 ) 22:18:49.0879 0x0ccc Detect skipped due to KSN trusted 22:18:49.0879 0x0ccc TDPIPE - ok 22:18:49.0975 0x0ccc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:18:49.0975 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 22:18:49.0975 0x0ccc TDTCP - detected LockedFile.Multi.Generic ( 1 ) 22:18:52.0414 0x0ccc Detect skipped due to KSN trusted 22:18:52.0414 0x0ccc TDTCP - ok 22:18:52.0523 0x0ccc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:18:52.0524 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 22:18:52.0524 0x0ccc tdx - detected LockedFile.Multi.Generic ( 1 ) 22:18:54.0957 0x0ccc Detect skipped due to KSN trusted 22:18:54.0957 0x0ccc tdx - ok 22:18:55.0046 0x0ccc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 22:18:55.0046 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D 22:18:55.0047 0x0ccc TermDD - detected LockedFile.Multi.Generic ( 1 ) 22:18:57.0466 0x0ccc Detect skipped due to KSN trusted 22:18:57.0466 0x0ccc TermDD - ok 22:18:57.0597 0x0ccc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll 22:18:57.0629 0x0ccc TermService - ok 22:18:57.0675 0x0ccc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 22:18:57.0680 0x0ccc Themes - ok 22:18:57.0741 0x0ccc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 22:18:57.0744 0x0ccc THREADORDER - ok 22:18:57.0769 0x0ccc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 22:18:57.0774 0x0ccc TrkWks - ok 22:18:57.0927 0x0ccc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:18:57.0966 0x0ccc TrustedInstaller - ok 22:18:57.0998 0x0ccc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:18:57.0999 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 22:18:57.0999 0x0ccc tssecsrv - detected LockedFile.Multi.Generic ( 1 ) 22:19:00.0426 0x0ccc Detect skipped due to KSN trusted 22:19:00.0426 0x0ccc tssecsrv - ok 22:19:00.0550 0x0ccc [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:19:00.0551 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB 22:19:00.0551 0x0ccc TsUsbFlt - detected LockedFile.Multi.Generic ( 1 ) 22:19:02.0985 0x0ccc Detect skipped due to KSN trusted 22:19:02.0985 0x0ccc TsUsbFlt - ok 22:19:03.0094 0x0ccc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:19:03.0094 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 22:19:03.0095 0x0ccc tunnel - detected LockedFile.Multi.Generic ( 1 ) 22:19:05.0534 0x0ccc Detect skipped due to KSN trusted 22:19:05.0534 0x0ccc tunnel - ok 22:19:05.0611 0x0ccc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:19:05.0612 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 22:19:05.0612 0x0ccc uagp35 - detected LockedFile.Multi.Generic ( 1 ) 22:19:08.0063 0x0ccc Detect skipped due to KSN trusted 22:19:08.0063 0x0ccc uagp35 - ok 22:19:08.0148 0x0ccc [ 63F6D08C54D5B3C1B12A6172032055C7, 87D872731D2C85E1A0ED3128CB7AB91AF00D830B0E4307054ABFD1D3900C990D ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe 22:19:08.0152 0x0ccc uCamMonitor - ok 22:19:08.0205 0x0ccc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:19:08.0206 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 22:19:08.0206 0x0ccc udfs - detected LockedFile.Multi.Generic ( 1 ) 22:19:10.0640 0x0ccc Detect skipped due to KSN trusted 22:19:10.0640 0x0ccc udfs - ok 22:19:10.0724 0x0ccc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:19:10.0731 0x0ccc UI0Detect - ok 22:19:10.0751 0x0ccc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:19:10.0751 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A 22:19:10.0752 0x0ccc uliagpkx - detected LockedFile.Multi.Generic ( 1 ) 22:19:13.0193 0x0ccc Detect skipped due to KSN trusted 22:19:13.0193 0x0ccc uliagpkx - ok 22:19:13.0288 0x0ccc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys 22:19:13.0288 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE 22:19:13.0303 0x0ccc umbus - detected LockedFile.Multi.Generic ( 1 ) 22:19:23.0305 0x0ccc Object is SCO, delete is not allowed 22:19:23.0305 0x0ccc umbus ( LockedFile.Multi.Generic ) - warning 22:19:27.0266 0x0ccc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 22:19:27.0266 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 22:19:27.0267 0x0ccc UmPass - detected LockedFile.Multi.Generic ( 1 ) 22:19:29.0714 0x0ccc Detect skipped due to KSN trusted 22:19:29.0714 0x0ccc UmPass - ok 22:19:29.0836 0x0ccc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 22:19:29.0857 0x0ccc upnphost - ok 22:19:29.0893 0x0ccc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:19:29.0893 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 22:19:29.0893 0x0ccc usbccgp - detected LockedFile.Multi.Generic ( 1 ) 22:19:32.0335 0x0ccc Detect skipped due to KSN trusted 22:19:32.0335 0x0ccc usbccgp - ok 22:19:32.0448 0x0ccc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:19:32.0449 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD 22:19:32.0449 0x0ccc usbcir - detected LockedFile.Multi.Generic ( 1 ) 22:19:34.0886 0x0ccc Detect skipped due to KSN trusted 22:19:34.0886 0x0ccc usbcir - ok 22:19:34.0972 0x0ccc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 22:19:34.0972 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 22:19:34.0973 0x0ccc usbehci - detected LockedFile.Multi.Generic ( 1 ) 22:19:37.0420 0x0ccc Detect skipped due to KSN trusted 22:19:37.0420 0x0ccc usbehci - ok 22:19:37.0529 0x0ccc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:19:37.0530 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 22:19:37.0530 0x0ccc usbhub - detected LockedFile.Multi.Generic ( 1 ) 22:19:39.0968 0x0ccc Detect skipped due to KSN trusted 22:19:39.0968 0x0ccc usbhub - ok 22:19:40.0054 0x0ccc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:19:40.0054 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C 22:19:40.0055 0x0ccc usbohci - detected LockedFile.Multi.Generic ( 1 ) 22:19:42.0500 0x0ccc Detect skipped due to KSN trusted 22:19:42.0500 0x0ccc usbohci - ok 22:19:42.0572 0x0ccc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:19:42.0573 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C 22:19:42.0573 0x0ccc usbprint - detected LockedFile.Multi.Generic ( 1 ) 22:19:44.0999 0x0ccc Detect skipped due to KSN trusted 22:19:44.0999 0x0ccc usbprint - ok 22:19:45.0095 0x0ccc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys 22:19:45.0096 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbscan.sys. md5: 9661DA76B4531B2DA272ECCE25A8AF24, sha256: FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 22:19:45.0096 0x0ccc usbscan - detected LockedFile.Multi.Generic ( 1 ) 22:19:47.0514 0x0ccc Detect skipped due to KSN trusted 22:19:47.0514 0x0ccc usbscan - ok 22:19:47.0606 0x0ccc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:19:47.0606 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 22:19:47.0607 0x0ccc USBSTOR - detected LockedFile.Multi.Generic ( 1 ) 22:19:50.0043 0x0ccc Detect skipped due to KSN trusted 22:19:50.0043 0x0ccc USBSTOR - ok 22:19:50.0138 0x0ccc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:19:50.0139 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 22:19:50.0139 0x0ccc usbuhci - detected LockedFile.Multi.Generic ( 1 ) 22:19:52.0561 0x0ccc Detect skipped due to KSN trusted 22:19:52.0561 0x0ccc usbuhci - ok 22:19:52.0673 0x0ccc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:19:52.0673 0x0ccc Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 22:19:52.0674 0x0ccc usbvideo - detected LockedFile.Multi.Generic ( 1 ) 22:19:55.0105 0x0ccc Detect skipped due to KSN trusted 22:19:55.0105 0x0ccc usbvideo - ok 22:19:55.0194 0x0ccc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 22:19:55.0197 0x0ccc UxSms - ok 22:19:55.0241 0x0ccc [ A60605FC66552B421EE1F3D4EBB9A4E0, DCAC76EACAABD38E3896F78B56F51D08ECCC46E360DC29857526929900455E07 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe 22:19:55.0248 0x0ccc VAIO Event Service - ok 22:19:55.0297 0x0ccc [ D469BE2723F79CF4B384680B1FDC577D, 8967D83D7A59E1C04F1A252246ABD7B64ABEC36BF02E3CA5BD672ABCA36E2BE0 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe 22:19:55.0307 0x0ccc VAIO Power Management - ok 22:19:55.0327 0x0ccc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe 22:19:55.0329 0x0ccc VaultSvc - ok 22:19:55.0390 0x0ccc [ 96EFA2698D6B9E2931609A3EA73FC5DC, FE9F4EEBEA0671FD4B3DF2180EB763AB54B59DA60E372589447C32EA6A792D4F ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe 22:19:55.0435 0x0ccc VCFw - ok 22:19:55.0492 0x0ccc [ 7BEBF6A5285FFC03C34A7297A4E177CB, 39EFA9B03B84C65C3E57D2D4ADD8F6A57EB977410B7CDC24837C32FD13041517 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe 22:19:55.0527 0x0ccc VcmIAlzMgr - ok 22:19:55.0570 0x0ccc [ E005B04DFCA99F5880C5111933194CA9, 9F3F48B3BA74DF5073D2A9767EB11B28CF54E01BA12FD269771187FB4BC26A3D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe 22:19:55.0592 0x0ccc VcmINSMgr - ok 22:19:55.0625 0x0ccc [ 829A32FD1334F72429CA0515760EB7A7, CE37108DB7D539DB1FA260C049803ECDE55DE067B8712BCF89BA703DA6EC22D5 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe 22:19:55.0636 0x0ccc VcmXmlIfHelper - ok 22:19:55.0683 0x0ccc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:19:55.0684 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D 22:19:55.0699 0x0ccc vdrvroot - detected LockedFile.Multi.Generic ( 1 ) 22:19:58.0135 0x0ccc Detect skipped due to KSN trusted 22:19:58.0135 0x0ccc vdrvroot - ok 22:19:58.0244 0x0ccc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 22:19:58.0254 0x0ccc vds - ok 22:19:58.0285 0x0ccc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:19:58.0285 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 22:19:58.0292 0x0ccc vga - detected LockedFile.Multi.Generic ( 1 ) 22:20:00.0710 0x0ccc Detect skipped due to KSN trusted 22:20:00.0710 0x0ccc vga - ok 22:20:00.0788 0x0ccc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 22:20:00.0788 0x0ccc Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 22:20:00.0788 0x0ccc VgaSave - detected LockedFile.Multi.Generic ( 1 ) 22:20:03.0207 0x0ccc Detect skipped due to KSN trusted 22:20:03.0207 0x0ccc VgaSave - ok 22:20:03.0244 0x0ccc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:20:03.0244 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF 22:20:03.0244 0x0ccc vhdmp - detected LockedFile.Multi.Generic ( 1 ) 22:20:05.0671 0x0ccc Detect skipped due to KSN trusted 22:20:05.0671 0x0ccc vhdmp - ok 22:20:05.0757 0x0ccc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 22:20:05.0758 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 22:20:05.0758 0x0ccc viaide - detected LockedFile.Multi.Generic ( 1 ) 22:20:08.0176 0x0ccc Detect skipped due to KSN trusted 22:20:08.0176 0x0ccc viaide - ok 22:20:08.0269 0x0ccc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:20:08.0269 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 22:20:08.0270 0x0ccc volmgr - detected LockedFile.Multi.Generic ( 1 ) 22:20:10.0720 0x0ccc Detect skipped due to KSN trusted 22:20:10.0721 0x0ccc volmgr - ok 22:20:10.0818 0x0ccc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:20:10.0819 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F 22:20:10.0819 0x0ccc volmgrx - detected LockedFile.Multi.Generic ( 1 ) 22:20:13.0268 0x0ccc Detect skipped due to KSN trusted 22:20:13.0268 0x0ccc volmgrx - ok 22:20:13.0346 0x0ccc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:20:13.0347 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC 22:20:13.0347 0x0ccc volsnap - detected LockedFile.Multi.Generic ( 1 ) 22:20:15.0808 0x0ccc Detect skipped due to KSN trusted 22:20:15.0808 0x0ccc volsnap - ok 22:20:15.0920 0x0ccc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:20:15.0920 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC 22:20:15.0920 0x0ccc vsmraid - detected LockedFile.Multi.Generic ( 1 ) 22:20:18.0404 0x0ccc Detect skipped due to KSN trusted 22:20:18.0404 0x0ccc vsmraid - ok 22:20:18.0527 0x0ccc [ A7EB62C664A03901165290A714BD48D0, 983BA71FE311FEBB21A0AE9A42FD128DFA787A47905E5533D192039A9609FCF1 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe 22:20:18.0544 0x0ccc VSNService - ok 22:20:18.0624 0x0ccc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 22:20:18.0706 0x0ccc VSS - ok 22:20:18.0825 0x0ccc [ D2D646D4D686C6996BA1FF96E11BE570, BAED2162928F9590597911DCBD92C10CC5516E35BD7ACB26150A879D2ABEC023 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe 22:20:18.0850 0x0ccc VUAgent - ok 22:20:18.0882 0x0ccc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:20:18.0883 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 22:20:18.0894 0x0ccc vwifibus - detected LockedFile.Multi.Generic ( 1 ) 22:20:21.0365 0x0ccc Detect skipped due to KSN trusted 22:20:21.0365 0x0ccc vwifibus - ok 22:20:21.0468 0x0ccc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:20:21.0468 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB 22:20:21.0469 0x0ccc vwififlt - detected LockedFile.Multi.Generic ( 1 ) 22:20:23.0931 0x0ccc Detect skipped due to KSN trusted 22:20:23.0931 0x0ccc vwififlt - ok 22:20:24.0096 0x0ccc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:20:24.0097 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 22:20:24.0097 0x0ccc vwifimp - detected LockedFile.Multi.Generic ( 1 ) 22:20:26.0577 0x0ccc Detect skipped due to KSN trusted 22:20:26.0577 0x0ccc vwifimp - ok 22:20:26.0681 0x0ccc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 22:20:26.0703 0x0ccc W32Time - ok 22:20:26.0724 0x0ccc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:20:26.0724 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 22:20:26.0724 0x0ccc WacomPen - detected LockedFile.Multi.Generic ( 1 ) 22:20:36.0725 0x0ccc Object is SCO, delete is not allowed 22:20:36.0725 0x0ccc WacomPen ( LockedFile.Multi.Generic ) - warning 22:20:36.0725 0x0ccc Force sending object to P2P due to detect: C:\Windows\system32\drivers\wacompen.sys 22:20:41.0338 0x0ccc Object send P2P result: true 22:20:43.0837 0x0ccc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:20:43.0837 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 22:20:43.0838 0x0ccc WANARP - detected LockedFile.Multi.Generic ( 1 ) 22:20:46.0294 0x0ccc Detect skipped due to KSN trusted 22:20:46.0294 0x0ccc WANARP - ok 22:20:46.0357 0x0ccc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:20:46.0358 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 22:20:46.0358 0x0ccc Wanarpv6 - detected LockedFile.Multi.Generic ( 1 ) 22:20:46.0358 0x0ccc Detect skipped due to KSN trusted 22:20:46.0358 0x0ccc Wanarpv6 - ok 22:20:46.0447 0x0ccc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 22:20:46.0496 0x0ccc wbengine - ok 22:20:46.0525 0x0ccc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:20:46.0534 0x0ccc WbioSrvc - ok 22:20:46.0576 0x0ccc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:20:46.0598 0x0ccc wcncsvc - ok 22:20:46.0616 0x0ccc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:20:46.0619 0x0ccc WcsPlugInService - ok 22:20:46.0633 0x0ccc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 22:20:46.0633 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 22:20:46.0634 0x0ccc Wd - detected LockedFile.Multi.Generic ( 1 ) 22:20:49.0099 0x0ccc Detect skipped due to KSN trusted 22:20:49.0099 0x0ccc Wd - ok 22:20:49.0174 0x0ccc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:20:49.0174 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 22:20:49.0175 0x0ccc Wdf01000 - detected LockedFile.Multi.Generic ( 1 ) 22:20:51.0612 0x0ccc Detect skipped due to KSN trusted 22:20:51.0612 0x0ccc Wdf01000 - ok 22:20:51.0688 0x0ccc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:20:51.0691 0x0ccc WdiServiceHost - ok 22:20:51.0709 0x0ccc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:20:51.0714 0x0ccc WdiSystemHost - ok 22:20:51.0771 0x0ccc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 22:20:51.0789 0x0ccc WebClient - ok 22:20:51.0815 0x0ccc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:20:51.0826 0x0ccc Wecsvc - ok 22:20:51.0839 0x0ccc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:20:51.0843 0x0ccc wercplsupport - ok 22:20:51.0866 0x0ccc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 22:20:51.0869 0x0ccc WerSvc - ok 22:20:51.0888 0x0ccc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:20:51.0889 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 22:20:51.0889 0x0ccc WfpLwf - detected LockedFile.Multi.Generic ( 1 ) 22:20:54.0350 0x0ccc Detect skipped due to KSN trusted 22:20:54.0350 0x0ccc WfpLwf - ok 22:20:54.0417 0x0ccc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:20:54.0417 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 22:20:54.0418 0x0ccc WIMMount - detected LockedFile.Multi.Generic ( 1 ) 22:20:56.0876 0x0ccc Detect skipped due to KSN trusted 22:20:56.0876 0x0ccc WIMMount - ok 22:20:56.0968 0x0ccc WinDefend - ok 22:20:56.0977 0x0ccc WinHttpAutoProxySvc - ok 22:20:57.0048 0x0ccc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:20:57.0055 0x0ccc Winmgmt - ok 22:20:57.0166 0x0ccc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 22:20:57.0236 0x0ccc WinRM - ok 22:20:57.0305 0x0ccc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:20:57.0306 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 22:20:57.0306 0x0ccc WinUsb - detected LockedFile.Multi.Generic ( 1 ) 22:20:59.0790 0x0ccc Detect skipped due to KSN trusted 22:20:59.0790 0x0ccc WinUsb - ok 22:20:59.0893 0x0ccc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:20:59.0917 0x0ccc Wlansvc - ok 22:20:59.0961 0x0ccc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:20:59.0962 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 22:20:59.0962 0x0ccc WmiAcpi - detected LockedFile.Multi.Generic ( 1 ) 22:21:02.0420 0x0ccc Detect skipped due to KSN trusted 22:21:02.0420 0x0ccc WmiAcpi - ok 22:21:02.0508 0x0ccc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:21:02.0519 0x0ccc wmiApSrv - ok 22:21:02.0556 0x0ccc WMPNetworkSvc - ok 22:21:02.0583 0x0ccc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:21:02.0587 0x0ccc WPCSvc - ok 22:21:02.0622 0x0ccc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:21:02.0627 0x0ccc WPDBusEnum - ok 22:21:02.0649 0x0ccc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:21:02.0650 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 22:21:02.0650 0x0ccc ws2ifsl - detected LockedFile.Multi.Generic ( 1 ) 22:21:05.0116 0x0ccc Detect skipped due to KSN trusted 22:21:05.0116 0x0ccc ws2ifsl - ok 22:21:05.0183 0x0ccc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 22:21:05.0190 0x0ccc wscsvc - ok 22:21:05.0195 0x0ccc WSearch - ok 22:21:05.0415 0x0ccc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll 22:21:05.0491 0x0ccc wuauserv - ok 22:21:05.0520 0x0ccc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:21:05.0520 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 22:21:05.0521 0x0ccc WudfPf - detected LockedFile.Multi.Generic ( 1 ) 22:21:07.0982 0x0ccc Detect skipped due to KSN trusted 22:21:07.0982 0x0ccc WudfPf - ok 22:21:08.0089 0x0ccc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:21:08.0089 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 22:21:08.0090 0x0ccc WUDFRd - detected LockedFile.Multi.Generic ( 1 ) 22:21:10.0551 0x0ccc Detect skipped due to KSN trusted 22:21:10.0551 0x0ccc WUDFRd - ok 22:21:10.0589 0x0ccc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:21:10.0599 0x0ccc wudfsvc - ok 22:21:10.0661 0x0ccc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 22:21:10.0672 0x0ccc WwanSvc - ok 22:21:10.0855 0x0ccc [ 5250193EF8E173AA7491250F00EB367F, FF33B5112C5702CBD8EF2B0B5E49428973054B961F3B105419F7A47E2057B8A6 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 22:21:10.0860 0x0ccc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\yk62x64.sys. md5: 5250193EF8E173AA7491250F00EB367F, sha256: FF33B5112C5702CBD8EF2B0B5E49428973054B961F3B105419F7A47E2057B8A6 22:21:10.0860 0x0ccc yukonw7 - detected LockedFile.Multi.Generic ( 1 ) 22:21:13.0316 0x0ccc Detect skipped due to KSN trusted 22:21:13.0316 0x0ccc yukonw7 - ok 22:21:13.0494 0x0ccc ================ Scan global =============================== 22:21:13.0532 0x0ccc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 22:21:13.0590 0x0ccc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 22:21:13.0608 0x0ccc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 22:21:13.0675 0x0ccc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 22:21:13.0759 0x0ccc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 22:21:13.0773 0x0ccc [ Global ] - ok 22:21:13.0774 0x0ccc ================ Scan MBR ================================== 22:21:13.0791 0x0ccc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:21:17.0955 0x0ccc \Device\Harddisk0\DR0 - ok 22:21:17.0959 0x0ccc ================ Scan VBR ================================== 22:21:17.0979 0x0ccc [ 8DB0D2D23AC65AE9E9604667D780E80F ] \Device\Harddisk0\DR0\Partition1 22:21:17.0983 0x0ccc \Device\Harddisk0\DR0\Partition1 - ok 22:21:18.0011 0x0ccc [ 9346876E33FAF5FAB87E0DA3F8E3B29F ] \Device\Harddisk0\DR0\Partition2 22:21:18.0015 0x0ccc \Device\Harddisk0\DR0\Partition2 - ok 22:21:18.0033 0x0ccc AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated ) 22:21:18.0151 0x0ccc Win FW state via NFP2: enabled 22:21:20.0536 0x0ccc ============================================================ 22:21:20.0536 0x0ccc Scan finished 22:21:20.0536 0x0ccc ============================================================ 22:21:20.0550 0x0cd4 Detected object count: 10 22:21:20.0550 0x0cd4 Actual detected object count: 10 22:22:41.0482 0x0cd4 ErrDev ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0482 0x0cd4 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0482 0x0cd4 fc65432756c619f5 ( Rootkit.Win32.Necurs.gen ) - skipped by user 22:22:41.0482 0x0cd4 fc65432756c619f5 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 22:22:41.0484 0x0cd4 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0484 0x0cd4 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0486 0x0cd4 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0486 0x0cd4 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0488 0x0cd4 MSPQM ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0488 0x0cd4 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0490 0x0cd4 NVHDA ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0490 0x0cd4 NVHDA ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0492 0x0cd4 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0492 0x0cd4 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0494 0x0cd4 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0494 0x0cd4 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0495 0x0cd4 umbus ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0495 0x0cd4 umbus ( LockedFile.Multi.Generic ) - User select action: Skip 22:22:41.0496 0x0cd4 WacomPen ( LockedFile.Multi.Generic ) - skipped by user 22:22:41.0496 0x0cd4 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip Ich hoffe, das ist jetzt komplett? lg 3Mücken |
|
07.05.2014, 18:24
| #13 | |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur EntfernungZitat:
Schön, dass dein Anschluss wieder funktioniert. Schritt 1 Combofix-Skript
|
|
07.05.2014, 19:08
| #14 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur EntfernungCode:
ATTFilter ComboFix 14-05-07.03 - kaisermuecke 07.05.2014 19:51:21.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4013.2333 [GMT 2:00]
ausgeführt von:: c:\users\kaisermuecke\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\kaisermuecke\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\fc65432756c619f5.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FC65432756C619F5
-------\Service_fc65432756c619f5
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-07 bis 2014-05-07 ))))))))))))))))))))))))))))))
.
.
2014-05-07 18:01 . 2014-05-07 18:01 -------- d-----w- c:\program files\WEB.DE MailCheck
2014-05-07 18:01 . 2014-05-07 18:01 -------- d-----w- c:\program files (x86)\WEB.DE MailCheck
2014-05-07 17:59 . 2014-05-07 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-07 12:39 . 2014-05-07 12:39 -------- d-----w- c:\programdata\UUdb
2014-04-29 17:40 . 2014-04-29 17:40 -------- d-----w- c:\programdata\Malwarebytes
2014-04-29 17:40 . 2014-04-29 19:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-29 17:36 . 2014-04-29 19:18 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 17:35 . 2014-04-29 17:35 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-28 15:56 . 2014-04-28 15:58 -------- d-----w- C:\FRST
2014-04-28 15:19 . 2014-04-28 15:19 -------- d-----w- c:\program files (x86)\iMesh Applications
2014-04-20 20:02 . 2014-04-20 20:02 -------- d-----w- c:\programdata\Licenses
2014-04-20 20:01 . 2014-04-20 20:01 -------- d-----w- c:\programdata\Simply Super Software
2014-04-20 19:56 . 2014-01-21 15:28 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-04-20 19:56 . 2014-04-20 20:15 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\systweak
2014-04-20 10:34 . 2014-04-20 10:34 -------- d-----w- c:\programdata\Electronic Arts
2014-04-20 10:34 . 2014-04-20 10:34 -------- d-----w- c:\programdata\EA Core
2014-04-20 09:38 . 2006-02-03 06:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2014-04-20 09:32 . 2014-04-20 09:35 -------- d-----w- c:\programdata\Solidshield
2014-04-15 18:13 . 2014-04-15 18:13 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\LavasoftStatistics
2014-04-15 18:04 . 2014-04-15 18:04 -------- d-----w- c:\programdata\BitDefender
2014-04-15 17:43 . 2014-04-15 17:43 -------- d-----w- c:\program files\Lavasoft
2014-04-15 17:43 . 2014-04-15 17:43 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\SecureSearch
2014-04-15 17:43 . 2014-04-20 18:41 -------- d-----w- c:\program files (x86)\Lavasoft
2014-04-15 17:40 . 2014-04-15 17:40 -------- d-----w- c:\programdata\Lavasoft
2014-04-15 16:40 . 2014-04-15 16:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2014-04-15 15:36 . 2014-04-15 15:36 -------- d-----w- c:\users\kaisermuecke\AppData\Roaming\TuneUp Software
2014-04-15 15:24 . 2014-04-15 17:10 -------- d-----w- c:\programdata\MFAData
2014-04-15 15:24 . 2014-04-15 15:24 -------- d--h--w- c:\programdata\Common Files
2014-04-15 15:24 . 2014-04-15 15:24 -------- d-----w- c:\users\kaisermuecke\AppData\Local\MFAData
2014-04-15 11:51 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140415-135137
2014-04-14 18:04 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-200411
2014-04-14 13:33 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-153355
2014-04-14 13:30 . 2014-04-14 13:30 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-14 13:30 . 2014-04-14 13:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-04-14 12:46 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-144609
2014-04-14 12:30 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-143036
2014-04-14 12:09 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-140952
2014-04-14 11:55 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140414-135557
2014-04-13 21:14 . 2014-04-16 12:27 -------- d-----w- c:\windows\SysWow64\140413-231407
2014-04-13 19:35 . 2014-04-13 19:35 -------- d-----w- c:\windows\SysWow64\140413-213519
2014-04-09 12:03 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-09 12:03 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 12:03 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 13:25 . 2013-04-06 15:13 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 13:25 . 2011-11-07 10:47 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 01:51 . 2012-08-02 08:18 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 07:52 . 2014-03-11 07:52 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-09 12:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-13 11:08 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-13 11:08 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-13 11:08 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-13 11:08 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-13 11:08 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-13 11:08 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-13 11:08 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-13 11:08 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-13 11:08 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-13 11:08 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-13 11:08 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-13 11:08 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-13 11:08 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-13 11:08 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-13 11:08 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-13 11:08 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-13 11:08 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-13 11:08 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-13 11:08 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-13 11:08 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-13 11:08 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-13 11:08 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-13 11:08 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-13 11:08 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-13 11:08 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-13 11:08 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-13 11:08 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-02-07 01:23 . 2014-03-13 11:08 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~2\Sony\SONICS~1\SsAAD.exe" [2007-02-05 476728]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"CamAppSTI.exe"="c:\program files (x86)\AVEO USB2.0 PC Camera\CamAppSTI.exe" [2009-01-04 28672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-06-04 162856]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2014-04-24 1810496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVEO;USB PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys;c:\windows\SYSNATIVE\DRIVERS\AVEOdcnt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
S0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FC65432756C619F5
*Deregistered* - fc65432756c619f5
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 17:22 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 13:25]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 07:32]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 07:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=7D54D724A51E68AFE99F44534D6FA371
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-93653250.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fc65432756c619f5]
"ImagePath"="\SystemRoot\System32\Drivers\fc65432756c619f5.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-07 20:06:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-07 18:06
ComboFix2.txt 2014-04-28 19:26
.
Vor Suchlauf: 17 Verzeichnis(se), 390.236.909.568 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 390.181.203.968 Bytes frei
.
- - End Of File - - 08DAB5DD8329B63834572456182DF4B4
|
|
07.05.2014, 20:13
| #15 |
| | Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung Noch ein paar Reste entfernen und Kontrollscans machen. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 ESET Online Scanner
Schritt 5 Starte noch einmal FRST.
|
|
| Themen zu Trojan:Win32/Necurs.A unter Windows 7 - Bitte um Hilfe zur Entfernung |
| desktop, dxgkrnl, entfernen, flash player, home, homepage, kaspersky, langsam, realtek, rootkit.necurs.go, security, software, super, svchost.exe, trojan:win32/necurs.a, trojaner, tunnel, usbvideo.sys, win32/schwarzesonne.ab.gen, win64/rootkit.kryptik.p, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
