| |
| |||||||
Log-Analyse und Auswertung: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.07.2014, 20:30
| #1 |
 |  Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Einen schönen guten Abend! Auch ich bin neu hier und hoffe, dass ich nicht allzuviel falsch mache. Man möge es mir verzeihen, ich tu mein bestes. Eine kurze Schilderung meines Problems: Seit ein paar Tagen bekomme ich von Antivir folgende Fundmeldung: TR/Crypt.EPack.20167 Ausserdem wurde der Echtzeit-Scanner von Antivir einfach lahm gelegt Der Schirm ist geschlossen und ich habe keine Möglichkeit diesen wieder aufzubekommen. Die File von Avira Code:
ATTFilter Exportierte Ereignisse:
05.07.2014 20:07 [System-Scanner] Malware gefunden
Die Datei
'C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.20167'
[trojan].
Durchgeführte Aktion(en):
Die Datei konnte nicht gelöscht werden!
Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche
Ursache: Zugriff verweigert
.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
04.07.2014 22:48 [System-Scanner] Malware gefunden
Die Datei
'C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.20167'
[trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche
Ursache: Die Syntax für den Dateinamen, Verzeichnisnamen oder die
Datenträgerbezeichnung ist falsch.
.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
04.07.2014 22:01 [System-Scanner] Malware gefunden
Die Datei
'C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.20167'
[trojan].
Durchgeführte Aktion(en):
Die Datei konnte nicht gelöscht werden!
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche
Ursache: Die Syntax für den Dateinamen, Verzeichnisnamen oder die
Datenträgerbezeichnung ist falsch.
.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
die Logfile von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 05.07.2014 Scan Time: 20:37:03 Logfile: mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.05.09 Rootkit Database: v2014.07.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Petra Scan Type: Threat Scan Result: Completed Objects Scanned: 271492 Time Elapsed: 7 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.FakeMS.ED, C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe, Quarantined, [faf348531f5c5cdaad92048540c16d93], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter OTL logfile created on: 05.07.2014 20:48:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petra\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,72% Memory free 7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,81 Gb Total Space | 110,68 Gb Free Space | 74,38% Space Free | Partition Type: NTFS Drive D: | 148,88 Gb Total Space | 140,42 Gb Free Space | 94,31% Space Free | Partition Type: NTFS Computer Name: PETRA-TOSH | User Name: Petra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Petra\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll () MOD - C:\Users\Petra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\de8525cc2e6327337e1c6917352bfe16\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e791f7aea04b8d379f6dbaadb5fdeb96\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e1adf6b481f5120153829fa54ee8a041\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\81282964925798589021d3e0e6de779f\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c69c5877e9c9033a6dc6dd35ef20a896\System.Data.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV:64bit: - (cfc5f97f2a26d049) -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (fptb) -- C:\Windows\SysNative\drivers\jhbwb.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (cfc5f97f2a26d049) -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\DRIVERS\rtl8192se.sys () DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys () DRV:64bit: - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys () DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\DRIVERS\stexstor.sys () DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys () DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {13BDDD78-C0FD-4305-B88B-FB85774CD20E} IE:64bit: - HKLM\..\SearchScopes\{13BDDD78-C0FD-4305-B88B-FB85774CD20E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0903EB8A-909A-424D-8AEE-1F3A4190026B} IE - HKLM\..\SearchScopes\{0903EB8A-909A-424D-8AEE-1F3A4190026B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/ IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes,DefaultScope = {0903EB8A-909A-424D-8AEE-1F3A4190026B} IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes\{88E2EDE3-79A1-41F8-873F-FCDEB8B3656F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes\{B994B10A-6731-49FB-B606-B5D30A86B333}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes\{CE5073C8-54DA-4E33-B360-4C75035313C7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/ IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {0903EB8A-909A-424D-8AEE-1F3A4190026B} IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{88E2EDE3-79A1-41F8-873F-FCDEB8B3656F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{B994B10A-6731-49FB-B606-B5D30A86B333}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{CE5073C8-54DA-4E33-B360-4C75035313C7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010.05.10 12:24:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.05.10 12:24:14 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-624067999-1713132423-900167343-1000..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5811A37-8141-4A57-B3AE-DDEAFABD2AB7}: DhcpNameServer = 192.168.10.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD67CB74-22FD-4DAE-887A-E076197FFC8A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.07.05 20:45:23 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\jhbwb.sys [2014.07.05 20:36:00 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.07.05 20:35:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe [2014.07.05 20:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.07.05 20:30:50 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.07.05 20:30:50 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.07.05 20:30:50 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.07.05 20:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.07.05 20:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.07.05 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Programs [2014.07.04 21:12:03 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2014.07.04 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Avira [2014.07.04 21:09:24 | 000,130,584 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2014.07.04 21:09:24 | 000,117,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014.07.04 21:09:24 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2014.07.04 21:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2014.07.04 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2014.07.04 21:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2014.07.04 21:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2014.07.03 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\Petra\Desktop\Unterlagen [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.07.05 20:45:23 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\jhbwb.sys [2014.07.05 20:36:15 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.07.05 20:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe [2014.07.05 20:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.07.05 20:30:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.07.05 20:21:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.07.05 20:21:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.07.05 20:20:42 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.07.05 20:20:42 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.07.05 20:20:42 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.07.05 20:20:42 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.07.05 20:20:42 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.07.05 20:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.07.05 20:13:15 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys [2014.07.04 21:10:46 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2014.07.04 21:07:16 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk [2014.06.24 20:39:06 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2014.06.24 20:39:06 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014.06.24 20:39:06 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2014.06.23 19:18:10 | 000,042,944 | ---- | M] () -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys [2014.06.16 08:08:34 | 443,683,667 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.07.05 20:30:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.07.04 21:07:16 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk [2014.06.23 19:18:10 | 000,042,944 | ---- | C] () -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys [2012.08.26 16:00:12 | 000,004,096 | -H-- | C] () -- C:\Users\Petra\AppData\Local\keyfile3.drm ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.02.18 10:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.12.03 09:26:15 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Toshiba ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.07.2014 20:48:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petra\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,72% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 110,68 Gb Free Space | 74,38% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 140,42 Gb Free Space | 94,31% Space Free | Partition Type: NTFS
Computer Name: PETRA-TOSH | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{109B2C6C-AB7F-443C-8E3E-7A434D2C9955}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{276A1D66-C895-4206-B097-2D96039CFF38}" = lport=445 | protocol=6 | dir=in | app=system |
"{2DAC4AB2-DEA7-47E6-AB78-C6C1E6D19D04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E667582-C38C-4DDE-965B-4B793FABF16B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FEC5994-BAB2-40DA-8E7C-F01EAC6F2504}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53635898-6D8F-4537-B448-1B0756D0ED15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{602E4E88-B29A-4528-B324-2149657E288E}" = lport=139 | protocol=6 | dir=in | app=system |
"{64F068D4-593B-4063-A418-734046617E11}" = rport=137 | protocol=17 | dir=out | app=system |
"{873051A5-FF79-4119-B8A1-F1CD35BD07F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8809638D-8BFF-4E5E-8426-2E740195BE1D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C9CFCD7-4EA5-421B-B316-796F62C6F44C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A025E06D-4B1B-45FD-B5CD-1B7A372970E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A676B5C7-6B83-443B-8BB3-0B6C7B4FB159}" = lport=138 | protocol=17 | dir=in | app=system |
"{AAB3A406-B493-4D1D-88C0-1F5CC9296CD2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD55B909-D6FF-4059-93A7-1F2750E4C207}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B63DC4A8-8F3D-4F83-B349-ACF17CF1CA34}" = rport=138 | protocol=17 | dir=out | app=system |
"{B892C93C-C85C-4067-B1BA-055319B8985D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C2910B00-6A9F-4D4C-99AD-DE094656917E}" = lport=137 | protocol=17 | dir=in | app=system |
"{D11AEF6B-F864-4E79-BE5A-543D7D117598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D56541F3-C524-4552-BE75-FB429A0CB469}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6B08C18-6BAD-4B6C-8FF8-76A9C86A5F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E319E632-8AF1-48E9-AA66-DE1408E3E554}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6648022-02B6-49CF-9CD9-EB5EE5C6120A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F14BCC1B-FDED-45A5-9A10-075800ACEBF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE23F89F-EC21-40B0-B135-12619A497178}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE883B3-4B7C-4CC6-9D5F-9DB8C439EBFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{104F8583-FC33-4A0F-AD3B-21A07A3FFB2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10912587-6A6B-476E-96B8-0CB66A531C38}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24C31B07-D943-4C8F-BB28-558A0C804B9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30719CDF-EE6E-4FB8-9BED-D9E1D9275BFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3FA4838E-48F7-47BC-A7E8-35E694405C0F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{486ADA0E-5FA4-4C00-BA8E-4B91CD91D841}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5511310E-F968-4BC3-9F73-468D98E2A6EB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CE520AD-6076-4352-89B5-F8111BB6E7E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{888CBF6E-8FFB-42D3-896A-94315AF9620E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9039DCE0-4CDB-402D-8D2E-C8A8C851793A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9EC4F112-0C4D-4332-B15A-2F6CBF7C5DA9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A8FCF0F8-D2DB-488C-82A0-A613563956F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1C1FCB2-527F-4595-8393-F0349181289D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2497EF8-3948-46B3-A9B4-3041F75C2479}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C50ED391-CD10-4B7F-AC14-5563CD6A1F6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBD58DA6-69E5-40E3-B812-E29C8E0F0AC2}" = dir=out | name=core networking - system ip core |
"{D6B7A3FB-A3C7-4E29-BEA7-09196C9F8BF0}" = dir=in | name=core networking - system ip core |
"{D79186DE-CDAB-43CC-9E83-C93BC379EE39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E3B14D8C-A422-4561-9C7F-DF85FA5D685B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB26434B-88D7-4B16-AD13-32941CF129E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF494F9F-404E-42B2-BFAA-D64F98F58FA4}" = protocol=6 | dir=out | app=system |
"{F44875D8-E5D5-48D5-93C6-40DD3423DE81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F527B875-C53D-42BD-B179-E886C2FCE362}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F692D3B6-6178-491F-B4D6-127291FA14D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61D4B846-49F8-2639-A4EB-977875265F37}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89505FE0-A07E-928A-42F4-DA1B2788C01B}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}" = CCC Help Korean
"{04DE4606-6C76-A25C-BD13-646479CE1A5C}" = CCC Help Russian
"{058E65E2-AFC2-8974-43A2-1EA5A4A53471}" = ccc-core-static
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A81056-303F-A212-191D-35310DE5759F}" = CCC Help English
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0AA381AC-7BBB-5B29-836C-5E13BB91154A}" = CCC Help Hungarian
"{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}" = Catalyst Control Center Localization All
"{162E46EB-F7C6-4B01-2384-349980B3F1BF}" = Catalyst Control Center Core Implementation
"{16622EEF-D159-3EB8-0EE3-F01B98317CED}" = CCC Help Swedish
"{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}" = TOSHIBA ConfigFree
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C0526C4-478A-9066-F37A-E58F08A21FE9}" = Catalyst Control Center Graphics Full New
"{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}" = CCC Help Danish
"{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}" = CCC Help French
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24642C6B-1F1F-362F-6A7F-14C75C9EE603}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{313B4B6B-61B3-5F70-647B-E6285A9D81DF}" = CCC Help Spanish
"{3264BE02-6AC0-96B3-A212-392A850D58CA}" = CCC Help German
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{356ECF26-71E8-4F4A-A197-59C91657DD43}" = Avira
"{35a33a96-0edd-4bcb-ab72-e736eb49ef5d}" = Nero 9 Essentials
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CB58AB7-6750-F510-F055-27FA68D77472}" = CCC Help Dutch
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{53007195-C491-23E9-D420-EDAB61E57609}" = CCC Help Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}" = Catalyst Control Center Graphics Full Existing
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A8941B-6E97-B11C-1B10-C3370E4CC885}" = Catalyst Control Center Graphics Previews Common
"{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}" = CCC Help Chinese Traditional
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6CDB6681-B777-4DAD-412E-7933B9296850}" = CCC Help Greek
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}" = Catalyst Control Center InstallProxy
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85010422-4932-6A9E-C222-A994DA299C81}" = CCC Help Portuguese
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}" = Avira
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}" = CCC Help Norwegian
"{9C6210BC-CF1C-E637-C74D-28612585CAD9}" = CCC Help Chinese Standard
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}" = CCC Help Italian
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BA28817B-738A-9284-D3D6-E973982AEF3B}" = Catalyst Control Center Graphics Previews Vista
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C58362EF-CABB-B475-065B-FD07C0D49770}" = CCC Help Czech
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}" = CCC Help Japanese
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E616437B-CE55-B463-ED6B-408E29A073CB}" = CCC Help Finnish
"{E718AAF4-CB80-9649-347E-C9A9803BE6D0}" = CCC Help Thai
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}" = Catalyst Control Center Graphics Light
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FF2609E3-194C-44DB-A34F-20D02103B5F1}" = Bing Bar Platform
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083890" = Zuma Deluxe
"WT083910" = Jewel Quest II
"WT083916" = Diner Dash 2 Restaurant Rescue
"WT083925" = Plants vs. Zombies
"WT083929" = Bejeweled 2 Deluxe
"WT083945" = FATE
"WT083958" = Penguins!
"WT083959" = Polar Bowler
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.04.2013 09:24:10 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 28.04.2013 08:09:29 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000773f
ID
des fehlerhaften Prozesses: 0x3d4 Startzeit der fehlerhaften Anwendung: 0x01ce4307958fdbc1
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 79ff4f82-affc-11e2-9d74-00266c936d90
Error - 28.04.2013 23:54:17 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001909a
ID
des fehlerhaften Prozesses: 0x4ec Startzeit der fehlerhaften Anwendung: 0x01ce44093d3d3f78
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 76ac84b5-b080-11e2-9d74-00266c936d90
Error - 29.04.2013 00:56:37 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000016092
ID
des fehlerhaften Prozesses: 0x13c8 Startzeit der fehlerhaften Anwendung: 0x01ce448d397d8072
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 2bdd5b51-b089-11e2-9d74-00266c936d90
Error - 06.05.2013 06:56:18 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.6568.0,
Zeitstempel: 0x42e178a5 Name des fehlerhaften Moduls: mso.dll, Version: 11.0.6568.0,
Zeitstempel: 0x42e18ef6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0020cc83 ID des fehlerhaften
Prozesses: 0x1a68 Startzeit der fehlerhaften Anwendung: 0x01ce4a4843bccbbf Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Microsoft Shared\office11\mso.dll
Berichtskennung:
93a6995f-b63b-11e2-8689-00266c936d90
Error - 06.05.2013 06:57:37 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.6568.0,
Zeitstempel: 0x42e178a5 Name des fehlerhaften Moduls: mso.dll, Version: 11.0.6568.0,
Zeitstempel: 0x42e18ef6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dac ID des fehlerhaften
Prozesses: 0x18ac Startzeit der fehlerhaften Anwendung: 0x01ce4a485e91b4bf Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Microsoft Shared\office11\mso.dll
Berichtskennung:
c3140af6-b63b-11e2-8689-00266c936d90
Error - 06.05.2013 07:37:32 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.6565.0,
Zeitstempel: 0x42cacc7d Name des fehlerhaften Moduls: OUTLLIB.dll, Version: 11.0.6568.0,
Zeitstempel: 0x42e176f8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00025c6b ID des fehlerhaften
Prozesses: 0x19e8 Startzeit der fehlerhaften Anwendung: 0x01ce4a4cc39b2412 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLLIB.dll
Berichtskennung:
5697a163-b641-11e2-8689-00266c936d90
Error - 08.05.2013 09:05:17 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.05.2013 09:05:40 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 08.05.2013 09:05:58 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 10.05.2013 00:47:46 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000016092
ID
des fehlerhaften Prozesses: 0x3ac Startzeit der fehlerhaften Anwendung: 0x01ce4d312a50e64b
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: c1ada33f-b92c-11e2-a899-00266c936d90
[ System Events ]
Error - 05.07.2014 13:35:33 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2014 13:35:33 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2014 13:35:33 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2014 13:36:51 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2014 13:37:08 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2014 14:09:07 | Computer Name = Petra-TOSH | Source = DCOM | ID = 10005
Description =
Error - 05.07.2014 14:13:21 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 05.07.2014 14:14:05 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr
Error - 05.07.2014 14:36:00 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%31
Error - 05.07.2014 14:36:15 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%31
< End of report >
|
|
05.07.2014, 21:06
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.07.2014, 21:29
| #3 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 So ich habe deine Anweisungen befolgt:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by Petra (administrator) on PETRA-TOSH on 05-07-2014 22:24:51 Running from C:\Users\Petra\Desktop Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH) HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG) HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe [243032 2010-03-04] (Microsoft Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\S-1-5-21-624067999-1713132423-900167343-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = SearchScopes: HKCU - {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = SearchScopes: HKCU - {88E2EDE3-79A1-41F8-873F-FCDEB8B3656F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {B994B10A-6731-49FB-B606-B5D30A86B333} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010-05-10] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-05-10] ==================== Services (Whitelisted) ================= Locked "cfc5f97f2a26d049" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== S3 1394ohci; C:\Windows\system32\DRIVERS\1394ohci.sys [227840 2009-07-14] () [File not signed] R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] () [File not signed] S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] () [File not signed] S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] () [File not signed] S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] () [File not signed] S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] () [File not signed] R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] () [File not signed] S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] () [File not signed] S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] () [File not signed] S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] () [File not signed] S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] () [File not signed] S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] () [File not signed] R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6659072 2010-04-27] () [File not signed] R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [195584 2010-04-26] () [File not signed] S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] () [File not signed] S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] () [File not signed] S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] () [File not signed] R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] () [File not signed] S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] () [File not signed] S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed] S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed] S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed] R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] () [File not signed] S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6659072 2010-04-27] () [File not signed] S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG) S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed] S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed] U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed] R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed] R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] () [File not signed] S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed] S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed] S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed] S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed] S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed] S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed] S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed] S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed] R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] () [File not signed] U5 cfc5f97f2a26d049; C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys [42944 2014-06-23] () <===== ATTENTION Necurs Rootkit? S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed] R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed] R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed] S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] () [File not signed] R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] () [File not signed] R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT64.sys [724536 2010-03-31] () [File not signed] R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] () [File not signed] R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed] R3 CompositeBus; C:\Windows\system32\DRIVERS\CompositeBus.sys [38912 2009-07-14] () [File not signed] S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed] R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] () [File not signed] R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed] R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed] S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed] R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2009-10-02] () [File not signed] S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed] S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed] S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] () [File not signed] S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed] S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed] S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed] R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed] S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] () [File not signed] U0 fptb; C:\Windows\System32\drivers\jhbwb.sys [79064 2014-07-05] (Malwarebytes Corporation) S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed] U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] () [File not signed] R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] () [File not signed] R3 FwLnk; C:\Windows\system32\DRIVERS\FwLnk.sys [9216 2009-07-07] () [File not signed] S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed] S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed] S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] () [File not signed] R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] () [File not signed] R3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] () [File not signed] S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed] S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed] S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed] R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] () [File not signed] S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] () [File not signed] R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] () [File not signed] R3 i8042prt; C:\Windows\system32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed] R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [538136 2010-01-15] () [File not signed] S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] () [File not signed] S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed] S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] () [File not signed] S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] () [File not signed] S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed] S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] () [File not signed] S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] () [File not signed] R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed] S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] () [File not signed] R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153160 2009-12-11] () [File not signed] R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed] R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [75304 2010-02-22] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed] S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed] S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed] S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed] S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed] S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation) S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed] S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed] S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed] R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed] R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed] R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] () [File not signed] S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2010-02-27] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [286720 2010-02-27] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2010-02-27] () [File not signed] R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-14] () [File not signed] S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] () [File not signed] R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed] S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] () [File not signed] R1 mssmbios; C:\Windows\system32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] () [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] () [File not signed] R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] () [File not signed] S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] () [File not signed] S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] () [File not signed] R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] () [File not signed] R0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] () [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed] R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [35008 2009-06-22] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] () [File not signed] S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed] S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [232992 2010-02-01] () [File not signed] R3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1103904 2010-04-27] () [File not signed] S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] () [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-10-10] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed] R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [464896 2009-12-08] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162304 2009-12-08] () [File not signed] S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed] R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [316464 2010-03-10] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] () [File not signed] R3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [27784 2009-07-30] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] () [File not signed] R1 TermDD; C:\Windows\system32\DRIVERS\termdd.sys [62544 2009-07-14] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] () [File not signed] R0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] () [File not signed] R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [14472 2009-06-19] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] () [File not signed] S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] () [File not signed] S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] () [File not signed] R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51712 2009-12-04] () [File not signed] R3 usbhub; C:\Windows\system32\DRIVERS\usbhub.sys [343040 2009-12-04] () [File not signed] S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [25600 2009-07-14] () [File not signed] S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed] S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-14] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] () [File not signed] S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] () [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184576 2009-07-14] () [File not signed] R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] () [File not signed] S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] () [File not signed] R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed] R0 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed] S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed] R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] () [File not signed] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-05 22:24 - 2014-07-05 22:25 - 00039848 _____ () C:\Users\Petra\Desktop\FRST.txt 2014-07-05 22:24 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST 2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe 2014-07-05 21:11 - 2014-07-05 21:24 - 00004312 _____ () C:\Users\Petra\Desktop\AviraEreignisse.txt 2014-07-05 20:55 - 2014-07-05 20:55 - 00062576 _____ () C:\Users\Petra\Desktop\Extras2.Txt 2014-07-05 20:54 - 2014-07-05 20:54 - 00073740 _____ () C:\Users\Petra\Desktop\OTL2.Txt 2014-07-05 20:53 - 2014-07-05 20:53 - 00062576 _____ () C:\Users\Petra\Desktop\Extras.Txt 2014-07-05 20:52 - 2014-07-05 20:52 - 00073740 _____ () C:\Users\Petra\Desktop\OTL.Txt 2014-07-05 20:46 - 2014-07-05 20:46 - 00001151 _____ () C:\Users\Petra\Desktop\mbam.txt 2014-07-05 20:45 - 2014-07-05 20:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jhbwb.sys 2014-07-05 20:36 - 2014-07-05 20:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe 2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-05 20:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-05 20:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-05 20:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-04 21:12 - 2014-07-04 21:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira 2014-07-04 21:09 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-07-04 21:09 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-04 21:09 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-07-04 21:07 - 2014-07-04 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\ProgramData\Avira 2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-03 09:05 - 2014-07-03 09:15 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen 2014-06-23 19:18 - 2014-06-23 19:18 - 00042944 _____ () C:\Windows\system32\Drivers\cfc5f97f2a26d049.sys 2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp ==================== One Month Modified Files and Folders ======= 2014-07-05 22:25 - 2014-07-05 22:24 - 00039848 _____ () C:\Users\Petra\Desktop\FRST.txt 2014-07-05 22:24 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST 2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe 2014-07-05 22:20 - 2009-07-14 06:51 - 00319380 _____ () C:\Windows\setupact.log 2014-07-05 21:32 - 2012-06-18 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-05 21:24 - 2014-07-05 21:11 - 00004312 _____ () C:\Users\Petra\Desktop\AviraEreignisse.txt 2014-07-05 21:05 - 2011-12-02 06:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C71483C9-395E-4E5F-99DC-10583995EFF5} 2014-07-05 20:55 - 2014-07-05 20:55 - 00062576 _____ () C:\Users\Petra\Desktop\Extras2.Txt 2014-07-05 20:54 - 2014-07-05 20:54 - 00073740 _____ () C:\Users\Petra\Desktop\OTL2.Txt 2014-07-05 20:53 - 2014-07-05 20:53 - 00062576 _____ () C:\Users\Petra\Desktop\Extras.Txt 2014-07-05 20:52 - 2014-07-05 20:52 - 00073740 _____ () C:\Users\Petra\Desktop\OTL.Txt 2014-07-05 20:46 - 2014-07-05 20:46 - 00001151 _____ () C:\Users\Petra\Desktop\mbam.txt 2014-07-05 20:45 - 2014-07-05 20:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jhbwb.sys 2014-07-05 20:45 - 2010-11-12 19:32 - 00000000 ____D () C:\Windows\OemDrv 2014-07-05 20:36 - 2014-07-05 20:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe 2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-05 20:21 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-05 20:21 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-05 20:20 - 2009-07-14 19:58 - 00643866 _____ () C:\Windows\system32\perfh007.dat 2014-07-05 20:20 - 2009-07-14 19:58 - 00126394 _____ () C:\Windows\system32\perfc007.dat 2014-07-05 20:20 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-05 20:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-04 22:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-04 22:02 - 2011-12-02 06:30 - 00252320 _____ () C:\Windows\PFRO.log 2014-07-04 21:15 - 2010-11-12 19:11 - 01251337 _____ () C:\Windows\WindowsUpdate.log 2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira 2014-07-04 21:10 - 2014-07-04 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-04 21:10 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Avira 2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-03 09:15 - 2014-07-03 09:05 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen 2014-06-24 20:39 - 2014-07-04 21:09 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-06-24 20:39 - 2014-07-04 21:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-24 20:39 - 2014-07-04 21:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-06-23 19:18 - 2014-06-23 19:18 - 00042944 _____ () C:\Windows\system32\Drivers\cfc5f97f2a26d049.sys 2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp 2014-06-16 08:08 - 2011-12-11 19:40 - 443683667 _____ () C:\Windows\MEMORY.DMP 2014-06-16 08:08 - 2011-12-11 19:40 - 00000000 ____D () C:\Windows\Minidump Some content of TEMP: ==================== C:\Users\Petra\AppData\Local\Temp\AskSLib.dll C:\Users\Petra\AppData\Local\Temp\avgnt.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate02.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate03.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate04.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate05.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate06.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate07.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate08.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate09.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate10.exe C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate11.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys [2009-07-14 01:20] - [2009-07-14 03:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION! testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-07-01 10:40 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Petra at 2014-07-05 22:25:16
Running from C:\Users\Petra\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version: - Amazon EU S.a.r.L.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1401.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 5.0.1399.0 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0426.2136.36953 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help English (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help French (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help German (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0426.2136.36953 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 2.0.271.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Nero 9 Essentials (HKLM-x32\...\{35a33a96-0edd-4bcb-ab72-e736eb49ef5d}) (Version: - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero Express Help (x32 Version: 9.4.34.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.25002 - Nero AG)
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.34.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Photo Service - powered by myphotobook (x32 Version: 1.0.7 - myphotobook GmbH) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.152 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}) (Version: 8.0.29 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {27C27DD4-C68A-4ED0-86E0-52EB04A61BC2} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {DEB799E3-76C2-4E97-9052-3A6C656EEC58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2009-07-14 01:19 - 2009-07-14 03:40 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-03-17 17:01 - 2010-03-17 17:01 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-03-09 14:31 - 2010-03-09 14:31 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-10 12:06 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-12 19:16 - 2010-11-12 19:16 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-30 12:05 - 2014-06-30 12:05 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-04 21:10 - 2014-06-30 12:08 - 00049744 _____ () C:\Users\Petra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: avkmgr
Description: avkmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: avkmgr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0xD0000022
6.1.7600.16385
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x13f4
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3
Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (07/05/2014 10:21:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%5
Error: (07/05/2014 08:36:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/05/2014 08:36:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/05/2014 08:14:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
avkmgr
Error: (07/05/2014 08:13:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/05/2014 08:09:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MDM{0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error: (07/05/2014 07:37:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/05/2014 07:36:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/05/2014 07:35:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/05/2014 07:35:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7600.16385
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d6e801cf988e8aa72017C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc908938c-0481-11e4-acf2-00266c936d90
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d13f401cf988e8a9d9a95C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc906322b-0481-11e4-acf2-00266c936d90
Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
CodeIntegrity Errors:
===================================
Date: 2014-06-23 19:17:42.923
Description: N/A
Date: 2014-06-23 19:17:42.912
Description: N/A
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3958.84 MB
Available physical RAM: 2282.5 MB
Total Pagefile: 7915.83 MB
Available Pagefile: 5910 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:148.81 GB) (Free:110.64 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.88 GB) (Free:140.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 316FAB32)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
05.07.2014, 21:37
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Hi, Code:
ATTFilter Locked "cfc5f97f2a26d049" service could not be unlocked.
U5 cfc5f97f2a26d049; C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys [42944 2014-06-23]
Wir machen so weiter: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.07.2014, 22:00
| #5 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Hi, leider kann ich den scan nicht durchführen. Ich bekomme die Meldung: DDA Driver is not active. |
|
05.07.2014, 22:11
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Mhmmm.... Wir haben noch mehr Pfeile im Köcher  Lade Dir bitte die exe-Datei runter. Evtl. Funde erstmal bitte "skippen".  Rootkit-Entfernung mit TDSS  illerSchritt 1 Lade Dir von hier TDSSKiller herunter und speichere die TDSSKiller.exe auf dem Desktop.  Schritt 2 Starte TDSSKiller mit einem Doppelklick und bestätige die Meldung der Benutzerkontensteuerung mit "Ja". TDSSKiller startet nun und sucht nach Updates. Sollte ein Update zur Verfügung stehen, klicke auf "Load Update".    Es wird die neueste Version heruntergeladen. Entpacke die Archivdatei auf dem Desktop. Öffne den Ordner und starte die TDSSKiller.exe (Analog Schritt 2) Schritt 3 Bestätige die nachfolgenden Vereinbarungen mit "Accept" bis Du zur Programmoberfläche gelangst.   Klicke nun auf der Programmoberfläche auf "Change parameters" und setze die Haken unter "Additional options" wie auf dem Bild gezeigt und bestätige mit OK.   Schritt 4 Klicke nun auf "Start scan" und der Suchlauf wird gestartet.  Szenario 1: TDSSKiller findet keine Rootkits In diesem Fall oben rechts auf "Report" klicken. Den Inhalt des Textdateifensters mit "STRG+A" markieren, "STRG+C" kopiert den Text in den Zwischenspeicher. Mit "STRG+V" kann der Text dann in Code-Tags als Antwort in den Thread gepostet werden.  Szenario 2: TDSSKiller findet Rootkits In diesem Fall bitte unbedingt die Anweisungen der Helfer beachten. In der Regel wird nach dem ersten Scan immer "Skip" ausgewählt und mit "Continue" bestätigt. Anschließend dem Helfer über "Report" den Scanbericht posten. 
__________________ --> Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 |
|
05.07.2014, 22:45
| #7 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Teil1 Code:
ATTFilter 23:15:27.0286 0x0ce8 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
23:15:27.0473 0x0ce8 ============================================================
23:15:27.0473 0x0ce8 Current date / time: 2014/07/05 23:15:27.0473
23:15:27.0473 0x0ce8 SystemInfo:
23:15:27.0473 0x0ce8
23:15:27.0473 0x0ce8 OS Version: 6.1.7600 ServicePack: 0.0
23:15:27.0473 0x0ce8 Product type: Workstation
23:15:27.0473 0x0ce8 ComputerName: PETRA-TOSH
23:15:27.0473 0x0ce8 UserName: Petra
23:15:27.0473 0x0ce8 Windows directory: C:\Windows
23:15:27.0473 0x0ce8 System windows directory: C:\Windows
23:15:27.0473 0x0ce8 Running under WOW64
23:15:27.0473 0x0ce8 Processor architecture: Intel x64
23:15:27.0473 0x0ce8 Number of processors: 2
23:15:27.0473 0x0ce8 Page size: 0x1000
23:15:27.0473 0x0ce8 Boot type: Normal boot
23:15:27.0473 0x0ce8 ============================================================
23:15:27.0489 0x0ce8 BG loaded
23:15:28.0831 0x0ce8 System UUID: {9F2D0982-1853-3994-21CC-0E64B3CCC0DB}
23:15:31.0602 0x0ce8 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:15:31.0602 0x0ce8 ============================================================
23:15:31.0602 0x0ce8 \Device\Harddisk0\DR0:
23:15:31.0602 0x0ce8 MBR partitions:
23:15:31.0602 0x0ce8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x129A1000
23:15:31.0602 0x0ce8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A69800, BlocksNum 0x129C4AB0
23:15:31.0602 0x0ce8 ============================================================
23:15:32.0086 0x0ce8 C: <-> \Device\Harddisk0\DR0\Partition1
23:15:37.0015 0x0ce8 D: <-> \Device\Harddisk0\DR0\Partition2
23:15:37.0015 0x0ce8 ============================================================
23:15:37.0015 0x0ce8 Initialize success
23:15:37.0015 0x0ce8 ============================================================
23:17:19.0452 0x07b0 ============================================================
23:17:19.0452 0x07b0 Scan started
23:17:19.0452 0x07b0 Mode: Manual; SigCheck; TDLFS;
23:17:19.0452 0x07b0 ============================================================
23:17:19.0452 0x07b0 KSN ping started
23:17:22.0072 0x07b0 KSN ping finished: true
23:17:24.0038 0x07b0 ================ Scan system memory ========================
23:17:24.0038 0x07b0 System memory - ok
23:17:24.0054 0x07b0 ================ Scan services =============================
23:17:24.0272 0x07b0 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:17:24.0366 0x07b0 1394ohci - ok
23:17:24.0412 0x07b0 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:17:24.0444 0x07b0 ACPI - ok
23:17:24.0475 0x07b0 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:17:24.0568 0x07b0 AcpiPmi - ok
23:17:24.0724 0x07b0 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:17:24.0756 0x07b0 AdobeFlashPlayerUpdateSvc - ok
23:17:24.0818 0x07b0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:17:24.0849 0x07b0 adp94xx - ok
23:17:24.0880 0x07b0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:17:24.0912 0x07b0 adpahci - ok
23:17:24.0927 0x07b0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:17:24.0943 0x07b0 adpu320 - ok
23:17:24.0990 0x07b0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:17:25.0114 0x07b0 AeLookupSvc - ok
23:17:25.0192 0x07b0 [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD C:\Windows\system32\drivers\afd.sys
23:17:25.0270 0x07b0 AFD - ok
23:17:25.0348 0x07b0 [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
23:17:25.0426 0x07b0 AgereSoftModem - ok
23:17:25.0458 0x07b0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:17:25.0473 0x07b0 agp440 - ok
23:17:25.0504 0x07b0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:17:25.0551 0x07b0 ALG - ok
23:17:25.0582 0x07b0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:17:25.0582 0x07b0 aliide - ok
23:17:25.0645 0x07b0 [ 61A18BCAF557CD6614309E4978B81056, 4481B4276E7F6790D7BF4D9DC3C172BCA037BF6A30D5CE4E0190585F669FA4EC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:17:25.0707 0x07b0 AMD External Events Utility - ok
23:17:25.0754 0x07b0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:17:25.0770 0x07b0 amdide - ok
23:17:25.0832 0x07b0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:17:25.0894 0x07b0 AmdK8 - ok
23:17:26.0191 0x07b0 [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:26.0503 0x07b0 amdkmdag - ok
23:17:26.0550 0x07b0 [ ED25D58581B5A28593C277F482FCCD62, EC20DF155BA3814A052DD4DB1B5C220A75E68B9D88518ED676A12CF70AF619F5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:17:26.0596 0x07b0 amdkmdap - ok
23:17:26.0612 0x07b0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:17:26.0659 0x07b0 AmdPPM - ok
23:17:26.0721 0x07b0 [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:17:26.0737 0x07b0 amdsata - ok
23:17:26.0768 0x07b0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:17:26.0784 0x07b0 amdsbs - ok
23:17:26.0815 0x07b0 [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:17:26.0830 0x07b0 amdxata - ok
23:17:27.0080 0x07b0 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:17:27.0111 0x07b0 AntiVirSchedulerService - ok
23:17:27.0174 0x07b0 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:17:27.0189 0x07b0 AntiVirService - ok
23:17:27.0236 0x07b0 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
23:17:27.0330 0x07b0 AppID - ok
23:17:27.0361 0x07b0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:17:27.0454 0x07b0 AppIDSvc - ok
23:17:27.0486 0x07b0 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
23:17:27.0564 0x07b0 Appinfo - ok
23:17:27.0595 0x07b0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:17:27.0610 0x07b0 arc - ok
23:17:27.0673 0x07b0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:17:27.0704 0x07b0 arcsas - ok
23:17:27.0720 0x07b0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:17:27.0798 0x07b0 AsyncMac - ok
23:17:27.0844 0x07b0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:17:27.0844 0x07b0 atapi - ok
23:17:28.0266 0x07b0 [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:28.0531 0x07b0 atikmdag - ok
23:17:29.0358 0x07b0 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:17:29.0701 0x07b0 AudioEndpointBuilder - ok
23:17:30.0855 0x07b0 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:17:30.0949 0x07b0 AudioSrv - ok
23:17:30.0996 0x07b0 [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:17:31.0027 0x07b0 avgntflt - ok
23:17:31.0058 0x07b0 [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:17:31.0074 0x07b0 avipbb - ok
23:17:31.0276 0x07b0 [ BC38AB90A166625BA160941D64906A65, 005E3CBB6F3ED8748B6A69DD5D0A8894973344F603CB6E46B551AB028119D8DC ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
23:17:31.0292 0x07b0 Avira.OE.ServiceHost - ok
23:17:31.0323 0x07b0 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:17:31.0339 0x07b0 avkmgr - ok
23:17:31.0370 0x07b0 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:17:31.0432 0x07b0 AxInstSV - ok
23:17:31.0495 0x07b0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:17:31.0557 0x07b0 b06bdrv - ok
23:17:31.0588 0x07b0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:17:31.0620 0x07b0 b57nd60a - ok
23:17:31.0666 0x07b0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:17:31.0713 0x07b0 BDESVC - ok
23:17:31.0744 0x07b0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:17:31.0807 0x07b0 Beep - ok
23:17:31.0900 0x07b0 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
23:17:31.0963 0x07b0 BFE - ok
23:17:32.0025 0x07b0 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
23:17:32.0119 0x07b0 BITS - ok
23:17:32.0150 0x07b0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:17:32.0181 0x07b0 blbdrive - ok
23:17:32.0197 0x07b0 [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:17:32.0259 0x07b0 bowser - ok
23:17:32.0290 0x07b0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:17:32.0322 0x07b0 BrFiltLo - ok
23:17:32.0337 0x07b0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:17:32.0353 0x07b0 BrFiltUp - ok
23:17:32.0368 0x07b0 [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser C:\Windows\System32\browser.dll
23:17:32.0446 0x07b0 Browser - ok
23:17:32.0462 0x07b0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:17:32.0493 0x07b0 Brserid - ok
23:17:32.0509 0x07b0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:17:32.0540 0x07b0 BrSerWdm - ok
23:17:32.0571 0x07b0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:17:32.0602 0x07b0 BrUsbMdm - ok
23:17:32.0602 0x07b0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:17:32.0634 0x07b0 BrUsbSer - ok
23:17:32.0649 0x07b0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:17:32.0696 0x07b0 BTHMODEM - ok
23:17:32.0727 0x07b0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:17:32.0790 0x07b0 bthserv - ok
23:17:32.0821 0x07b0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:17:32.0868 0x07b0 cdfs - ok
23:17:32.0899 0x07b0 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:17:32.0930 0x07b0 cdrom - ok
23:17:32.0961 0x07b0 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
23:17:33.0024 0x07b0 CertPropSvc - ok
23:17:33.0039 0x07b0 Suspicious service (NoAccess): cfc5f97f2a26d049
23:17:33.0055 0x07b0 [ FDD39022F97C37337AEFE97E23BB0B7F, 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5 ] cfc5f97f2a26d049 C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys
23:17:33.0055 0x07b0 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys. md5: FDD39022F97C37337AEFE97E23BB0B7F, sha256: 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5
23:17:33.0070 0x07b0 cfc5f97f2a26d049 - detected Rootkit.Win32.Necurs.gen ( 0 )
23:17:35.0598 0x07b0 cfc5f97f2a26d049 ( Rootkit.Win32.Necurs.gen ) - infected
23:17:35.0598 0x07b0 Force sending object to P2P due to detect: cfc5f97f2a26d049
23:17:38.0156 0x07b0 Object send P2P result: true
23:17:40.0870 0x07b0 [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:17:40.0902 0x07b0 cfWiMAXService - ok
23:17:40.0933 0x07b0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:17:40.0980 0x07b0 circlass - ok
23:17:41.0042 0x07b0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
23:17:41.0089 0x07b0 CLFS - ok
23:17:41.0151 0x07b0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:41.0167 0x07b0 clr_optimization_v2.0.50727_32 - ok
23:17:41.0214 0x07b0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:17:41.0229 0x07b0 clr_optimization_v2.0.50727_64 - ok
23:17:41.0276 0x07b0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:17:41.0292 0x07b0 CmBatt - ok
23:17:41.0307 0x07b0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:17:41.0323 0x07b0 cmdide - ok
23:17:41.0370 0x07b0 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG C:\Windows\system32\Drivers\cng.sys
23:17:41.0401 0x07b0 CNG - ok
23:17:41.0479 0x07b0 [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:17:41.0510 0x07b0 CnxtHdAudService - ok
23:17:41.0541 0x07b0 [ 89C99AB4AE9535F727791592D84D4821, 4DE537467CC39BF3532EDDA3FE0F054654B369D8BBA8B3356FA7D2E8CB374493 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys
23:17:41.0572 0x07b0 CnxtHdmiAudService - ok
23:17:41.0604 0x07b0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:17:41.0619 0x07b0 Compbatt - ok
23:17:41.0650 0x07b0 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:17:41.0682 0x07b0 CompositeBus - ok
23:17:41.0682 0x07b0 COMSysApp - ok
23:17:41.0728 0x07b0 [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:17:41.0728 0x07b0 ConfigFree Service - ok
23:17:41.0744 0x07b0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:17:41.0760 0x07b0 crcdisk - ok
23:17:41.0806 0x07b0 [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:17:41.0869 0x07b0 CryptSvc - ok
23:17:41.0916 0x07b0 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:17:41.0994 0x07b0 DcomLaunch - ok
23:17:42.0040 0x07b0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:17:42.0103 0x07b0 defragsvc - ok
23:17:42.0134 0x07b0 [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:17:42.0196 0x07b0 DfsC - ok
23:17:42.0243 0x07b0 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:17:42.0306 0x07b0 Dhcp - ok
23:17:42.0337 0x07b0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:17:42.0384 0x07b0 discache - ok
23:17:42.0415 0x07b0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:17:42.0446 0x07b0 Disk - ok
23:17:42.0493 0x07b0 [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:17:42.0571 0x07b0 Dnscache - ok
23:17:42.0618 0x07b0 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
23:17:42.0680 0x07b0 dot3svc - ok
23:17:42.0696 0x07b0 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
23:17:42.0742 0x07b0 DPS - ok
23:17:42.0789 0x07b0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:17:42.0820 0x07b0 drmkaud - ok
23:17:42.0883 0x07b0 [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:17:42.0914 0x07b0 DXGKrnl - ok
23:17:42.0961 0x07b0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:17:43.0023 0x07b0 EapHost - ok
23:17:43.0164 0x07b0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:17:43.0413 0x07b0 ebdrv - ok
23:17:43.0444 0x07b0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
23:17:43.0476 0x07b0 EFS - ok
23:17:43.0538 0x07b0 [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:17:43.0616 0x07b0 ehRecvr - ok
23:17:43.0663 0x07b0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:17:43.0694 0x07b0 ehSched - ok
23:17:43.0741 0x07b0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:17:43.0772 0x07b0 elxstor - ok
23:17:43.0788 0x07b0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:17:43.0834 0x07b0 ErrDev - ok
23:17:43.0959 0x07b0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:17:44.0037 0x07b0 EventSystem - ok
23:17:44.0053 0x07b0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:17:44.0115 0x07b0 exfat - ok
23:17:44.0131 0x07b0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:17:44.0193 0x07b0 fastfat - ok
23:17:44.0271 0x07b0 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
23:17:44.0334 0x07b0 Fax - ok
23:17:44.0349 0x07b0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:17:44.0365 0x07b0 fdc - ok
23:17:44.0380 0x07b0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:17:44.0443 0x07b0 fdPHost - ok
23:17:44.0458 0x07b0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:17:44.0490 0x07b0 FDResPub - ok
23:17:44.0521 0x07b0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:17:44.0521 0x07b0 FileInfo - ok
23:17:44.0536 0x07b0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:17:44.0583 0x07b0 Filetrace - ok
23:17:44.0614 0x07b0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:17:44.0630 0x07b0 flpydisk - ok
23:17:44.0661 0x07b0 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:17:44.0677 0x07b0 FltMgr - ok
23:17:44.0739 0x07b0 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache C:\Windows\system32\FntCache.dll
23:17:44.0848 0x07b0 FontCache - ok
23:17:44.0911 0x07b0 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:17:44.0911 0x07b0 FontCache3.0.0.0 - ok
23:17:44.0926 0x07b0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:17:44.0942 0x07b0 FsDepends - ok
23:17:44.0973 0x07b0 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:17:44.0989 0x07b0 Fs_Rec - ok
23:17:45.0004 0x07b0 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:17:45.0004 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: B8B2A6E1558F8F5DE5CE431C5B2C7B09, sha256: 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3
23:17:45.0004 0x07b0 fvevol - detected LockedFile.Multi.Generic ( 1 )
23:17:47.0454 0x07b0 Detect skipped due to KSN trusted
23:17:47.0454 0x07b0 fvevol - ok
23:17:47.0532 0x07b0 [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
23:17:47.0563 0x07b0 FwLnk - ok
23:17:47.0594 0x07b0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:17:47.0594 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
23:17:47.0594 0x07b0 gagp30kx - detected LockedFile.Multi.Generic ( 1 )
23:17:50.0043 0x07b0 Detect skipped due to KSN trusted
23:17:50.0043 0x07b0 gagp30kx - ok
23:17:50.0168 0x07b0 [ 1A0B9D84BEB3306F728BC3009D432F5C, 66BCE24D679A312148141F55D0F10BD0F771261CC481B81D6921448CA77F0974 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
23:17:50.0199 0x07b0 GameConsoleService - ok
23:17:50.0246 0x07b0 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
23:17:50.0308 0x07b0 gpsvc - ok
23:17:50.0340 0x07b0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:17:50.0386 0x07b0 hcw85cir - ok
23:17:50.0433 0x07b0 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:17:50.0433 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12, sha256: 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5
23:17:50.0433 0x07b0 HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
23:17:52.0882 0x07b0 Detect skipped due to KSN trusted
23:17:52.0882 0x07b0 HdAudAddService - ok
23:17:52.0960 0x07b0 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:17:52.0960 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0A49913402747A0B67DE940FB42CBDBB, sha256: 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83
23:17:52.0960 0x07b0 HDAudBus - detected LockedFile.Multi.Generic ( 1 )
23:17:55.0394 0x07b0 Detect skipped due to KSN trusted
23:17:55.0394 0x07b0 HDAudBus - ok
23:17:55.0488 0x07b0 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:17:55.0488 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
23:17:55.0488 0x07b0 HECIx64 - detected LockedFile.Multi.Generic ( 1 )
23:17:57.0953 0x07b0 Detect skipped due to KSN trusted
23:17:57.0953 0x07b0 HECIx64 - ok
23:17:58.0015 0x07b0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:17:58.0015 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
23:17:58.0015 0x07b0 HidBatt - detected LockedFile.Multi.Generic ( 1 )
23:18:00.0449 0x07b0 Detect skipped due to KSN trusted
23:18:00.0449 0x07b0 HidBatt - ok
23:18:00.0495 0x07b0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:18:00.0495 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
23:18:00.0495 0x07b0 HidBth - detected LockedFile.Multi.Generic ( 1 )
23:18:02.0929 0x07b0 Detect skipped due to KSN trusted
23:18:02.0929 0x07b0 HidBth - ok
23:18:02.0976 0x07b0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:18:02.0976 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
23:18:02.0976 0x07b0 HidIr - detected LockedFile.Multi.Generic ( 1 )
23:18:05.0425 0x07b0 Detect skipped due to KSN trusted
23:18:05.0425 0x07b0 HidIr - ok
23:18:05.0472 0x07b0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:18:05.0550 0x07b0 hidserv - ok
23:18:05.0581 0x07b0 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:18:05.0581 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: B3BF6B5B50006DEF50B66306D99FCF6F, sha256: D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417
23:18:05.0581 0x07b0 HidUsb - detected LockedFile.Multi.Generic ( 1 )
23:18:08.0030 0x07b0 Detect skipped due to KSN trusted
23:18:08.0030 0x07b0 HidUsb - ok
23:18:08.0077 0x07b0 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
23:18:08.0155 0x07b0 hkmsvc - ok
23:18:08.0186 0x07b0 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:18:08.0217 0x07b0 HomeGroupListener - ok
23:18:08.0249 0x07b0 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:18:08.0280 0x07b0 HomeGroupProvider - ok
23:18:08.0342 0x07b0 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:18:08.0342 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886D440058F203EBA0E1825E4355914, sha256: BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070
23:18:08.0342 0x07b0 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
23:18:10.0791 0x07b0 Detect skipped due to KSN trusted
23:18:10.0791 0x07b0 HpSAMD - ok
23:18:10.0901 0x07b0 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:18:10.0901 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: CEE049CAC4EFA7F4E1E4AD014414A5D4, sha256: 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D
23:18:10.0901 0x07b0 HTTP - detected LockedFile.Multi.Generic ( 1 )
23:18:13.0334 0x07b0 Detect skipped due to KSN trusted
23:18:13.0334 0x07b0 HTTP - ok
23:18:13.0381 0x07b0 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:18:13.0381 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: F17766A19145F111856378DF337A5D79, sha256: FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62
23:18:13.0381 0x07b0 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
23:18:15.0846 0x07b0 Detect skipped due to KSN trusted
23:18:15.0846 0x07b0 hwpolicy - ok
23:18:15.0893 0x07b0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:18:15.0893 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
23:18:15.0893 0x07b0 i8042prt - detected LockedFile.Multi.Generic ( 1 )
23:18:19.0371 0x07b0 Detect skipped due to KSN trusted
23:18:19.0371 0x07b0 i8042prt - ok
23:18:19.0465 0x07b0 [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:18:19.0465 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 85977CD13FC16069CE0AF7943A811775, sha256: 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990
23:18:19.0481 0x07b0 iaStor - detected LockedFile.Multi.Generic ( 1 )
23:18:21.0930 0x07b0 Detect skipped due to KSN trusted
23:18:21.0930 0x07b0 iaStor - ok
23:18:21.0992 0x07b0 [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:18:21.0992 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorV.sys. md5: D83EFB6FD45DF9D55E9A1AFC63640D50, sha256: 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B
23:18:22.0008 0x07b0 iaStorV - detected LockedFile.Multi.Generic ( 1 )
23:18:24.0551 0x07b0 Detect skipped due to KSN trusted
23:18:24.0551 0x07b0 iaStorV - ok
23:18:24.0644 0x07b0 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:18:24.0675 0x07b0 idsvc - ok
23:18:24.0707 0x07b0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:18:24.0707 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
23:18:24.0707 0x07b0 iirsp - detected LockedFile.Multi.Generic ( 1 )
23:18:27.0140 0x07b0 Detect skipped due to KSN trusted
23:18:27.0140 0x07b0 iirsp - ok
23:18:27.0249 0x07b0 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
23:18:27.0327 0x07b0 IKEEXT - ok
23:18:27.0343 0x07b0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:18:27.0343 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
23:18:27.0359 0x07b0 intelide - detected LockedFile.Multi.Generic ( 1 )
23:18:29.0792 0x07b0 Detect skipped due to KSN trusted
23:18:29.0792 0x07b0 intelide - ok
23:18:29.0855 0x07b0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:18:29.0855 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
23:18:29.0855 0x07b0 intelppm - detected LockedFile.Multi.Generic ( 1 )
23:18:32.0304 0x07b0 Detect skipped due to KSN trusted
23:18:32.0304 0x07b0 intelppm - ok
23:18:32.0351 0x07b0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:18:32.0429 0x07b0 IPBusEnum - ok
23:18:32.0444 0x07b0 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:32.0444 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722DD294DF62483CECAAE6E094B4D695, sha256: 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0
23:18:32.0444 0x07b0 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
23:18:34.0909 0x07b0 Detect skipped due to KSN trusted
23:18:34.0909 0x07b0 IpFilterDriver - ok
23:18:34.0987 0x07b0 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:18:35.0049 0x07b0 iphlpsvc - ok
23:18:35.0081 0x07b0 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:18:35.0081 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: E2B4A4494DB7CB9B89B55CA268C337C5, sha256: C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB
23:18:35.0081 0x07b0 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
23:18:37.0514 0x07b0 Detect skipped due to KSN trusted
23:18:37.0514 0x07b0 IPMIDRV - ok
23:18:37.0577 0x07b0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:18:37.0577 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
23:18:37.0577 0x07b0 IPNAT - detected LockedFile.Multi.Generic ( 1 )
23:18:40.0026 0x07b0 Detect skipped due to KSN trusted
23:18:40.0026 0x07b0 IPNAT - ok
23:18:40.0088 0x07b0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:18:40.0088 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
23:18:40.0088 0x07b0 IRENUM - detected LockedFile.Multi.Generic ( 1 )
23:18:42.0537 0x07b0 Detect skipped due to KSN trusted
23:18:42.0537 0x07b0 IRENUM - ok
23:18:42.0584 0x07b0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:18:42.0584 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
23:18:42.0584 0x07b0 isapnp - detected LockedFile.Multi.Generic ( 1 )
23:18:45.0033 0x07b0 Detect skipped due to KSN trusted
23:18:45.0033 0x07b0 isapnp - ok
23:18:45.0111 0x07b0 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:18:45.0111 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: FA4D2557DE56D45B0A346F93564BE6E1, sha256: 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C
23:18:45.0111 0x07b0 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
23:18:47.0561 0x07b0 Detect skipped due to KSN trusted
23:18:47.0561 0x07b0 iScsiPrt - ok
23:18:47.0623 0x07b0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:18:47.0623 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
23:18:47.0623 0x07b0 kbdclass - detected LockedFile.Multi.Generic ( 1 )
23:18:50.0197 0x07b0 Detect skipped due to KSN trusted
23:18:50.0197 0x07b0 kbdclass - ok
23:18:50.0259 0x07b0 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:18:50.0259 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6DEF98F8541E1B5DCEB2C822A11F7323, sha256: F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D
23:18:50.0259 0x07b0 kbdhid - detected LockedFile.Multi.Generic ( 1 )
23:18:52.0709 0x07b0 Detect skipped due to KSN trusted
23:18:52.0709 0x07b0 kbdhid - ok
23:18:52.0755 0x07b0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
23:18:52.0787 0x07b0 KeyIso - ok
23:18:52.0833 0x07b0 [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:18:52.0833 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: E8B6FCC9C83535C67F835D407620BD27, sha256: 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870
23:18:52.0833 0x07b0 KSecDD - detected LockedFile.Multi.Generic ( 1 )
23:18:55.0267 0x07b0 Detect skipped due to KSN trusted
23:18:55.0267 0x07b0 KSecDD - ok
23:18:55.0361 0x07b0 [ A8C63880EF6F4D3FEC7B616B9C060215, 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:18:55.0361 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: A8C63880EF6F4D3FEC7B616B9C060215, sha256: 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA
23:18:55.0361 0x07b0 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
23:18:57.0794 0x07b0 Detect skipped due to KSN trusted
23:18:57.0794 0x07b0 KSecPkg - ok
23:18:57.0810 0x07b0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:18:57.0810 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
23:18:57.0810 0x07b0 ksthunk - detected LockedFile.Multi.Generic ( 1 )
23:19:00.0243 0x07b0 Detect skipped due to KSN trusted
23:19:00.0243 0x07b0 ksthunk - ok
23:19:00.0337 0x07b0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:19:00.0415 0x07b0 KtmRm - ok
23:19:00.0462 0x07b0 [ 55480B9C63F3F91A8EBBADCBF28FE581, 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
23:19:00.0462 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\L1C62x64.sys. md5: 55480B9C63F3F91A8EBBADCBF28FE581, sha256: 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293
23:19:00.0462 0x07b0 L1C - detected LockedFile.Multi.Generic ( 1 )
23:19:02.0895 0x07b0 Detect skipped due to KSN trusted
23:19:02.0895 0x07b0 L1C - ok
23:19:02.0973 0x07b0 [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer C:\Windows\system32\srvsvc.dll
23:19:03.0051 0x07b0 LanmanServer - ok
23:19:03.0083 0x07b0 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:19:03.0129 0x07b0 LanmanWorkstation - ok
23:19:03.0161 0x07b0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:19:03.0161 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
23:19:03.0161 0x07b0 lltdio - detected LockedFile.Multi.Generic ( 1 )
23:19:05.0594 0x07b0 Detect skipped due to KSN trusted
23:19:05.0594 0x07b0 lltdio - ok
23:19:05.0688 0x07b0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:19:05.0766 0x07b0 lltdsvc - ok
23:19:05.0781 0x07b0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:19:05.0813 0x07b0 lmhosts - ok
23:19:05.0891 0x07b0 [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:19:05.0891 0x07b0 LMS - ok
23:19:05.0953 0x07b0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:05.0953 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
23:19:05.0953 0x07b0 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
23:19:08.0387 0x07b0 Detect skipped due to KSN trusted
23:19:08.0387 0x07b0 LSI_FC - ok
23:19:08.0433 0x07b0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:08.0433 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
23:19:08.0433 0x07b0 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
23:19:10.0883 0x07b0 Detect skipped due to KSN trusted
23:19:10.0883 0x07b0 LSI_SAS - ok
23:19:10.0945 0x07b0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:10.0945 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
23:19:10.0945 0x07b0 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
23:19:13.0394 0x07b0 Detect skipped due to KSN trusted
23:19:13.0394 0x07b0 LSI_SAS2 - ok
23:19:13.0457 0x07b0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:13.0457 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
23:19:13.0457 0x07b0 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
23:19:15.0906 0x07b0 Detect skipped due to KSN trusted
23:19:15.0906 0x07b0 LSI_SCSI - ok
23:19:15.0968 0x07b0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:19:15.0968 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
23:19:15.0968 0x07b0 luafv - detected LockedFile.Multi.Generic ( 1 )
23:19:18.0417 0x07b0 Detect skipped due to KSN trusted
23:19:18.0417 0x07b0 luafv - ok
23:19:18.0511 0x07b0 [ B96CE1C01E17DA93AE6831587700B04B, 1C188D843A9A3DD87954494A6E57830FC6A413F587FC3DD7727368122126ADF1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:19:18.0527 0x07b0 MBAMSwissArmy - ok
23:19:18.0558 0x07b0 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:19:18.0605 0x07b0 Mcx2Svc - ok
23:19:18.0698 0x07b0 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:19:18.0729 0x07b0 MDM - ok
23:19:18.0745 0x07b0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:19:18.0745 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
23:19:18.0745 0x07b0 megasas - detected LockedFile.Multi.Generic ( 1 )
23:19:21.0179 0x07b0 Detect skipped due to KSN trusted
23:19:21.0179 0x07b0 megasas - ok
23:19:21.0241 0x07b0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:21.0241 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
23:19:21.0241 0x07b0 MegaSR - detected LockedFile.Multi.Generic ( 1 )
23:19:23.0690 0x07b0 Detect skipped due to KSN trusted
23:19:23.0690 0x07b0 MegaSR - ok
23:19:23.0721 0x07b0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:19:23.0784 0x07b0 MMCSS - ok
23:19:23.0799 0x07b0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:19:23.0799 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
23:19:23.0799 0x07b0 Modem - detected LockedFile.Multi.Generic ( 1 )
23:19:26.0514 0x07b0 Detect skipped due to KSN trusted
23:19:26.0514 0x07b0 Modem - ok
23:19:26.0576 0x07b0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:19:26.0576 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
23:19:26.0576 0x07b0 monitor - detected LockedFile.Multi.Generic ( 1 )
23:19:29.0025 0x07b0 Detect skipped due to KSN trusted
23:19:29.0025 0x07b0 monitor - ok
23:19:29.0088 0x07b0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:19:29.0088 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
23:19:29.0088 0x07b0 mouclass - detected LockedFile.Multi.Generic ( 1 )
23:19:31.0537 0x07b0 Detect skipped due to KSN trusted
23:19:31.0537 0x07b0 mouclass - ok
23:19:31.0584 0x07b0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:19:31.0584 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
23:19:31.0584 0x07b0 mouhid - detected LockedFile.Multi.Generic ( 1 )
23:19:34.0033 0x07b0 Detect skipped due to KSN trusted
23:19:34.0033 0x07b0 mouhid - ok
23:19:34.0095 0x07b0 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:19:34.0095 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 791AF66C4D0E7C90A3646066386FB571, sha256: BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42
23:19:34.0095 0x07b0 mountmgr - detected LockedFile.Multi.Generic ( 1 )
23:19:36.0529 0x07b0 Detect skipped due to KSN trusted
23:19:36.0529 0x07b0 mountmgr - ok
23:19:36.0576 0x07b0 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:19:36.0576 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609D1D87649ECC19796F4D76D4C15CEA, sha256: 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00
23:19:36.0576 0x07b0 mpio - detected LockedFile.Multi.Generic ( 1 )
23:19:39.0025 0x07b0 Detect skipped due to KSN trusted
23:19:39.0025 0x07b0 mpio - ok
23:19:39.0087 0x07b0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:19:39.0087 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
23:19:39.0087 0x07b0 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
23:19:41.0521 0x07b0 Detect skipped due to KSN trusted
23:19:41.0521 0x07b0 mpsdrv - ok
23:19:41.0630 0x07b0 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:19:41.0708 0x07b0 MpsSvc - ok
23:19:41.0724 0x07b0 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:19:41.0724 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261BB51D96D6FCBAC20C810183C, sha256: 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D
23:19:41.0724 0x07b0 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
23:19:44.0157 0x07b0 Detect skipped due to KSN trusted
23:19:44.0157 0x07b0 MRxDAV - ok
23:19:44.0204 0x07b0 [ 767A4C3BCF9410C286CED15A2DB17108, D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:44.0220 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 767A4C3BCF9410C286CED15A2DB17108, sha256: D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79
23:19:44.0220 0x07b0 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
23:19:46.0669 0x07b0 Detect skipped due to KSN trusted
23:19:46.0669 0x07b0 mrxsmb - ok
23:19:46.0747 0x07b0 [ 920EE0FF995FCFDEB08C41605A959E1C, 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:46.0747 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 920EE0FF995FCFDEB08C41605A959E1C, sha256: 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C
23:19:46.0747 0x07b0 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
23:19:49.0165 0x07b0 Detect skipped due to KSN trusted
23:19:49.0165 0x07b0 mrxsmb10 - ok
23:19:49.0212 0x07b0 [ 740D7EA9D72C981510A5292CF6ADC941, C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:49.0212 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 740D7EA9D72C981510A5292CF6ADC941, sha256: C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE
23:19:49.0212 0x07b0 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
23:19:51.0661 0x07b0 Detect skipped due to KSN trusted
23:19:51.0661 0x07b0 mrxsmb20 - ok
23:19:51.0677 0x07b0 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:19:51.0677 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5C37497276E3B3A5488B23A326A754B7, sha256: 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967
23:19:51.0677 0x07b0 msahci - detected LockedFile.Multi.Generic ( 1 )
23:19:54.0126 0x07b0 Detect skipped due to KSN trusted
23:19:54.0126 0x07b0 msahci - ok
23:19:54.0188 0x07b0 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:19:54.0188 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8D27B597229AED79430FB9DB3BCBFBD0, sha256: 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248
23:19:54.0188 0x07b0 msdsm - detected LockedFile.Multi.Generic ( 1 )
23:19:56.0638 0x07b0 Detect skipped due to KSN trusted
23:19:56.0638 0x07b0 msdsm - ok
23:19:56.0684 0x07b0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:19:56.0731 0x07b0 MSDTC - ok
23:19:56.0747 0x07b0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:19:56.0747 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
23:19:56.0747 0x07b0 Msfs - detected LockedFile.Multi.Generic ( 1 )
23:19:59.0196 0x07b0 Detect skipped due to KSN trusted
23:19:59.0196 0x07b0 Msfs - ok
23:19:59.0243 0x07b0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:19:59.0258 0x07b0 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
23:19:59.0258 0x07b0 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
23:20:01.0708 0x07b0 Detect skipped due to KSN trusted
23:20:01.0708 0x07b0 mshidkmdf - ok
23:20:01.0739 0x07b0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:20:01.0739 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
23:20:01.0739 0x07b0 msisadrv - detected LockedFile.Multi.Generic ( 1 )
23:20:04.0188 0x07b0 Detect skipped due to KSN trusted
23:20:04.0188 0x07b0 msisadrv - ok
23:20:04.0266 0x07b0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:20:04.0328 0x07b0 MSiSCSI - ok
23:20:04.0344 0x07b0 msiserver - ok
23:20:04.0360 0x07b0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:20:04.0360 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
23:20:04.0360 0x07b0 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
23:20:06.0809 0x07b0 Detect skipped due to KSN trusted
23:20:06.0809 0x07b0 MSKSSRV - ok
23:20:06.0871 0x07b0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:20:06.0871 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
23:20:06.0871 0x07b0 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
23:20:09.0320 0x07b0 Detect skipped due to KSN trusted
23:20:09.0320 0x07b0 MSPCLOCK - ok
23:20:09.0367 0x07b0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:20:09.0367 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
23:20:09.0367 0x07b0 MSPQM - detected LockedFile.Multi.Generic ( 1 )
23:20:11.0816 0x07b0 Detect skipped due to KSN trusted
23:20:11.0816 0x07b0 MSPQM - ok
23:20:11.0894 0x07b0 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:20:11.0894 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 89CB141AA8616D8C6A4610FA26C60964, sha256: 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC
23:20:11.0894 0x07b0 MsRPC - detected LockedFile.Multi.Generic ( 1 )
23:20:14.0422 0x07b0 Detect skipped due to KSN trusted
23:20:14.0422 0x07b0 MsRPC - ok
23:20:14.0468 0x07b0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:20:14.0468 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
23:20:14.0468 0x07b0 mssmbios - detected LockedFile.Multi.Generic ( 1 )
23:20:16.0918 0x07b0 Detect skipped due to KSN trusted
23:20:16.0918 0x07b0 mssmbios - ok
23:20:16.0980 0x07b0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:20:16.0980 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
23:20:16.0980 0x07b0 MSTEE - detected LockedFile.Multi.Generic ( 1 )
23:20:19.0429 0x07b0 Detect skipped due to KSN trusted
23:20:19.0429 0x07b0 MSTEE - ok
23:20:19.0460 0x07b0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:20:19.0460 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
23:20:19.0460 0x07b0 MTConfig - detected LockedFile.Multi.Generic ( 1 )
23:20:21.0925 0x07b0 Detect skipped due to KSN trusted
23:20:21.0925 0x07b0 MTConfig - ok
23:20:21.0988 0x07b0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:20:21.0988 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
23:20:21.0988 0x07b0 Mup - detected LockedFile.Multi.Generic ( 1 )
23:20:24.0437 0x07b0 Detect skipped due to KSN trusted
23:20:24.0437 0x07b0 Mup - ok
23:20:24.0515 0x07b0 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
23:20:24.0593 0x07b0 napagent - ok
23:20:24.0640 0x07b0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:20:24.0640 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
23:20:24.0655 0x07b0 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
23:20:27.0104 0x07b0 Detect skipped due to KSN trusted
23:20:27.0104 0x07b0 NativeWifiP - ok
23:20:27.0198 0x07b0 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
23:20:27.0198 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: CAD515DBD07D082BB317D9928CE8962C, sha256: 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E
23:20:27.0198 0x07b0 NDIS - detected LockedFile.Multi.Generic ( 1 )
23:20:29.0663 0x07b0 Detect skipped due to KSN trusted
23:20:29.0663 0x07b0 NDIS - ok
23:20:29.0694 0x07b0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:20:29.0694 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
23:20:29.0694 0x07b0 NdisCap - detected LockedFile.Multi.Generic ( 1 )
23:20:32.0159 0x07b0 Detect skipped due to KSN trusted
23:20:32.0159 0x07b0 NdisCap - ok
23:20:32.0206 0x07b0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:20:32.0206 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
23:20:32.0206 0x07b0 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
23:20:34.0655 0x07b0 Detect skipped due to KSN trusted
23:20:34.0655 0x07b0 NdisTapi - ok
23:20:34.0733 0x07b0 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:20:34.0733 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: F105BA1E22BF1F2EE8F005D4305E4BEC, sha256: 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F
23:20:34.0733 0x07b0 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
23:20:37.0182 0x07b0 Detect skipped due to KSN trusted
23:20:37.0182 0x07b0 Ndisuio - ok
23:20:37.0244 0x07b0 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:20:37.0244 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557DFAB9CA1FCB036AC77564C010DAD3, sha256: 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29
23:20:37.0260 0x07b0 NdisWan - detected LockedFile.Multi.Generic ( 1 )
23:20:39.0709 0x07b0 Detect skipped due to KSN trusted
23:20:39.0709 0x07b0 NdisWan - ok
23:20:39.0740 0x07b0 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:20:39.0740 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 659B74FB74B86228D6338D643CD3E3CF, sha256: 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80
23:20:39.0740 0x07b0 NDProxy - detected LockedFile.Multi.Generic ( 1 )
23:20:42.0174 0x07b0 Detect skipped due to KSN trusted
23:20:42.0174 0x07b0 NDProxy - ok
23:20:42.0283 0x07b0 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:20:42.0314 0x07b0 Nero BackItUp Scheduler 4.0 - ok
23:20:42.0346 0x07b0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:20:42.0346 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
23:20:42.0346 0x07b0 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
23:20:44.0795 0x07b0 Detect skipped due to KSN trusted
23:20:44.0795 0x07b0 NetBIOS - ok
23:20:44.0842 0x07b0 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:20:44.0842 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162B273A44AB9DCE5B44362731D062A, sha256: 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39
23:20:44.0857 0x07b0 NetBT - detected LockedFile.Multi.Generic ( 1 )
23:20:47.0275 0x07b0 Detect skipped due to KSN trusted
23:20:47.0275 0x07b0 NetBT - ok
23:20:47.0306 0x07b0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
23:20:47.0322 0x07b0 Netlogon - ok
23:20:47.0369 0x07b0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:20:47.0431 0x07b0 Netman - ok
23:20:47.0462 0x07b0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:20:47.0540 0x07b0 netprofm - ok
23:20:47.0572 0x07b0 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:20:47.0572 0x07b0 NetTcpPortSharing - ok
23:20:47.0603 0x07b0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:20:47.0603 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
23:20:47.0603 0x07b0 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
23:20:50.0036 0x07b0 Detect skipped due to KSN trusted
23:20:50.0036 0x07b0 nfrd960 - ok
23:20:50.0099 0x07b0 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
23:20:50.0177 0x07b0 NlaSvc - ok
23:20:50.0208 0x07b0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:20:50.0208 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
23:20:50.0208 0x07b0 Npfs - detected LockedFile.Multi.Generic ( 1 )
23:20:52.0626 0x07b0 Detect skipped due to KSN trusted
23:20:52.0626 0x07b0 Npfs - ok
23:20:52.0688 0x07b0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:20:52.0766 0x07b0 nsi - ok
23:20:52.0782 0x07b0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:20:52.0782 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
23:20:52.0782 0x07b0 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
23:20:55.0231 0x07b0 Detect skipped due to KSN trusted
23:20:55.0231 0x07b0 nsiproxy - ok
23:20:55.0356 0x07b0 [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:20:55.0356 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 356698A13C4630D5B31C37378D469196, sha256: BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B
23:20:55.0356 0x07b0 Ntfs - detected LockedFile.Multi.Generic ( 1 )
23:20:57.0805 0x07b0 Detect skipped due to KSN trusted
23:20:57.0805 0x07b0 Ntfs - ok
23:20:57.0836 0x07b0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:20:57.0836 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
23:20:57.0836 0x07b0 Null - detected LockedFile.Multi.Generic ( 1 )
23:21:00.0286 0x07b0 Detect skipped due to KSN trusted
23:21:00.0286 0x07b0 Null - ok
23:21:00.0364 0x07b0 [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:21:00.0364 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvraid.sys. md5: 3E38712941E9BB4DDBEE00AFFE3FED3D, sha256: 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7
23:21:00.0379 0x07b0 nvraid - detected LockedFile.Multi.Generic ( 1 )
23:21:02.0828 0x07b0 Detect skipped due to KSN trusted
23:21:02.0828 0x07b0 nvraid - ok
23:21:02.0891 0x07b0 [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:21:02.0891 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvstor.sys. md5: 477DC4D6DEB99BE37084C9AC6D013DA1, sha256: E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E
23:21:02.0891 0x07b0 nvstor - detected LockedFile.Multi.Generic ( 1 )
23:21:05.0324 0x07b0 Detect skipped due to KSN trusted
23:21:05.0324 0x07b0 nvstor - ok
23:21:05.0387 0x07b0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:21:05.0387 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
23:21:05.0387 0x07b0 nv_agp - detected LockedFile.Multi.Generic ( 1 )
23:21:07.0836 0x07b0 Detect skipped due to KSN trusted
23:21:07.0836 0x07b0 nv_agp - ok
23:21:07.0883 0x07b0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:21:07.0883 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
23:21:07.0883 0x07b0 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
23:21:10.0316 0x07b0 Detect skipped due to KSN trusted
23:21:10.0316 0x07b0 ohci1394 - ok
23:21:10.0379 0x07b0 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:21:10.0394 0x07b0 ose - ok
23:21:10.0457 0x07b0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:21:10.0519 0x07b0 p2pimsvc - ok
23:21:10.0566 0x07b0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:21:10.0597 0x07b0 p2psvc - ok
23:21:10.0613 0x07b0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:21:10.0613 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
23:21:10.0628 0x07b0 Parport - detected LockedFile.Multi.Generic ( 1 )
23:21:13.0062 0x07b0 Detect skipped due to KSN trusted
23:21:13.0062 0x07b0 Parport - ok
23:21:13.0109 0x07b0 [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:21:13.0109 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 7DAA117143316C4A1537E074A5A9EAF0, sha256: D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B
23:21:13.0109 0x07b0 partmgr - detected LockedFile.Multi.Generic ( 1 )
23:21:15.0558 0x07b0 Detect skipped due to KSN trusted
23:21:15.0558 0x07b0 partmgr - ok
23:21:15.0620 0x07b0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
23:21:15.0667 0x07b0 PcaSvc - ok
23:21:15.0714 0x07b0 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
23:21:15.0714 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pci.sys. md5: F36F6504009F2FB0DFD1B17A116AD74B, sha256: 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918
23:21:15.0714 0x07b0 pci - detected LockedFile.Multi.Generic ( 1 )
23:21:18.0163 0x07b0 Detect skipped due to KSN trusted
23:21:18.0163 0x07b0 pci - ok
23:21:18.0194 0x07b0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:21:18.0194 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
23:21:18.0194 0x07b0 pciide - detected LockedFile.Multi.Generic ( 1 )
23:21:20.0644 0x07b0 Detect skipped due to KSN trusted
23:21:20.0644 0x07b0 pciide - ok
23:21:20.0706 0x07b0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:21:20.0706 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
23:21:20.0706 0x07b0 pcmcia - detected LockedFile.Multi.Generic ( 1 )
23:21:23.0155 0x07b0 Detect skipped due to KSN trusted
23:21:23.0155 0x07b0 pcmcia - ok
|
|
05.07.2014, 22:46
| #8 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Teil2 Code:
ATTFilter 23:21:23.0218 0x07b0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:21:23.0218 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
23:21:23.0218 0x07b0 pcw - detected LockedFile.Multi.Generic ( 1 )
23:21:25.0667 0x07b0 Detect skipped due to KSN trusted
23:21:25.0667 0x07b0 pcw - ok
23:21:25.0729 0x07b0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:21:25.0729 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
23:21:25.0729 0x07b0 PEAUTH - detected LockedFile.Multi.Generic ( 1 )
23:21:28.0178 0x07b0 Detect skipped due to KSN trusted
23:21:28.0178 0x07b0 PEAUTH - ok
23:21:28.0241 0x07b0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:21:28.0288 0x07b0 PerfHost - ok
23:21:28.0319 0x07b0 [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
23:21:28.0319 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pgeffect.sys. md5: 663962900E7FEA522126BA287715BB4A, sha256: 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1
23:21:28.0319 0x07b0 PGEffect - detected LockedFile.Multi.Generic ( 1 )
23:21:30.0908 0x07b0 Detect skipped due to KSN trusted
23:21:30.0908 0x07b0 PGEffect - ok
23:21:31.0018 0x07b0 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
23:21:31.0127 0x07b0 pla - ok
23:21:31.0174 0x07b0 [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:21:31.0236 0x07b0 PlugPlay - ok
23:21:31.0252 0x07b0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:21:31.0283 0x07b0 PNRPAutoReg - ok
23:21:31.0298 0x07b0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:21:31.0330 0x07b0 PNRPsvc - ok
23:21:31.0376 0x07b0 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:21:31.0439 0x07b0 PolicyAgent - ok
23:21:31.0486 0x07b0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:21:31.0532 0x07b0 Power - ok
23:21:31.0579 0x07b0 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:21:31.0579 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27CC19E81BA5E3403C48302127BDA717, sha256: C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40
23:21:31.0579 0x07b0 PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
23:21:34.0028 0x07b0 Detect skipped due to KSN trusted
23:21:34.0028 0x07b0 PptpMiniport - ok
23:21:34.0091 0x07b0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:21:34.0091 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
23:21:34.0091 0x07b0 Processor - detected LockedFile.Multi.Generic ( 1 )
23:21:36.0540 0x07b0 Detect skipped due to KSN trusted
23:21:36.0540 0x07b0 Processor - ok
23:21:36.0602 0x07b0 [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc C:\Windows\system32\profsvc.dll
23:21:36.0696 0x07b0 ProfSvc - ok
23:21:36.0696 0x07b0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:21:36.0712 0x07b0 ProtectedStorage - ok
23:21:36.0743 0x07b0 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:21:36.0743 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: EE992183BD8EAEFD9973F352E587A299, sha256: 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043
23:21:36.0743 0x07b0 Psched - detected LockedFile.Multi.Generic ( 1 )
23:21:39.0192 0x07b0 Detect skipped due to KSN trusted
23:21:39.0192 0x07b0 Psched - ok
23:21:39.0301 0x07b0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:21:39.0301 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
23:21:39.0301 0x07b0 ql2300 - detected LockedFile.Multi.Generic ( 1 )
23:21:41.0750 0x07b0 Detect skipped due to KSN trusted
23:21:41.0750 0x07b0 ql2300 - ok
23:21:41.0782 0x07b0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:21:41.0782 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
23:21:41.0782 0x07b0 ql40xx - detected LockedFile.Multi.Generic ( 1 )
23:21:44.0215 0x07b0 Detect skipped due to KSN trusted
23:21:44.0215 0x07b0 ql40xx - ok
23:21:44.0278 0x07b0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:21:44.0324 0x07b0 QWAVE - ok
23:21:44.0340 0x07b0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:21:44.0340 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
23:21:44.0340 0x07b0 QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
23:21:46.0789 0x07b0 Detect skipped due to KSN trusted
23:21:46.0789 0x07b0 QWAVEdrv - ok
23:21:46.0836 0x07b0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:21:46.0836 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
23:21:46.0836 0x07b0 RasAcd - detected LockedFile.Multi.Generic ( 1 )
23:21:49.0285 0x07b0 Detect skipped due to KSN trusted
23:21:49.0285 0x07b0 RasAcd - ok
23:21:49.0332 0x07b0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:21:49.0332 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
23:21:49.0332 0x07b0 RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
23:21:51.0781 0x07b0 Detect skipped due to KSN trusted
23:21:51.0781 0x07b0 RasAgileVpn - ok
23:21:51.0828 0x07b0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:21:51.0906 0x07b0 RasAuto - ok
23:21:51.0937 0x07b0 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:21:51.0937 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 87A6E852A22991580D6D39ADC4790463, sha256: 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642
23:21:51.0937 0x07b0 Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
23:21:54.0355 0x07b0 Detect skipped due to KSN trusted
23:21:54.0355 0x07b0 Rasl2tp - ok
23:21:54.0433 0x07b0 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
23:21:54.0511 0x07b0 RasMan - ok
23:21:54.0543 0x07b0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:21:54.0543 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
23:21:54.0543 0x07b0 RasPppoe - detected LockedFile.Multi.Generic ( 1 )
23:21:56.0961 0x07b0 Detect skipped due to KSN trusted
23:21:56.0961 0x07b0 RasPppoe - ok
23:21:57.0007 0x07b0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:21:57.0007 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
23:21:57.0007 0x07b0 RasSstp - detected LockedFile.Multi.Generic ( 1 )
23:21:59.0472 0x07b0 Detect skipped due to KSN trusted
23:21:59.0472 0x07b0 RasSstp - ok
23:21:59.0535 0x07b0 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:21:59.0535 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 3BAC8142102C15D59A87757C1D41DCE5, sha256: C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C
23:21:59.0535 0x07b0 rdbss - detected LockedFile.Multi.Generic ( 1 )
23:22:01.0984 0x07b0 Detect skipped due to KSN trusted
23:22:01.0984 0x07b0 rdbss - ok
23:22:02.0015 0x07b0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:22:02.0015 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
23:22:02.0015 0x07b0 rdpbus - detected LockedFile.Multi.Generic ( 1 )
23:22:04.0464 0x07b0 Detect skipped due to KSN trusted
23:22:04.0464 0x07b0 rdpbus - ok
23:22:04.0511 0x07b0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:22:04.0511 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
23:22:04.0511 0x07b0 RDPCDD - detected LockedFile.Multi.Generic ( 1 )
23:22:06.0976 0x07b0 Detect skipped due to KSN trusted
23:22:06.0976 0x07b0 RDPCDD - ok
23:22:07.0023 0x07b0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:22:07.0023 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
23:22:07.0023 0x07b0 RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
23:22:09.0472 0x07b0 Detect skipped due to KSN trusted
23:22:09.0472 0x07b0 RDPENCDD - ok
23:22:09.0519 0x07b0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:22:09.0519 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
23:22:09.0519 0x07b0 RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
23:22:11.0968 0x07b0 Detect skipped due to KSN trusted
23:22:11.0968 0x07b0 RDPREFMP - ok
23:22:12.0015 0x07b0 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:22:12.0015 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, sha256: 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48
23:22:12.0015 0x07b0 RDPWD - detected LockedFile.Multi.Generic ( 1 )
23:22:14.0448 0x07b0 Detect skipped due to KSN trusted
23:22:14.0448 0x07b0 RDPWD - ok
23:22:14.0526 0x07b0 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:22:14.0526 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 634B9A2181D98F15941236886164EC8B, sha256: 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8
23:22:14.0542 0x07b0 rdyboost - detected LockedFile.Multi.Generic ( 1 )
23:22:16.0991 0x07b0 Detect skipped due to KSN trusted
23:22:16.0991 0x07b0 rdyboost - ok
23:22:17.0053 0x07b0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:22:17.0131 0x07b0 RemoteAccess - ok
23:22:17.0147 0x07b0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:22:17.0209 0x07b0 RemoteRegistry - ok
23:22:17.0225 0x07b0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:22:17.0287 0x07b0 RpcEptMapper - ok
23:22:17.0319 0x07b0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:22:17.0334 0x07b0 RpcLocator - ok
23:22:17.0381 0x07b0 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
23:22:17.0443 0x07b0 RpcSs - ok
23:22:17.0475 0x07b0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:22:17.0475 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
23:22:17.0475 0x07b0 rspndr - detected LockedFile.Multi.Generic ( 1 )
23:22:19.0908 0x07b0 Detect skipped due to KSN trusted
23:22:19.0908 0x07b0 rspndr - ok
23:22:20.0002 0x07b0 [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
23:22:20.0002 0x07b0 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\RtsUStor.sys. md5: 907C4464381B5EBDFDC60F6C7D0DEDFC, sha256: A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89
23:22:20.0002 0x07b0 RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
23:22:22.0435 0x07b0 Detect skipped due to KSN trusted
23:22:22.0435 0x07b0 RSUSBSTOR - ok
23:22:22.0545 0x07b0 [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
23:22:22.0545 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rtl8192se.sys. md5: 7475548B0BA58EBA4D12414FC9E9DFE6, sha256: 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F
23:22:22.0545 0x07b0 rtl8192se - detected LockedFile.Multi.Generic ( 1 )
23:22:24.0978 0x07b0 Detect skipped due to KSN trusted
23:22:24.0978 0x07b0 rtl8192se - ok
23:22:25.0025 0x07b0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
23:22:25.0041 0x07b0 SamSs - ok
23:22:25.0072 0x07b0 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:22:25.0072 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: E3BBB89983DAF5622C1D50CF49F28227, sha256: 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07
23:22:25.0072 0x07b0 sbp2port - detected LockedFile.Multi.Generic ( 1 )
23:22:27.0505 0x07b0 Detect skipped due to KSN trusted
23:22:27.0505 0x07b0 sbp2port - ok
23:22:27.0568 0x07b0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:22:27.0646 0x07b0 SCardSvr - ok
23:22:27.0677 0x07b0 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:22:27.0677 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: C94DA20C7E3BA1DCA269BC8460D98387, sha256: E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61
23:22:27.0677 0x07b0 scfilter - detected LockedFile.Multi.Generic ( 1 )
23:22:30.0095 0x07b0 Detect skipped due to KSN trusted
23:22:30.0095 0x07b0 scfilter - ok
23:22:30.0204 0x07b0 [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule C:\Windows\system32\schedsvc.dll
23:22:30.0282 0x07b0 Schedule - ok
23:22:30.0329 0x07b0 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:22:30.0360 0x07b0 SCPolicySvc - ok
23:22:30.0391 0x07b0 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:22:30.0438 0x07b0 SDRSVC - ok
23:22:30.0516 0x07b0 [ 3E0CFF5F0A9D23E327703D72CEA5253F, AC307AB7E9A2B7E078DE5AC4CD9EA00F159BB07605410B8C0DBC046ABBB5C654 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:22:30.0532 0x07b0 SeaPort - ok
23:22:30.0563 0x07b0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:22:30.0563 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
23:22:30.0563 0x07b0 secdrv - detected LockedFile.Multi.Generic ( 1 )
23:22:33.0028 0x07b0 Detect skipped due to KSN trusted
23:22:33.0028 0x07b0 secdrv - ok
23:22:33.0090 0x07b0 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
23:22:33.0153 0x07b0 seclogon - ok
23:22:33.0168 0x07b0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:22:33.0215 0x07b0 SENS - ok
23:22:33.0246 0x07b0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:22:33.0277 0x07b0 SensrSvc - ok
23:22:33.0324 0x07b0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:22:33.0324 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
23:22:33.0324 0x07b0 Serenum - detected LockedFile.Multi.Generic ( 1 )
23:22:35.0758 0x07b0 Detect skipped due to KSN trusted
23:22:35.0758 0x07b0 Serenum - ok
23:22:35.0789 0x07b0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:22:35.0789 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
23:22:35.0789 0x07b0 Serial - detected LockedFile.Multi.Generic ( 1 )
23:22:38.0238 0x07b0 Detect skipped due to KSN trusted
23:22:38.0238 0x07b0 Serial - ok
23:22:38.0285 0x07b0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:22:38.0285 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
23:22:38.0285 0x07b0 sermouse - detected LockedFile.Multi.Generic ( 1 )
23:22:40.0734 0x07b0 Detect skipped due to KSN trusted
23:22:40.0734 0x07b0 sermouse - ok
23:22:40.0797 0x07b0 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
23:22:40.0890 0x07b0 SessionEnv - ok
23:22:40.0906 0x07b0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:22:40.0906 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
23:22:40.0906 0x07b0 sffdisk - detected LockedFile.Multi.Generic ( 1 )
23:22:43.0355 0x07b0 Detect skipped due to KSN trusted
23:22:43.0355 0x07b0 sffdisk - ok
23:22:43.0417 0x07b0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:22:43.0417 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
23:22:43.0417 0x07b0 sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
23:22:45.0867 0x07b0 Detect skipped due to KSN trusted
23:22:45.0867 0x07b0 sffp_mmc - ok
23:22:45.0913 0x07b0 [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:22:45.0913 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_sd.sys. md5: 178298F767FE638C9FEDCBDEF58BB5E4, sha256: 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7
23:22:45.0913 0x07b0 sffp_sd - detected LockedFile.Multi.Generic ( 1 )
23:22:48.0347 0x07b0 Detect skipped due to KSN trusted
23:22:48.0347 0x07b0 sffp_sd - ok
23:22:48.0394 0x07b0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:22:48.0394 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
23:22:48.0394 0x07b0 sfloppy - detected LockedFile.Multi.Generic ( 1 )
23:22:50.0843 0x07b0 Detect skipped due to KSN trusted
23:22:50.0843 0x07b0 sfloppy - ok
23:22:50.0921 0x07b0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:22:50.0999 0x07b0 SharedAccess - ok
23:22:51.0030 0x07b0 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:22:51.0077 0x07b0 ShellHWDetection - ok
23:22:51.0108 0x07b0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:22:51.0108 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
23:22:51.0108 0x07b0 SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
23:22:53.0542 0x07b0 Detect skipped due to KSN trusted
23:22:53.0542 0x07b0 SiSRaid2 - ok
23:22:53.0604 0x07b0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:22:53.0604 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
23:22:53.0604 0x07b0 SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
23:22:56.0053 0x07b0 Detect skipped due to KSN trusted
23:22:56.0053 0x07b0 SiSRaid4 - ok
23:22:56.0116 0x07b0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:22:56.0116 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
23:22:56.0116 0x07b0 Smb - detected LockedFile.Multi.Generic ( 1 )
23:22:58.0549 0x07b0 Detect skipped due to KSN trusted
23:22:58.0549 0x07b0 Smb - ok
23:22:58.0612 0x07b0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:22:58.0659 0x07b0 SNMPTRAP - ok
23:22:58.0690 0x07b0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:22:58.0690 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
23:22:58.0690 0x07b0 spldr - detected LockedFile.Multi.Generic ( 1 )
23:23:01.0123 0x07b0 Detect skipped due to KSN trusted
23:23:01.0123 0x07b0 spldr - ok
23:23:01.0201 0x07b0 [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler C:\Windows\System32\spoolsv.exe
23:23:01.0248 0x07b0 Spooler - ok
23:23:01.0389 0x07b0 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
23:23:01.0560 0x07b0 sppsvc - ok
23:23:01.0576 0x07b0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:23:01.0623 0x07b0 sppuinotify - ok
23:23:01.0669 0x07b0 [ 37C3ABC2338010E110D2A6A3930F3149, EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:23:01.0669 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 37C3ABC2338010E110D2A6A3930F3149, sha256: EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9
23:23:01.0669 0x07b0 srv - detected LockedFile.Multi.Generic ( 1 )
23:23:04.0119 0x07b0 Detect skipped due to KSN trusted
23:23:04.0119 0x07b0 srv - ok
23:23:04.0181 0x07b0 [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:23:04.0181 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: F773D2ED090B7BAA1C1A034F3CA476C8, sha256: C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F
23:23:04.0181 0x07b0 srv2 - detected LockedFile.Multi.Generic ( 1 )
23:23:06.0599 0x07b0 Detect skipped due to KSN trusted
23:23:06.0599 0x07b0 srv2 - ok
23:23:06.0646 0x07b0 [ CCE32BB223E9FF55D241099A858FA889, A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:23:06.0646 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: CCE32BB223E9FF55D241099A858FA889, sha256: A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F
23:23:06.0646 0x07b0 srvnet - detected LockedFile.Multi.Generic ( 1 )
23:23:09.0095 0x07b0 Detect skipped due to KSN trusted
23:23:09.0095 0x07b0 srvnet - ok
23:23:09.0157 0x07b0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:23:09.0235 0x07b0 SSDPSRV - ok
23:23:09.0235 0x07b0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:23:09.0298 0x07b0 SstpSvc - ok
23:23:09.0329 0x07b0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:23:09.0329 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
23:23:09.0329 0x07b0 stexstor - detected LockedFile.Multi.Generic ( 1 )
23:23:11.0763 0x07b0 Detect skipped due to KSN trusted
23:23:11.0763 0x07b0 stexstor - ok
23:23:11.0856 0x07b0 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
23:23:11.0903 0x07b0 stisvc - ok
23:23:11.0934 0x07b0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:23:11.0934 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
23:23:11.0934 0x07b0 swenum - detected LockedFile.Multi.Generic ( 1 )
23:23:14.0383 0x07b0 Detect skipped due to KSN trusted
23:23:14.0383 0x07b0 swenum - ok
23:23:14.0461 0x07b0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:23:14.0524 0x07b0 swprv - ok
23:23:14.0571 0x07b0 [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:23:14.0571 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 470C47DABA9CA3966F0AB3F835D7D135, sha256: BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5
23:23:14.0571 0x07b0 SynTP - detected LockedFile.Multi.Generic ( 1 )
23:23:17.0004 0x07b0 Detect skipped due to KSN trusted
23:23:17.0004 0x07b0 SynTP - ok
23:23:17.0129 0x07b0 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
23:23:17.0223 0x07b0 SysMain - ok
23:23:17.0254 0x07b0 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:23:17.0285 0x07b0 TabletInputService - ok
23:23:17.0301 0x07b0 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:23:17.0363 0x07b0 TapiSrv - ok
23:23:17.0394 0x07b0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:23:17.0441 0x07b0 TBS - ok
23:23:17.0550 0x07b0 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:23:17.0566 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
23:23:17.0566 0x07b0 Tcpip - detected LockedFile.Multi.Generic ( 1 )
23:23:19.0999 0x07b0 Detect skipped due to KSN trusted
23:23:19.0999 0x07b0 Tcpip - ok
23:23:20.0140 0x07b0 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:23:20.0140 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
23:23:20.0155 0x07b0 TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
23:23:20.0155 0x07b0 Detect skipped due to KSN trusted
23:23:20.0155 0x07b0 TCPIP6 - ok
23:23:20.0187 0x07b0 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:23:20.0187 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 76D078AF6F587B162D50210F761EB9ED, sha256: 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9
23:23:20.0187 0x07b0 tcpipreg - detected LockedFile.Multi.Generic ( 1 )
23:23:22.0636 0x07b0 Detect skipped due to KSN trusted
23:23:22.0636 0x07b0 tcpipreg - ok
23:23:22.0698 0x07b0 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:23:22.0714 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdcmdpst.sys. md5: FD542B661BD22FA69CA789AD0AC58C29, sha256: 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C
23:23:22.0714 0x07b0 tdcmdpst - detected LockedFile.Multi.Generic ( 1 )
23:23:25.0163 0x07b0 Detect skipped due to KSN trusted
23:23:25.0163 0x07b0 tdcmdpst - ok
23:23:25.0210 0x07b0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:23:25.0210 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
23:23:25.0210 0x07b0 TDPIPE - detected LockedFile.Multi.Generic ( 1 )
23:23:27.0659 0x07b0 Detect skipped due to KSN trusted
23:23:27.0659 0x07b0 TDPIPE - ok
23:23:27.0690 0x07b0 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:23:27.0690 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: E4245BDA3190A582D55ED09E137401A9, sha256: F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116
23:23:27.0690 0x07b0 TDTCP - detected LockedFile.Multi.Generic ( 1 )
23:23:30.0249 0x07b0 Detect skipped due to KSN trusted
23:23:30.0249 0x07b0 TDTCP - ok
23:23:30.0311 0x07b0 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:23:30.0311 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 079125C4B17B01FCAEEBCE0BCB290C0F, sha256: B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437
23:23:30.0311 0x07b0 tdx - detected LockedFile.Multi.Generic ( 1 )
23:23:32.0760 0x07b0 Detect skipped due to KSN trusted
23:23:32.0760 0x07b0 tdx - ok
23:23:32.0885 0x07b0 [ 1B43FDBFE5A98F6B3D90595C6B2E5277, B13068E99FD301887C12EACDB94DB0B87F1186569AEAD65C1553E74B462EE972 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
23:23:32.0901 0x07b0 TemproMonitoringService - ok
23:23:32.0932 0x07b0 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:23:32.0932 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\termdd.sys. md5: C448651339196C0E869A355171875522, sha256: C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4
23:23:32.0932 0x07b0 TermDD - detected LockedFile.Multi.Generic ( 1 )
23:23:35.0833 0x07b0 Detect skipped due to KSN trusted
23:23:35.0833 0x07b0 TermDD - ok
23:23:35.0911 0x07b0 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
23:23:36.0005 0x07b0 TermService - ok
23:23:36.0021 0x07b0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:23:36.0052 0x07b0 Themes - ok
23:23:36.0067 0x07b0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:23:36.0114 0x07b0 THREADORDER - ok
23:23:36.0161 0x07b0 [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:23:36.0177 0x07b0 TMachInfo - ok
23:23:36.0223 0x07b0 [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
23:23:36.0239 0x07b0 TODDSrv - ok
23:23:36.0333 0x07b0 [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:23:36.0348 0x07b0 TosCoSrv - ok
23:23:36.0442 0x07b0 [ 3E6756677E16532D235C6CB20614F369, 97CA12C3B7B535307EADA0093394BF1682BDD10A14D392BD187BD3E7B9A19B93 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
23:23:36.0473 0x07b0 TOSHIBA eco Utility Service - ok
23:23:36.0551 0x07b0 [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:23:36.0567 0x07b0 TOSHIBA HDD SSD Alert Service - ok
23:23:36.0629 0x07b0 [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
23:23:36.0660 0x07b0 TPCHSrv - ok
23:23:36.0691 0x07b0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:23:36.0754 0x07b0 TrkWks - ok
23:23:36.0801 0x07b0 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:23:36.0847 0x07b0 TrustedInstaller - ok
23:23:36.0863 0x07b0 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:23:36.0863 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 61B96C26131E37B24E93327A0BD1FB95, sha256: 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF
23:23:36.0863 0x07b0 tssecsrv - detected LockedFile.Multi.Generic ( 1 )
23:23:39.0297 0x07b0 Detect skipped due to KSN trusted
23:23:39.0297 0x07b0 tssecsrv - ok
23:23:39.0375 0x07b0 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:23:39.0375 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3836171A2CDF3AF8EF10856DB9835A70, sha256: 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2
23:23:39.0375 0x07b0 tunnel - detected LockedFile.Multi.Generic ( 1 )
23:23:41.0824 0x07b0 Detect skipped due to KSN trusted
23:23:41.0824 0x07b0 tunnel - ok
23:23:41.0902 0x07b0 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:23:41.0902 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\TVALZ_O.SYS. md5: 550B567F9364D8F7684C3FB3EA665A72, sha256: A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933
23:23:41.0902 0x07b0 TVALZ - detected LockedFile.Multi.Generic ( 1 )
23:23:44.0336 0x07b0 Detect skipped due to KSN trusted
23:23:44.0336 0x07b0 TVALZ - ok
23:23:44.0429 0x07b0 [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
23:23:44.0429 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\TVALZFL.sys. md5: 9C7191F4B2E49BFF47A6C1144B5923FA, sha256: DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E
23:23:44.0429 0x07b0 TVALZFL - detected LockedFile.Multi.Generic ( 1 )
23:23:46.0878 0x07b0 Detect skipped due to KSN trusted
23:23:46.0878 0x07b0 TVALZFL - ok
23:23:46.0941 0x07b0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:23:46.0941 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
23:23:46.0941 0x07b0 uagp35 - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0390 0x07b0 Detect skipped due to KSN trusted
23:23:49.0390 0x07b0 uagp35 - ok
23:23:49.0452 0x07b0 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:23:49.0452 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: D47BAEAD86C65D4F4069D7CE0A4EDCEB, sha256: DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8
23:23:49.0452 0x07b0 udfs - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0886 0x07b0 Detect skipped due to KSN trusted
23:23:51.0886 0x07b0 udfs - ok
23:23:51.0933 0x07b0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:23:51.0980 0x07b0 UI0Detect - ok
23:23:52.0011 0x07b0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:23:52.0011 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
23:23:52.0011 0x07b0 uliagpkx - detected LockedFile.Multi.Generic ( 1 )
23:23:54.0460 0x07b0 Detect skipped due to KSN trusted
23:23:54.0460 0x07b0 uliagpkx - ok
23:23:54.0507 0x07b0 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:23:54.0507 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: EAB6C35E62B1B0DB0D1B48B671D3A117, sha256: E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0
23:23:54.0507 0x07b0 umbus - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0956 0x07b0 Detect skipped due to KSN trusted
23:23:56.0956 0x07b0 umbus - ok
23:23:56.0987 0x07b0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:23:56.0987 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
23:23:56.0987 0x07b0 UmPass - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0436 0x07b0 Detect skipped due to KSN trusted
23:23:59.0436 0x07b0 UmPass - ok
23:23:59.0639 0x07b0 [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:23:59.0717 0x07b0 UNS - ok
23:23:59.0748 0x07b0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:23:59.0826 0x07b0 upnphost - ok
23:23:59.0889 0x07b0 [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:23:59.0889 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: B26AFB54A534D634523C4FB66765B026, sha256: A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8
23:23:59.0889 0x07b0 usbccgp - detected LockedFile.Multi.Generic ( 1 )
23:24:02.0322 0x07b0 Detect skipped due to KSN trusted
23:24:02.0322 0x07b0 usbccgp - ok
23:24:02.0385 0x07b0 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:24:02.0385 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
23:24:02.0385 0x07b0 usbcir - detected LockedFile.Multi.Generic ( 1 )
23:24:04.0834 0x07b0 Detect skipped due to KSN trusted
23:24:04.0834 0x07b0 usbcir - ok
23:24:04.0912 0x07b0 [ CB490987A7F6928A04BB838E3BD8A936, 51D1E6A6F17A8482B526668032CC9F563F655C2EC413101566187CE8D7B6B5F4 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:24:04.0912 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: CB490987A7F6928A04BB838E3BD8A936, sha256: 51D1E6A6F17A8482B526668032CC9F563F655C2EC413101566187CE8D7B6B5F4
23:24:04.0912 0x07b0 usbehci - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0346 0x07b0 Detect skipped due to KSN trusted
23:24:07.0346 0x07b0 usbehci - ok
23:24:07.0424 0x07b0 [ 18124EF0A881A00EE222D02A3EE30270, 8FBD652F03C5F114BD3661BFA9A5D2A56CE5F5C8D67A5876409E0B055D97D038 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:24:07.0424 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 18124EF0A881A00EE222D02A3EE30270, sha256: 8FBD652F03C5F114BD3661BFA9A5D2A56CE5F5C8D67A5876409E0B055D97D038
23:24:07.0424 0x07b0 usbhub - detected LockedFile.Multi.Generic ( 1 )
23:24:09.0873 0x07b0 Detect skipped due to KSN trusted
23:24:09.0873 0x07b0 usbhub - ok
23:24:09.0920 0x07b0 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:24:09.0920 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 58E546BBAF87664FC57E0F6081E4F609, sha256: 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9
23:24:09.0920 0x07b0 usbohci - detected LockedFile.Multi.Generic ( 1 )
23:24:12.0353 0x07b0 Detect skipped due to KSN trusted
23:24:12.0353 0x07b0 usbohci - ok
23:24:12.0400 0x07b0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:24:12.0400 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
23:24:12.0400 0x07b0 usbprint - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0865 0x07b0 Detect skipped due to KSN trusted
23:24:14.0865 0x07b0 usbprint - ok
23:24:14.0912 0x07b0 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:24:14.0927 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0, sha256: 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42
23:24:14.0927 0x07b0 usbscan - detected LockedFile.Multi.Generic ( 1 )
23:24:17.0376 0x07b0 Detect skipped due to KSN trusted
23:24:17.0376 0x07b0 usbscan - ok
23:24:17.0408 0x07b0 [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:24:17.0408 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: 080D3820DA6C046BE82FC8B45A893E83, sha256: EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A
23:24:17.0408 0x07b0 USBSTOR - detected LockedFile.Multi.Generic ( 1 )
23:24:19.0857 0x07b0 Detect skipped due to KSN trusted
23:24:19.0857 0x07b0 USBSTOR - ok
23:24:19.0919 0x07b0 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:24:19.0919 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 81FB2216D3A60D1284455D511797DB3D, sha256: 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E
23:24:19.0919 0x07b0 usbuhci - detected LockedFile.Multi.Generic ( 1 )
23:24:22.0368 0x07b0 Detect skipped due to KSN trusted
23:24:22.0368 0x07b0 usbuhci - ok
23:24:22.0431 0x07b0 [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:24:22.0431 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbvideo.sys. md5: D501E12614B00A3252073101D6A1A74B, sha256: DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C
23:24:22.0431 0x07b0 usbvideo - detected LockedFile.Multi.Generic ( 1 )
23:24:24.0880 0x07b0 Detect skipped due to KSN trusted
23:24:24.0880 0x07b0 usbvideo - ok
23:24:24.0927 0x07b0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:24:25.0020 0x07b0 UxSms - ok
23:24:25.0036 0x07b0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
23:24:25.0052 0x07b0 VaultSvc - ok
23:24:25.0083 0x07b0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:24:25.0083 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
23:24:25.0083 0x07b0 vdrvroot - detected LockedFile.Multi.Generic ( 1 )
23:24:27.0532 0x07b0 Detect skipped due to KSN trusted
23:24:27.0532 0x07b0 vdrvroot - ok
23:24:27.0594 0x07b0 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
23:24:27.0657 0x07b0 vds - ok
23:24:27.0688 0x07b0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:27.0688 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
23:24:27.0704 0x07b0 vga - detected LockedFile.Multi.Generic ( 1 )
23:24:30.0137 0x07b0 Detect skipped due to KSN trusted
23:24:30.0137 0x07b0 vga - ok
23:24:30.0184 0x07b0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:24:30.0184 0x07b0 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
23:24:30.0184 0x07b0 VgaSave - detected LockedFile.Multi.Generic ( 1 )
23:24:32.0618 0x07b0 Detect skipped due to KSN trusted
23:24:32.0618 0x07b0 VgaSave - ok
23:24:32.0664 0x07b0 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:24:32.0664 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: C82E748660F62A242B2DFAC1442F22A4, sha256: 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E
23:24:32.0664 0x07b0 vhdmp - detected LockedFile.Multi.Generic ( 1 )
23:24:35.0114 0x07b0 Detect skipped due to KSN trusted
23:24:35.0114 0x07b0 vhdmp - ok
23:24:35.0160 0x07b0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:24:35.0160 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
23:24:35.0160 0x07b0 viaide - detected LockedFile.Multi.Generic ( 1 )
23:24:37.0812 0x07b0 Detect skipped due to KSN trusted
23:24:37.0812 0x07b0 viaide - ok
23:24:37.0844 0x07b0 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:24:37.0844 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, sha256: 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2
23:24:37.0844 0x07b0 volmgr - detected LockedFile.Multi.Generic ( 1 )
23:24:40.0293 0x07b0 Detect skipped due to KSN trusted
23:24:40.0293 0x07b0 volmgr - ok
23:24:40.0355 0x07b0 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:24:40.0355 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: 99B0CBB569CA79ACAED8C91461D765FB, sha256: 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B
23:24:40.0355 0x07b0 volmgrx - detected LockedFile.Multi.Generic ( 1 )
23:24:42.0804 0x07b0 Detect skipped due to KSN trusted
23:24:42.0804 0x07b0 volmgrx - ok
23:24:42.0882 0x07b0 [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:24:42.0882 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58F82EED8CA24B461441F9C3E4F0BF5C, sha256: 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C
23:24:42.0882 0x07b0 volsnap - detected LockedFile.Multi.Generic ( 1 )
23:24:45.0332 0x07b0 Detect skipped due to KSN trusted
23:24:45.0332 0x07b0 volsnap - ok
23:24:45.0394 0x07b0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:24:45.0394 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
23:24:45.0394 0x07b0 vsmraid - detected LockedFile.Multi.Generic ( 1 )
23:24:47.0843 0x07b0 Detect skipped due to KSN trusted
23:24:47.0843 0x07b0 vsmraid - ok
23:24:48.0046 0x07b0 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
23:24:48.0155 0x07b0 VSS - ok
23:24:48.0186 0x07b0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:24:48.0186 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
23:24:48.0186 0x07b0 vwifibus - detected LockedFile.Multi.Generic ( 1 )
23:24:50.0620 0x07b0 Detect skipped due to KSN trusted
23:24:50.0620 0x07b0 vwifibus - ok
23:24:50.0682 0x07b0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:24:50.0682 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
23:24:50.0682 0x07b0 vwififlt - detected LockedFile.Multi.Generic ( 1 )
23:24:53.0132 0x07b0 Detect skipped due to KSN trusted
23:24:53.0132 0x07b0 vwififlt - ok
23:24:53.0194 0x07b0 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:24:53.0194 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
23:24:53.0194 0x07b0 vwifimp - detected LockedFile.Multi.Generic ( 1 )
23:24:55.0643 0x07b0 Detect skipped due to KSN trusted
23:24:55.0643 0x07b0 vwifimp - ok
23:24:55.0674 0x07b0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:24:55.0752 0x07b0 W32Time - ok
23:24:55.0784 0x07b0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:24:55.0784 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
23:24:55.0784 0x07b0 WacomPen - detected LockedFile.Multi.Generic ( 1 )
23:24:58.0217 0x07b0 Detect skipped due to KSN trusted
23:24:58.0217 0x07b0 WacomPen - ok
23:24:58.0280 0x07b0 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:24:58.0280 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
23:24:58.0280 0x07b0 WANARP - detected LockedFile.Multi.Generic ( 1 )
23:25:00.0713 0x07b0 Detect skipped due to KSN trusted
23:25:00.0713 0x07b0 WANARP - ok
23:25:00.0760 0x07b0 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:25:00.0760 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
23:25:00.0760 0x07b0 Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
23:25:00.0760 0x07b0 Detect skipped due to KSN trusted
23:25:00.0760 0x07b0 Wanarpv6 - ok
23:25:00.0838 0x07b0 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
23:25:00.0947 0x07b0 wbengine - ok
23:25:00.0978 0x07b0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:25:01.0010 0x07b0 WbioSrvc - ok
23:25:01.0025 0x07b0 [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:25:01.0072 0x07b0 wcncsvc - ok
23:25:01.0088 0x07b0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:01.0119 0x07b0 WcsPlugInService - ok
23:25:01.0150 0x07b0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:25:01.0150 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
23:25:01.0150 0x07b0 Wd - detected LockedFile.Multi.Generic ( 1 )
23:25:03.0584 0x07b0 Detect skipped due to KSN trusted
23:25:03.0584 0x07b0 Wd - ok
23:25:03.0662 0x07b0 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:25:03.0662 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
23:25:03.0662 0x07b0 Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
23:25:06.0111 0x07b0 Detect skipped due to KSN trusted
23:25:06.0111 0x07b0 Wdf01000 - ok
23:25:06.0158 0x07b0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:25:06.0220 0x07b0 WdiServiceHost - ok
23:25:06.0220 0x07b0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:25:06.0236 0x07b0 WdiSystemHost - ok
23:25:06.0267 0x07b0 [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient C:\Windows\System32\webclnt.dll
23:25:06.0314 0x07b0 WebClient - ok
23:25:06.0345 0x07b0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:25:06.0407 0x07b0 Wecsvc - ok
23:25:06.0423 0x07b0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:25:06.0470 0x07b0 wercplsupport - ok
23:25:06.0516 0x07b0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:25:06.0548 0x07b0 WerSvc - ok
23:25:06.0594 0x07b0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:06.0594 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
23:25:06.0594 0x07b0 WfpLwf - detected LockedFile.Multi.Generic ( 1 )
23:25:09.0044 0x07b0 Detect skipped due to KSN trusted
23:25:09.0044 0x07b0 WfpLwf - ok
23:25:09.0090 0x07b0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:25:09.0090 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
23:25:09.0090 0x07b0 WIMMount - detected LockedFile.Multi.Generic ( 1 )
23:25:11.0524 0x07b0 Detect skipped due to KSN trusted
23:25:11.0524 0x07b0 WIMMount - ok
23:25:11.0571 0x07b0 WinDefend - ok
23:25:11.0571 0x07b0 WinHttpAutoProxySvc - ok
23:25:11.0618 0x07b0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:25:11.0696 0x07b0 Winmgmt - ok
23:25:11.0820 0x07b0 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
23:25:11.0976 0x07b0 WinRM - ok
23:25:12.0039 0x07b0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:25:12.0101 0x07b0 Wlansvc - ok
23:25:12.0257 0x07b0 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:25:12.0335 0x07b0 wlidsvc - ok
23:25:12.0382 0x07b0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:25:12.0398 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
23:25:12.0398 0x07b0 WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
23:25:14.0847 0x07b0 Detect skipped due to KSN trusted
23:25:14.0847 0x07b0 WmiAcpi - ok
23:25:14.0909 0x07b0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:25:14.0956 0x07b0 wmiApSrv - ok
23:25:14.0987 0x07b0 WMPNetworkSvc - ok
23:25:15.0003 0x07b0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:25:15.0034 0x07b0 WPCSvc - ok
23:25:15.0050 0x07b0 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:25:15.0081 0x07b0 WPDBusEnum - ok
23:25:15.0112 0x07b0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:25:15.0112 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
23:25:15.0112 0x07b0 ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
23:25:17.0561 0x07b0 Detect skipped due to KSN trusted
23:25:17.0561 0x07b0 ws2ifsl - ok
23:25:17.0624 0x07b0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:25:17.0670 0x07b0 wscsvc - ok
23:25:17.0670 0x07b0 WSearch - ok
23:25:17.0795 0x07b0 [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv C:\Windows\system32\wuaueng.dll
23:25:17.0951 0x07b0 wuauserv - ok
23:25:17.0982 0x07b0 [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:25:17.0982 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 7CADC74271DD6461C452C271B30BD378, sha256: D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861
23:25:17.0982 0x07b0 WudfPf - detected LockedFile.Multi.Generic ( 1 )
23:25:20.0416 0x07b0 Detect skipped due to KSN trusted
23:25:20.0416 0x07b0 WudfPf - ok
23:25:20.0478 0x07b0 [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:20.0494 0x07b0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3B197AF0FFF08AA66B6B2241CA538D64, sha256: BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79
23:25:20.0494 0x07b0 WUDFRd - detected LockedFile.Multi.Generic ( 1 )
23:25:22.0943 0x07b0 Detect skipped due to KSN trusted
23:25:22.0943 0x07b0 WUDFRd - ok
23:25:22.0990 0x07b0 [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:25:23.0068 0x07b0 wudfsvc - ok
23:25:23.0099 0x07b0 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:25:23.0130 0x07b0 WwanSvc - ok
23:25:23.0146 0x07b0 ================ Scan global ===============================
23:25:23.0177 0x07b0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:25:23.0193 0x07b0 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:25:23.0208 0x07b0 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:25:23.0240 0x07b0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:25:23.0286 0x07b0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:25:23.0302 0x07b0 [ Global ] - ok
23:25:23.0302 0x07b0 ================ Scan MBR ==================================
23:25:23.0302 0x07b0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:24.0472 0x07b0 \Device\Harddisk0\DR0 - ok
23:25:24.0472 0x07b0 ================ Scan VBR ==================================
23:25:24.0488 0x07b0 [ C502F4BB1CE2A15E2F3DA9B076B8C751 ] \Device\Harddisk0\DR0\Partition1
23:25:24.0488 0x07b0 \Device\Harddisk0\DR0\Partition1 - ok
23:25:24.0519 0x07b0 [ 8EDDCD5EF53B12440ED58D2DCABDA2AB ] \Device\Harddisk0\DR0\Partition2
23:25:24.0519 0x07b0 \Device\Harddisk0\DR0\Partition2 - ok
23:25:24.0519 0x07b0 ================ Scan generic autorun ======================
23:25:24.0519 0x07b0 SynTPEnh - ok
23:25:24.0597 0x07b0 [ F9EF20F6FDA1444C0864BD7AEDC10CAF, E6A18BD7200E7DE7599753DA27469AEC479A315931956D457547F243FCB92C2A ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
23:25:24.0628 0x07b0 TosSENotify - ok
23:25:24.0644 0x07b0 TosReelTimeMonitor - ok
23:25:24.0644 0x07b0 TosNC - ok
23:25:24.0706 0x07b0 [ BACA0077A128322183F1A323A51EF7E4, 21C72EC574B7C2DD1480036CAD2C5DA15CACE2123A0608AD779292A94EACF39F ] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
23:25:24.0737 0x07b0 Toshiba TEMPRO - ok
23:25:24.0800 0x07b0 [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
23:25:24.0800 0x07b0 SmartAudio - ok
23:25:24.0846 0x07b0 [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
23:25:24.0862 0x07b0 cAudioFilterAgent - ok
23:25:24.0862 0x07b0 TPwrMain - ok
23:25:24.0862 0x07b0 HSON - ok
23:25:24.0862 0x07b0 SmoothView - ok
23:25:24.0878 0x07b0 00TCrdMain - ok
23:25:24.0878 0x07b0 SmartFaceVWatcher - ok
23:25:24.0878 0x07b0 Teco - ok
23:25:24.0878 0x07b0 TosWaitSrv - ok
23:25:24.0909 0x07b0 [ F82483A80D49ACCA81193A294FB233CD, 7EEA9E7F62A92AD98569B1A4F4809D91D7ED671821A738EB75BC6E469DB44494 ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
23:25:24.0909 0x07b0 TosVolRegulator - ok
23:25:24.0956 0x07b0 [ 104A28EA683C17D5470B3934D158142D, 286E7AF73C94D5CCD9F84C83C5343F385290D786D130701C367E56D5681A751C ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
23:25:24.0971 0x07b0 Toshiba Registration - ok
23:25:25.0034 0x07b0 [ 80A02F5ADDDF2D615B85A4F19424DCBB, BBAC2A551CE02625FD7F3944D4EBDC7EF5C9F2C9D698449D77695C2B1DC1CE45 ] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
23:25:25.0065 0x07b0 NBAgent - ok
23:25:25.0112 0x07b0 [ 1846FCC3B3640682C5EAC1B1A42F10F3, 579B94A6CD52DC419C90398512E535FA5097BB4F757EDF171AC1B0EB7742E3FC ] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
23:25:25.0127 0x07b0 Bing Bar - ok
23:25:25.0174 0x07b0 [ 9ED4F1D990A3D16112155EA2D50E7975, D2BAA0ACE51286774D9BC622FEE650AD918DF44AEC0BA1E43D28C1E70408FCBF ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
23:25:25.0190 0x07b0 Microsoft Default Manager - ok
23:25:25.0236 0x07b0 [ 21EE540CC1AC0F16E34BE3D84BF93269, 1A4F67879043DCD622F9280E359D9BB189EF1C2FF23FB101606808740EA25B42 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:25:25.0236 0x07b0 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
23:25:27.0654 0x07b0 Detect skipped due to KSN trusted
23:25:27.0654 0x07b0 StartCCC - ok
23:25:27.0795 0x07b0 [ F7E0783DA9043BC131BB37C77EDB04DF, CD24E9B89789BE57230C52B24E63F29C6E650876E5FB0CB1304390B7E698FF93 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
23:25:27.0873 0x07b0 TWebCamera - ok
23:25:27.0966 0x07b0 [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
23:25:28.0013 0x07b0 ToshibaServiceStation - ok
23:25:28.0060 0x07b0 [ 0600CB2613BEA0C6C0987B58D56D77B9, BFA2AC5BBC90E49A7A1C4D890C79ED4A757CB4C9C8215174F51430962BF346F4 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:25:28.0076 0x07b0 Adobe Reader Speed Launcher - ok
23:25:28.0185 0x07b0 [ B63E5C7807334A3A8F731062F15462CC, F4E501F749C10C44E8F501A34D8DD309892968BE70DA17734267BBCDDC351444 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:25:28.0216 0x07b0 Adobe ARM - ok
23:25:28.0278 0x07b0 [ CA1F035A177457B47F9B7D669FE3E91A, ACA93529F3AFD1F9B51B51A192D69321095465321E4382DD857138F45F37C5F7 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
23:25:28.0278 0x07b0 Avira Systray - ok
23:25:28.0512 0x07b0 [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
23:25:28.0528 0x07b0 avgnt - ok
23:25:28.0637 0x07b0 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:25:28.0700 0x07b0 Sidebar - ok
23:25:28.0731 0x07b0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:25:28.0762 0x07b0 mctadmin - ok
23:25:28.0809 0x07b0 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:25:28.0871 0x07b0 Sidebar - ok
23:25:28.0887 0x07b0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:25:28.0902 0x07b0 mctadmin - ok
23:25:29.0121 0x07b0 [ 05973FB5F863CDB65852D88ADB383A33, BD10E37E9B42D03719AA4FE595F44FEB75E0D598E7E36480506AF18D8236F21F ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
23:25:29.0246 0x07b0 TOSHIBA Online Product Information - ok
23:25:29.0261 0x07b0 Waiting for KSN requests completion. In queue: 22
23:25:30.0275 0x07b0 Waiting for KSN requests completion. In queue: 22
23:25:31.0289 0x07b0 Waiting for KSN requests completion. In queue: 22
23:25:32.0381 0x07b0 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
23:25:32.0397 0x07b0 Win FW state via NFP2: enabled
23:25:34.0846 0x07b0 ============================================================
23:25:34.0846 0x07b0 Scan finished
23:25:34.0846 0x07b0 ============================================================
23:25:34.0862 0x06fc Detected object count: 1
23:25:34.0862 0x06fc Actual detected object count: 1
23:26:28.0120 0x06fc C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys - copied to quarantine
23:26:28.0136 0x06fc HKLM\SYSTEM\ControlSet001\services\cfc5f97f2a26d049 - will be deleted on reboot
23:26:28.0151 0x06fc HKLM\SYSTEM\ControlSet002\services\cfc5f97f2a26d049 - will be deleted on reboot
23:26:28.0276 0x06fc C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys - will be deleted on reboot
23:26:28.0276 0x06fc cfc5f97f2a26d049 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
23:26:28.0370 0x06fc KLMD registered as C:\Windows\system32\drivers\30251845.sys
23:31:43.0526 0x0cbc Deinitialize success
|
|
05.07.2014, 22:50
| #9 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Hast Du die Funde gleich gelöscht? Die Anweisung besagt aber was anderes... Mach mal bitte ein frisches FRST-Log... Schritt 1 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.07.2014, 22:54
| #10 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167Code:
ATTFilter 23:52:08.0644 0x0a3c TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
23:52:10.0219 0x0a3c ============================================================
23:52:10.0219 0x0a3c Current date / time: 2014/07/05 23:52:10.0219
23:52:10.0219 0x0a3c SystemInfo:
23:52:10.0219 0x0a3c
23:52:10.0219 0x0a3c OS Version: 6.1.7600 ServicePack: 0.0
23:52:10.0219 0x0a3c Product type: Workstation
23:52:10.0219 0x0a3c ComputerName: PETRA-TOSH
23:52:10.0219 0x0a3c UserName: Petra
23:52:10.0219 0x0a3c Windows directory: C:\Windows
23:52:10.0219 0x0a3c System windows directory: C:\Windows
23:52:10.0219 0x0a3c Running under WOW64
23:52:10.0219 0x0a3c Processor architecture: Intel x64
23:52:10.0219 0x0a3c Number of processors: 2
23:52:10.0219 0x0a3c Page size: 0x1000
23:52:10.0219 0x0a3c Boot type: Normal boot
23:52:10.0219 0x0a3c ============================================================
23:52:10.0219 0x0a3c BG loaded
23:52:10.0547 0x0a3c System UUID: {9F2D0982-1853-3994-21CC-0E64B3CCC0DB}
23:52:11.0062 0x0a3c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:52:11.0062 0x0a3c ============================================================
23:52:11.0062 0x0a3c \Device\Harddisk0\DR0:
23:52:11.0062 0x0a3c MBR partitions:
23:52:11.0062 0x0a3c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x129A1000
23:52:11.0062 0x0a3c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A69800, BlocksNum 0x129C4AB0
23:52:11.0062 0x0a3c ============================================================
23:52:11.0093 0x0a3c C: <-> \Device\Harddisk0\DR0\Partition1
23:52:11.0124 0x0a3c D: <-> \Device\Harddisk0\DR0\Partition2
23:52:11.0124 0x0a3c ============================================================
23:52:11.0124 0x0a3c Initialize success
23:52:11.0124 0x0a3c ============================================================
23:52:14.0026 0x0dbc ============================================================
23:52:14.0026 0x0dbc Scan started
23:52:14.0026 0x0dbc Mode: Manual;
23:52:14.0026 0x0dbc ============================================================
23:52:14.0026 0x0dbc KSN ping started
23:52:16.0896 0x0dbc KSN ping finished: true
23:52:19.0080 0x0dbc ================ Scan system memory ========================
23:52:19.0080 0x0dbc System memory - ok
23:52:19.0080 0x0dbc ================ Scan services =============================
23:52:19.0299 0x0dbc [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:52:19.0314 0x0dbc 1394ohci - ok
23:52:19.0392 0x0dbc [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:52:19.0408 0x0dbc ACPI - ok
23:52:19.0455 0x0dbc [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:52:19.0455 0x0dbc AcpiPmi - ok
23:52:19.0969 0x0dbc [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:52:19.0985 0x0dbc AdobeFlashPlayerUpdateSvc - ok
23:52:20.0047 0x0dbc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:52:20.0063 0x0dbc adp94xx - ok
23:52:20.0110 0x0dbc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:52:20.0125 0x0dbc adpahci - ok
23:52:20.0141 0x0dbc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:52:20.0141 0x0dbc adpu320 - ok
23:52:20.0188 0x0dbc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:52:20.0188 0x0dbc AeLookupSvc - ok
23:52:20.0250 0x0dbc [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD C:\Windows\system32\drivers\afd.sys
23:52:20.0266 0x0dbc AFD - ok
23:52:20.0344 0x0dbc [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
23:52:20.0375 0x0dbc AgereSoftModem - ok
23:52:20.0406 0x0dbc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:52:20.0406 0x0dbc agp440 - ok
23:52:20.0437 0x0dbc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:52:20.0437 0x0dbc ALG - ok
23:52:20.0453 0x0dbc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:52:20.0453 0x0dbc aliide - ok
23:52:20.0515 0x0dbc [ 61A18BCAF557CD6614309E4978B81056, 4481B4276E7F6790D7BF4D9DC3C172BCA037BF6A30D5CE4E0190585F669FA4EC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:52:20.0531 0x0dbc AMD External Events Utility - ok
23:52:20.0562 0x0dbc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:52:20.0562 0x0dbc amdide - ok
23:52:20.0593 0x0dbc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:52:20.0593 0x0dbc AmdK8 - ok
23:52:20.0905 0x0dbc [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:21.0155 0x0dbc amdkmdag - ok
23:52:21.0217 0x0dbc [ ED25D58581B5A28593C277F482FCCD62, EC20DF155BA3814A052DD4DB1B5C220A75E68B9D88518ED676A12CF70AF619F5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:52:21.0217 0x0dbc amdkmdap - ok
23:52:21.0233 0x0dbc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:52:21.0233 0x0dbc AmdPPM - ok
23:52:21.0249 0x0dbc [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:52:21.0264 0x0dbc amdsata - ok
23:52:21.0311 0x0dbc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:52:21.0311 0x0dbc amdsbs - ok
23:52:21.0327 0x0dbc [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:52:21.0342 0x0dbc amdxata - ok
23:52:21.0576 0x0dbc [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:52:21.0592 0x0dbc AntiVirSchedulerService - ok
23:52:21.0654 0x0dbc [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:52:21.0670 0x0dbc AntiVirService - ok
23:52:21.0717 0x0dbc [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
23:52:21.0717 0x0dbc AppID - ok
23:52:21.0763 0x0dbc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:52:21.0763 0x0dbc AppIDSvc - ok
23:52:21.0795 0x0dbc [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
23:52:21.0795 0x0dbc Appinfo - ok
23:52:21.0826 0x0dbc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:52:21.0826 0x0dbc arc - ok
23:52:21.0857 0x0dbc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:52:21.0857 0x0dbc arcsas - ok
23:52:21.0888 0x0dbc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:52:21.0888 0x0dbc AsyncMac - ok
23:52:21.0935 0x0dbc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:52:21.0935 0x0dbc atapi - ok
23:52:22.0231 0x0dbc [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:22.0387 0x0dbc atikmdag - ok
23:52:22.0434 0x0dbc [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:52:22.0465 0x0dbc AudioEndpointBuilder - ok
23:52:22.0497 0x0dbc [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:52:22.0512 0x0dbc AudioSrv - ok
23:52:22.0559 0x0dbc [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:52:22.0559 0x0dbc avgntflt - ok
23:52:22.0590 0x0dbc [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:52:22.0606 0x0dbc avipbb - ok
23:52:22.0699 0x0dbc [ BC38AB90A166625BA160941D64906A65, 005E3CBB6F3ED8748B6A69DD5D0A8894973344F603CB6E46B551AB028119D8DC ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
23:52:22.0699 0x0dbc Avira.OE.ServiceHost - ok
23:52:22.0715 0x0dbc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:52:22.0715 0x0dbc avkmgr - ok
23:52:22.0746 0x0dbc [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:52:22.0762 0x0dbc AxInstSV - ok
23:52:22.0793 0x0dbc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:52:22.0809 0x0dbc b06bdrv - ok
23:52:22.0855 0x0dbc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:52:22.0855 0x0dbc b57nd60a - ok
23:52:22.0902 0x0dbc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:52:22.0918 0x0dbc BDESVC - ok
23:52:22.0933 0x0dbc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:52:22.0933 0x0dbc Beep - ok
23:52:23.0027 0x0dbc [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
23:52:23.0043 0x0dbc BFE - ok
23:52:23.0089 0x0dbc [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
23:52:23.0121 0x0dbc BITS - ok
23:52:23.0152 0x0dbc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:52:23.0152 0x0dbc blbdrive - ok
23:52:23.0167 0x0dbc [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:52:23.0167 0x0dbc bowser - ok
23:52:23.0183 0x0dbc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:52:23.0183 0x0dbc BrFiltLo - ok
23:52:23.0183 0x0dbc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:52:23.0183 0x0dbc BrFiltUp - ok
23:52:23.0245 0x0dbc [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser C:\Windows\System32\browser.dll
23:52:23.0245 0x0dbc Browser - ok
23:52:23.0277 0x0dbc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:52:23.0292 0x0dbc Brserid - ok
23:52:23.0308 0x0dbc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:52:23.0308 0x0dbc BrSerWdm - ok
23:52:23.0323 0x0dbc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:52:23.0323 0x0dbc BrUsbMdm - ok
23:52:23.0339 0x0dbc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:52:23.0339 0x0dbc BrUsbSer - ok
23:52:23.0355 0x0dbc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:52:23.0355 0x0dbc BTHMODEM - ok
23:52:23.0386 0x0dbc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:52:23.0386 0x0dbc bthserv - ok
23:52:23.0433 0x0dbc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:52:23.0433 0x0dbc cdfs - ok
23:52:23.0464 0x0dbc [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:52:23.0464 0x0dbc cdrom - ok
23:52:23.0495 0x0dbc [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
23:52:23.0511 0x0dbc CertPropSvc - ok
23:52:23.0604 0x0dbc [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:52:23.0620 0x0dbc cfWiMAXService - ok
23:52:23.0651 0x0dbc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:52:23.0651 0x0dbc circlass - ok
23:52:23.0698 0x0dbc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
23:52:23.0713 0x0dbc CLFS - ok
23:52:23.0791 0x0dbc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:52:23.0791 0x0dbc clr_optimization_v2.0.50727_32 - ok
23:52:23.0823 0x0dbc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:52:23.0838 0x0dbc clr_optimization_v2.0.50727_64 - ok
23:52:23.0869 0x0dbc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:52:23.0869 0x0dbc CmBatt - ok
23:52:23.0869 0x0dbc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:52:23.0869 0x0dbc cmdide - ok
23:52:23.0947 0x0dbc [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG C:\Windows\system32\Drivers\cng.sys
23:52:23.0979 0x0dbc CNG - ok
23:52:24.0072 0x0dbc [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:52:24.0088 0x0dbc CnxtHdAudService - ok
23:52:24.0119 0x0dbc [ 89C99AB4AE9535F727791592D84D4821, 4DE537467CC39BF3532EDDA3FE0F054654B369D8BBA8B3356FA7D2E8CB374493 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys
23:52:24.0135 0x0dbc CnxtHdmiAudService - ok
23:52:24.0166 0x0dbc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:52:24.0166 0x0dbc Compbatt - ok
23:52:24.0197 0x0dbc [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:52:24.0197 0x0dbc CompositeBus - ok
23:52:24.0213 0x0dbc COMSysApp - ok
23:52:24.0244 0x0dbc [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:52:24.0244 0x0dbc ConfigFree Service - ok
23:52:24.0259 0x0dbc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:52:24.0259 0x0dbc crcdisk - ok
23:52:24.0322 0x0dbc [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:52:24.0322 0x0dbc CryptSvc - ok
23:52:24.0369 0x0dbc [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:52:24.0384 0x0dbc DcomLaunch - ok
23:52:24.0431 0x0dbc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:52:24.0431 0x0dbc defragsvc - ok
23:52:24.0478 0x0dbc [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:52:24.0478 0x0dbc DfsC - ok
23:52:24.0540 0x0dbc [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:52:24.0556 0x0dbc Dhcp - ok
23:52:24.0571 0x0dbc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:52:24.0571 0x0dbc discache - ok
23:52:24.0618 0x0dbc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:52:24.0618 0x0dbc Disk - ok
23:52:24.0665 0x0dbc [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:52:24.0665 0x0dbc Dnscache - ok
23:52:24.0696 0x0dbc [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
23:52:24.0696 0x0dbc dot3svc - ok
23:52:24.0743 0x0dbc [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
23:52:24.0743 0x0dbc DPS - ok
23:52:24.0774 0x0dbc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:52:24.0774 0x0dbc drmkaud - ok
23:52:24.0837 0x0dbc [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:52:24.0852 0x0dbc DXGKrnl - ok
23:52:24.0899 0x0dbc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:52:24.0899 0x0dbc EapHost - ok
23:52:25.0055 0x0dbc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:52:25.0133 0x0dbc ebdrv - ok
23:52:25.0180 0x0dbc [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
23:52:25.0180 0x0dbc EFS - ok
23:52:25.0242 0x0dbc [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:52:25.0258 0x0dbc ehRecvr - ok
23:52:25.0273 0x0dbc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:52:25.0273 0x0dbc ehSched - ok
23:52:25.0320 0x0dbc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:52:25.0320 0x0dbc elxstor - ok
23:52:25.0336 0x0dbc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:52:25.0336 0x0dbc ErrDev - ok
23:52:25.0398 0x0dbc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:52:25.0414 0x0dbc EventSystem - ok
23:52:25.0429 0x0dbc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:52:25.0429 0x0dbc exfat - ok
23:52:25.0476 0x0dbc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:52:25.0476 0x0dbc fastfat - ok
23:52:25.0539 0x0dbc [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
23:52:25.0554 0x0dbc Fax - ok
23:52:25.0570 0x0dbc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:52:25.0570 0x0dbc fdc - ok
23:52:25.0585 0x0dbc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:52:25.0585 0x0dbc fdPHost - ok
23:52:25.0617 0x0dbc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:52:25.0617 0x0dbc FDResPub - ok
23:52:25.0648 0x0dbc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:52:25.0648 0x0dbc FileInfo - ok
23:52:25.0679 0x0dbc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:52:25.0679 0x0dbc Filetrace - ok
23:52:25.0695 0x0dbc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:52:25.0695 0x0dbc flpydisk - ok
23:52:25.0741 0x0dbc [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:52:25.0757 0x0dbc FltMgr - ok
23:52:25.0819 0x0dbc [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache C:\Windows\system32\FntCache.dll
23:52:25.0851 0x0dbc FontCache - ok
23:52:25.0882 0x0dbc [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:52:25.0897 0x0dbc FontCache3.0.0.0 - ok
23:52:25.0913 0x0dbc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:52:25.0913 0x0dbc FsDepends - ok
23:52:25.0944 0x0dbc [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:52:25.0944 0x0dbc Fs_Rec - ok
23:52:25.0975 0x0dbc [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:52:25.0991 0x0dbc fvevol - ok
23:52:26.0038 0x0dbc [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
23:52:26.0038 0x0dbc FwLnk - ok
23:52:26.0053 0x0dbc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:52:26.0053 0x0dbc gagp30kx - ok
23:52:26.0131 0x0dbc [ 1A0B9D84BEB3306F728BC3009D432F5C, 66BCE24D679A312148141F55D0F10BD0F771261CC481B81D6921448CA77F0974 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
23:52:26.0147 0x0dbc GameConsoleService - ok
23:52:26.0241 0x0dbc [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
23:52:26.0256 0x0dbc gpsvc - ok
23:52:26.0287 0x0dbc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:52:26.0287 0x0dbc hcw85cir - ok
23:52:26.0334 0x0dbc [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:52:26.0334 0x0dbc HdAudAddService - ok
23:52:26.0365 0x0dbc [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:52:26.0365 0x0dbc HDAudBus - ok
23:52:26.0412 0x0dbc [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:52:26.0412 0x0dbc HECIx64 - ok
23:52:26.0428 0x0dbc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:52:26.0428 0x0dbc HidBatt - ok
23:52:26.0459 0x0dbc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:52:26.0459 0x0dbc HidBth - ok
23:52:26.0475 0x0dbc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:52:26.0475 0x0dbc HidIr - ok
23:52:26.0506 0x0dbc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:52:26.0506 0x0dbc hidserv - ok
23:52:26.0537 0x0dbc [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:52:26.0537 0x0dbc HidUsb - ok
23:52:26.0553 0x0dbc [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
23:52:26.0568 0x0dbc hkmsvc - ok
23:52:26.0584 0x0dbc [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:52:26.0599 0x0dbc HomeGroupListener - ok
23:52:26.0631 0x0dbc [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:52:26.0631 0x0dbc HomeGroupProvider - ok
23:52:26.0677 0x0dbc [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:52:26.0677 0x0dbc HpSAMD - ok
23:52:26.0709 0x0dbc [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:52:26.0724 0x0dbc HTTP - ok
23:52:26.0755 0x0dbc [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:52:26.0755 0x0dbc hwpolicy - ok
23:52:26.0787 0x0dbc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:52:26.0787 0x0dbc i8042prt - ok
23:52:26.0880 0x0dbc [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:52:26.0896 0x0dbc iaStor - ok
23:52:26.0958 0x0dbc [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:52:26.0974 0x0dbc iaStorV - ok
23:52:27.0036 0x0dbc [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:52:27.0067 0x0dbc idsvc - ok
23:52:27.0083 0x0dbc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:52:27.0083 0x0dbc iirsp - ok
23:52:27.0130 0x0dbc [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
23:52:27.0145 0x0dbc IKEEXT - ok
23:52:27.0177 0x0dbc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:52:27.0177 0x0dbc intelide - ok
23:52:27.0208 0x0dbc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:52:27.0208 0x0dbc intelppm - ok
23:52:27.0223 0x0dbc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:52:27.0223 0x0dbc IPBusEnum - ok
23:52:27.0255 0x0dbc [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:52:27.0255 0x0dbc IpFilterDriver - ok
23:52:27.0286 0x0dbc [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:52:27.0301 0x0dbc iphlpsvc - ok
23:52:27.0317 0x0dbc [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:52:27.0333 0x0dbc IPMIDRV - ok
23:52:27.0333 0x0dbc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:52:27.0348 0x0dbc IPNAT - ok
23:52:27.0379 0x0dbc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:52:27.0379 0x0dbc IRENUM - ok
23:52:27.0411 0x0dbc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:52:27.0411 0x0dbc isapnp - ok
23:52:27.0442 0x0dbc [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:52:27.0442 0x0dbc iScsiPrt - ok
23:52:27.0489 0x0dbc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:52:27.0489 0x0dbc kbdclass - ok
23:52:27.0520 0x0dbc [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:52:27.0520 0x0dbc kbdhid - ok
23:52:27.0535 0x0dbc [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
23:52:27.0535 0x0dbc KeyIso - ok
23:52:27.0567 0x0dbc [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:52:27.0567 0x0dbc KSecDD - ok
23:52:27.0582 0x0dbc [ A8C63880EF6F4D3FEC7B616B9C060215, 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:52:27.0582 0x0dbc KSecPkg - ok
23:52:27.0598 0x0dbc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:52:27.0598 0x0dbc ksthunk - ok
23:52:27.0645 0x0dbc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:52:27.0645 0x0dbc KtmRm - ok
23:52:27.0707 0x0dbc [ 55480B9C63F3F91A8EBBADCBF28FE581, 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
23:52:27.0707 0x0dbc L1C - ok
23:52:27.0754 0x0dbc [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer C:\Windows\system32\srvsvc.dll
23:52:27.0769 0x0dbc LanmanServer - ok
23:52:27.0785 0x0dbc [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:52:27.0785 0x0dbc LanmanWorkstation - ok
23:52:27.0816 0x0dbc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:52:27.0832 0x0dbc lltdio - ok
23:52:27.0863 0x0dbc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:52:27.0879 0x0dbc lltdsvc - ok
23:52:27.0894 0x0dbc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:52:27.0894 0x0dbc lmhosts - ok
23:52:27.0957 0x0dbc [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:52:27.0972 0x0dbc LMS - ok
23:52:28.0035 0x0dbc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:52:28.0035 0x0dbc LSI_FC - ok
23:52:28.0066 0x0dbc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:52:28.0066 0x0dbc LSI_SAS - ok
23:52:28.0113 0x0dbc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:52:28.0113 0x0dbc LSI_SAS2 - ok
23:52:28.0128 0x0dbc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:52:28.0128 0x0dbc LSI_SCSI - ok
23:52:28.0175 0x0dbc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:52:28.0191 0x0dbc luafv - ok
23:52:28.0237 0x0dbc [ B96CE1C01E17DA93AE6831587700B04B, 1C188D843A9A3DD87954494A6E57830FC6A413F587FC3DD7727368122126ADF1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:52:28.0237 0x0dbc MBAMSwissArmy - ok
23:52:28.0269 0x0dbc [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:52:28.0284 0x0dbc Mcx2Svc - ok
23:52:28.0378 0x0dbc [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:52:28.0393 0x0dbc MDM - ok
23:52:28.0409 0x0dbc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:52:28.0409 0x0dbc megasas - ok
23:52:28.0425 0x0dbc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:52:28.0425 0x0dbc MegaSR - ok
23:52:28.0471 0x0dbc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:52:28.0471 0x0dbc MMCSS - ok
23:52:28.0503 0x0dbc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:52:28.0503 0x0dbc Modem - ok
23:52:28.0534 0x0dbc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:52:28.0534 0x0dbc monitor - ok
23:52:28.0565 0x0dbc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:52:28.0565 0x0dbc mouclass - ok
23:52:28.0581 0x0dbc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:52:28.0581 0x0dbc mouhid - ok
23:52:28.0612 0x0dbc [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:52:28.0612 0x0dbc mountmgr - ok
23:52:28.0627 0x0dbc [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:52:28.0627 0x0dbc mpio - ok
23:52:28.0690 0x0dbc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:52:28.0690 0x0dbc mpsdrv - ok
23:52:28.0752 0x0dbc [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:52:28.0768 0x0dbc MpsSvc - ok
23:52:28.0783 0x0dbc [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:52:28.0783 0x0dbc MRxDAV - ok
23:52:28.0799 0x0dbc [ 767A4C3BCF9410C286CED15A2DB17108, D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:52:28.0815 0x0dbc mrxsmb - ok
23:52:28.0830 0x0dbc [ 920EE0FF995FCFDEB08C41605A959E1C, 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:52:28.0830 0x0dbc mrxsmb10 - ok
23:52:28.0861 0x0dbc [ 740D7EA9D72C981510A5292CF6ADC941, C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:52:28.0861 0x0dbc mrxsmb20 - ok
23:52:28.0877 0x0dbc [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:52:28.0877 0x0dbc msahci - ok
23:52:28.0893 0x0dbc [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:52:28.0893 0x0dbc msdsm - ok
23:52:28.0924 0x0dbc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:52:28.0924 0x0dbc MSDTC - ok
23:52:28.0939 0x0dbc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:52:28.0939 0x0dbc Msfs - ok
23:52:28.0971 0x0dbc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:52:28.0971 0x0dbc mshidkmdf - ok
23:52:28.0986 0x0dbc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:52:28.0986 0x0dbc msisadrv - ok
23:52:29.0033 0x0dbc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:52:29.0033 0x0dbc MSiSCSI - ok
23:52:29.0033 0x0dbc msiserver - ok
23:52:29.0064 0x0dbc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:52:29.0064 0x0dbc MSKSSRV - ok
23:52:29.0095 0x0dbc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:52:29.0095 0x0dbc MSPCLOCK - ok
23:52:29.0095 0x0dbc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:52:29.0095 0x0dbc MSPQM - ok
23:52:29.0127 0x0dbc [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:52:29.0127 0x0dbc MsRPC - ok
23:52:29.0158 0x0dbc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:52:29.0158 0x0dbc mssmbios - ok
23:52:29.0205 0x0dbc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:52:29.0205 0x0dbc MSTEE - ok
23:52:29.0220 0x0dbc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:52:29.0220 0x0dbc MTConfig - ok
23:52:29.0236 0x0dbc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:52:29.0236 0x0dbc Mup - ok
23:52:29.0267 0x0dbc [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
23:52:29.0283 0x0dbc napagent - ok
23:52:29.0345 0x0dbc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:52:29.0361 0x0dbc NativeWifiP - ok
23:52:29.0407 0x0dbc [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
23:52:29.0423 0x0dbc NDIS - ok
23:52:29.0454 0x0dbc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:52:29.0470 0x0dbc NdisCap - ok
23:52:29.0485 0x0dbc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:52:29.0485 0x0dbc NdisTapi - ok
23:52:29.0517 0x0dbc [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:52:29.0517 0x0dbc Ndisuio - ok
23:52:29.0548 0x0dbc [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:52:29.0548 0x0dbc NdisWan - ok
23:52:29.0563 0x0dbc [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:52:29.0563 0x0dbc NDProxy - ok
23:52:29.0641 0x0dbc [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:52:29.0673 0x0dbc Nero BackItUp Scheduler 4.0 - ok
23:52:29.0719 0x0dbc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:52:29.0719 0x0dbc NetBIOS - ok
23:52:29.0735 0x0dbc [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:52:29.0751 0x0dbc NetBT - ok
23:52:29.0766 0x0dbc [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
23:52:29.0766 0x0dbc Netlogon - ok
23:52:29.0797 0x0dbc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:52:29.0813 0x0dbc Netman - ok
23:52:29.0844 0x0dbc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:52:29.0860 0x0dbc netprofm - ok
23:52:29.0891 0x0dbc [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:52:29.0891 0x0dbc NetTcpPortSharing - ok
23:52:29.0938 0x0dbc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:52:29.0938 0x0dbc nfrd960 - ok
23:52:29.0969 0x0dbc [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
23:52:29.0985 0x0dbc NlaSvc - ok
23:52:30.0000 0x0dbc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:52:30.0016 0x0dbc Npfs - ok
23:52:30.0047 0x0dbc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:52:30.0047 0x0dbc nsi - ok
23:52:30.0063 0x0dbc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:52:30.0063 0x0dbc nsiproxy - ok
23:52:30.0172 0x0dbc [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:52:30.0203 0x0dbc Ntfs - ok
23:52:30.0250 0x0dbc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:52:30.0250 0x0dbc Null - ok
23:52:30.0312 0x0dbc [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:52:30.0312 0x0dbc nvraid - ok
23:52:30.0343 0x0dbc [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:52:30.0359 0x0dbc nvstor - ok
23:52:30.0390 0x0dbc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:52:30.0390 0x0dbc nv_agp - ok
23:52:30.0421 0x0dbc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:52:30.0421 0x0dbc ohci1394 - ok
23:52:30.0453 0x0dbc [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:52:30.0468 0x0dbc ose - ok
23:52:30.0499 0x0dbc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:52:30.0515 0x0dbc p2pimsvc - ok
23:52:30.0546 0x0dbc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:52:30.0562 0x0dbc p2psvc - ok
23:52:30.0577 0x0dbc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:52:30.0577 0x0dbc Parport - ok
23:52:30.0609 0x0dbc [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:52:30.0609 0x0dbc partmgr - ok
23:52:30.0640 0x0dbc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
23:52:30.0640 0x0dbc PcaSvc - ok
23:52:30.0671 0x0dbc [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
23:52:30.0687 0x0dbc pci - ok
23:52:30.0687 0x0dbc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:52:30.0702 0x0dbc pciide - ok
23:52:30.0718 0x0dbc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:52:30.0718 0x0dbc pcmcia - ok
23:52:30.0765 0x0dbc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:52:30.0765 0x0dbc pcw - ok
23:52:30.0796 0x0dbc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:52:30.0811 0x0dbc PEAUTH - ok
23:52:30.0874 0x0dbc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:52:30.0874 0x0dbc PerfHost - ok
23:52:30.0905 0x0dbc [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
23:52:30.0905 0x0dbc PGEffect - ok
23:52:30.0983 0x0dbc [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
23:52:31.0030 0x0dbc pla - ok
23:52:31.0077 0x0dbc [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:52:31.0077 0x0dbc PlugPlay - ok
23:52:31.0108 0x0dbc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:52:31.0108 0x0dbc PNRPAutoReg - ok
23:52:31.0139 0x0dbc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:52:31.0139 0x0dbc PNRPsvc - ok
23:52:31.0186 0x0dbc [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:52:31.0201 0x0dbc PolicyAgent - ok
23:52:31.0233 0x0dbc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:52:31.0233 0x0dbc Power - ok
23:52:31.0279 0x0dbc [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:52:31.0279 0x0dbc PptpMiniport - ok
23:52:31.0295 0x0dbc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:52:31.0295 0x0dbc Processor - ok
23:52:31.0326 0x0dbc [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc C:\Windows\system32\profsvc.dll
23:52:31.0342 0x0dbc ProfSvc - ok
23:52:31.0357 0x0dbc [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:52:31.0357 0x0dbc ProtectedStorage - ok
23:52:31.0389 0x0dbc [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:52:31.0389 0x0dbc Psched - ok
23:52:31.0451 0x0dbc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:52:31.0482 0x0dbc ql2300 - ok
23:52:31.0513 0x0dbc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:52:31.0513 0x0dbc ql40xx - ok
23:52:31.0545 0x0dbc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:52:31.0560 0x0dbc QWAVE - ok
23:52:31.0560 0x0dbc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:52:31.0576 0x0dbc QWAVEdrv - ok
23:52:31.0591 0x0dbc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:52:31.0607 0x0dbc RasAcd - ok
23:52:31.0638 0x0dbc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:52:31.0638 0x0dbc RasAgileVpn - ok
23:52:31.0654 0x0dbc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:52:31.0654 0x0dbc RasAuto - ok
23:52:31.0685 0x0dbc [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:52:31.0701 0x0dbc Rasl2tp - ok
23:52:31.0732 0x0dbc [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
23:52:31.0747 0x0dbc RasMan - ok
23:52:31.0779 0x0dbc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:52:31.0779 0x0dbc RasPppoe - ok
23:52:31.0794 0x0dbc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:52:31.0794 0x0dbc RasSstp - ok
23:52:31.0825 0x0dbc [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:52:31.0841 0x0dbc rdbss - ok
23:52:31.0857 0x0dbc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:52:31.0857 0x0dbc rdpbus - ok
23:52:31.0872 0x0dbc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:52:31.0872 0x0dbc RDPCDD - ok
23:52:31.0903 0x0dbc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:52:31.0903 0x0dbc RDPENCDD - ok
23:52:31.0903 0x0dbc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:52:31.0903 0x0dbc RDPREFMP - ok
23:52:31.0935 0x0dbc [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:52:31.0935 0x0dbc RDPWD - ok
23:52:31.0981 0x0dbc [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:52:31.0997 0x0dbc rdyboost - ok
23:52:32.0028 0x0dbc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:52:32.0044 0x0dbc RemoteAccess - ok
23:52:32.0075 0x0dbc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:52:32.0075 0x0dbc RemoteRegistry - ok
23:52:32.0106 0x0dbc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:52:32.0106 0x0dbc RpcEptMapper - ok
23:52:32.0137 0x0dbc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:52:32.0137 0x0dbc RpcLocator - ok
23:52:32.0169 0x0dbc [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
23:52:32.0184 0x0dbc RpcSs - ok
23:52:32.0231 0x0dbc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:52:32.0231 0x0dbc rspndr - ok
23:52:32.0293 0x0dbc [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
23:52:32.0293 0x0dbc RSUSBSTOR - ok
23:52:32.0371 0x0dbc [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
23:52:32.0403 0x0dbc rtl8192se - ok
23:52:32.0418 0x0dbc [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
23:52:32.0418 0x0dbc SamSs - ok
23:52:32.0449 0x0dbc [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:52:32.0449 0x0dbc sbp2port - ok
23:52:32.0481 0x0dbc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:52:32.0481 0x0dbc SCardSvr - ok
23:52:32.0496 0x0dbc [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:52:32.0496 0x0dbc scfilter - ok
23:52:32.0559 0x0dbc [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule C:\Windows\system32\schedsvc.dll
23:52:32.0574 0x0dbc Schedule - ok
23:52:32.0605 0x0dbc [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:52:32.0605 0x0dbc SCPolicySvc - ok
23:52:32.0637 0x0dbc [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:52:32.0637 0x0dbc SDRSVC - ok
23:52:32.0715 0x0dbc [ 3E0CFF5F0A9D23E327703D72CEA5253F, AC307AB7E9A2B7E078DE5AC4CD9EA00F159BB07605410B8C0DBC046ABBB5C654 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:52:32.0730 0x0dbc SeaPort - ok
23:52:32.0761 0x0dbc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:52:32.0761 0x0dbc secdrv - ok
23:52:32.0793 0x0dbc [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
23:52:32.0793 0x0dbc seclogon - ok
23:52:32.0808 0x0dbc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:52:32.0808 0x0dbc SENS - ok
23:52:32.0824 0x0dbc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:52:32.0839 0x0dbc SensrSvc - ok
23:52:32.0855 0x0dbc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:52:32.0855 0x0dbc Serenum - ok
23:52:32.0871 0x0dbc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:52:32.0871 0x0dbc Serial - ok
23:52:32.0886 0x0dbc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:52:32.0886 0x0dbc sermouse - ok
23:52:32.0933 0x0dbc [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
23:52:32.0933 0x0dbc SessionEnv - ok
23:52:32.0949 0x0dbc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:52:32.0964 0x0dbc sffdisk - ok
23:52:32.0980 0x0dbc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:52:32.0980 0x0dbc sffp_mmc - ok
23:52:32.0995 0x0dbc [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:52:32.0995 0x0dbc sffp_sd - ok
23:52:33.0011 0x0dbc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:52:33.0011 0x0dbc sfloppy - ok
23:52:33.0042 0x0dbc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:52:33.0058 0x0dbc SharedAccess - ok
23:52:33.0089 0x0dbc [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:52:33.0105 0x0dbc ShellHWDetection - ok
23:52:33.0120 0x0dbc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:52:33.0120 0x0dbc SiSRaid2 - ok
23:52:33.0151 0x0dbc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:52:33.0151 0x0dbc SiSRaid4 - ok
23:52:33.0183 0x0dbc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:52:33.0183 0x0dbc Smb - ok
23:52:33.0229 0x0dbc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:52:33.0229 0x0dbc SNMPTRAP - ok
23:52:33.0276 0x0dbc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:52:33.0276 0x0dbc spldr - ok
23:52:33.0307 0x0dbc [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler C:\Windows\System32\spoolsv.exe
23:52:33.0323 0x0dbc Spooler - ok
23:52:33.0479 0x0dbc [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
23:52:33.0557 0x0dbc sppsvc - ok
23:52:33.0573 0x0dbc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:52:33.0573 0x0dbc sppuinotify - ok
23:52:33.0619 0x0dbc [ 37C3ABC2338010E110D2A6A3930F3149, EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:52:33.0619 0x0dbc srv - ok
23:52:33.0651 0x0dbc [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:52:33.0651 0x0dbc srv2 - ok
23:52:33.0697 0x0dbc [ CCE32BB223E9FF55D241099A858FA889, A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:52:33.0713 0x0dbc srvnet - ok
23:52:33.0760 0x0dbc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:52:33.0760 0x0dbc SSDPSRV - ok
23:52:33.0775 0x0dbc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:52:33.0791 0x0dbc SstpSvc - ok
23:52:33.0822 0x0dbc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:52:33.0822 0x0dbc stexstor - ok
23:52:33.0869 0x0dbc [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
23:52:33.0885 0x0dbc stisvc - ok
23:52:33.0916 0x0dbc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:52:33.0916 0x0dbc swenum - ok
23:52:33.0963 0x0dbc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:52:33.0978 0x0dbc swprv - ok
23:52:34.0009 0x0dbc [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:52:34.0025 0x0dbc SynTP - ok
23:52:34.0103 0x0dbc [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
23:52:34.0165 0x0dbc SysMain - ok
23:52:34.0197 0x0dbc [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:52:34.0197 0x0dbc TabletInputService - ok
23:52:34.0228 0x0dbc [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:52:34.0228 0x0dbc TapiSrv - ok
23:52:34.0259 0x0dbc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:52:34.0259 0x0dbc TBS - ok
23:52:34.0353 0x0dbc [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:52:34.0399 0x0dbc Tcpip - ok
23:52:34.0509 0x0dbc [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:52:34.0540 0x0dbc TCPIP6 - ok
23:52:34.0587 0x0dbc [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:52:34.0587 0x0dbc tcpipreg - ok
23:52:34.0633 0x0dbc [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:52:34.0633 0x0dbc tdcmdpst - ok
23:52:34.0633 0x0dbc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:52:34.0633 0x0dbc TDPIPE - ok
23:52:34.0665 0x0dbc [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:52:34.0665 0x0dbc TDTCP - ok
23:52:34.0696 0x0dbc [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:52:34.0696 0x0dbc tdx - ok
23:52:34.0774 0x0dbc [ 1B43FDBFE5A98F6B3D90595C6B2E5277, B13068E99FD301887C12EACDB94DB0B87F1186569AEAD65C1553E74B462EE972 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
23:52:34.0774 0x0dbc TemproMonitoringService - ok
23:52:34.0821 0x0dbc [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:52:34.0821 0x0dbc TermDD - ok
23:52:34.0867 0x0dbc [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
23:52:34.0883 0x0dbc TermService - ok
23:52:34.0899 0x0dbc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:52:34.0899 0x0dbc Themes - ok
23:52:34.0914 0x0dbc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:52:34.0914 0x0dbc THREADORDER - ok
23:52:34.0961 0x0dbc [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:52:34.0977 0x0dbc TMachInfo - ok
23:52:35.0008 0x0dbc [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
23:52:35.0023 0x0dbc TODDSrv - ok
23:52:35.0101 0x0dbc [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:52:35.0117 0x0dbc TosCoSrv - ok
23:52:35.0195 0x0dbc [ 3E6756677E16532D235C6CB20614F369, 97CA12C3B7B535307EADA0093394BF1682BDD10A14D392BD187BD3E7B9A19B93 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
23:52:35.0211 0x0dbc TOSHIBA eco Utility Service - ok
23:52:35.0289 0x0dbc [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:52:35.0289 0x0dbc TOSHIBA HDD SSD Alert Service - ok
23:52:35.0382 0x0dbc [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
23:52:35.0398 0x0dbc TPCHSrv - ok
23:52:35.0429 0x0dbc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:52:35.0429 0x0dbc TrkWks - ok
23:52:35.0491 0x0dbc [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:52:35.0491 0x0dbc TrustedInstaller - ok
23:52:35.0523 0x0dbc [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:35.0523 0x0dbc tssecsrv - ok
23:52:35.0569 0x0dbc [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:52:35.0569 0x0dbc tunnel - ok
23:52:35.0616 0x0dbc [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:52:35.0616 0x0dbc TVALZ - ok
23:52:35.0663 0x0dbc [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
23:52:35.0663 0x0dbc TVALZFL - ok
23:52:35.0694 0x0dbc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:52:35.0694 0x0dbc uagp35 - ok
23:52:35.0710 0x0dbc [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:52:35.0725 0x0dbc udfs - ok
23:52:35.0757 0x0dbc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:52:35.0757 0x0dbc UI0Detect - ok
23:52:35.0788 0x0dbc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:52:35.0788 0x0dbc uliagpkx - ok
23:52:35.0819 0x0dbc [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:52:35.0819 0x0dbc umbus - ok
23:52:35.0819 0x0dbc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:52:35.0835 0x0dbc UmPass - ok
23:52:35.0975 0x0dbc [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:52:36.0037 0x0dbc UNS - ok
23:52:36.0069 0x0dbc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:52:36.0084 0x0dbc upnphost - ok
23:52:36.0115 0x0dbc [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:36.0115 0x0dbc usbccgp - ok
23:52:36.0131 0x0dbc [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:52:36.0131 0x0dbc usbcir - ok
23:52:36.0147 0x0dbc [ CB490987A7F6928A04BB838E3BD8A936, 51D1E6A6F17A8482B526668032CC9F563F655C2EC413101566187CE8D7B6B5F4 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:52:36.0147 0x0dbc usbehci - ok
23:52:36.0209 0x0dbc [ 18124EF0A881A00EE222D02A3EE30270, 8FBD652F03C5F114BD3661BFA9A5D2A56CE5F5C8D67A5876409E0B055D97D038 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:52:36.0225 0x0dbc usbhub - ok
23:52:36.0240 0x0dbc [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:52:36.0240 0x0dbc usbohci - ok
23:52:36.0271 0x0dbc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:52:36.0271 0x0dbc usbprint - ok
23:52:36.0303 0x0dbc [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:52:36.0303 0x0dbc usbscan - ok
23:52:36.0318 0x0dbc [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:36.0318 0x0dbc USBSTOR - ok
23:52:36.0349 0x0dbc [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:52:36.0349 0x0dbc usbuhci - ok
23:52:36.0381 0x0dbc [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:52:36.0396 0x0dbc usbvideo - ok
23:52:36.0412 0x0dbc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:52:36.0412 0x0dbc UxSms - ok
23:52:36.0427 0x0dbc [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
23:52:36.0427 0x0dbc VaultSvc - ok
23:52:36.0459 0x0dbc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:52:36.0459 0x0dbc vdrvroot - ok
23:52:36.0505 0x0dbc [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
23:52:36.0521 0x0dbc vds - ok
23:52:36.0537 0x0dbc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:36.0537 0x0dbc vga - ok
23:52:36.0537 0x0dbc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:52:36.0537 0x0dbc VgaSave - ok
23:52:36.0552 0x0dbc [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:52:36.0568 0x0dbc vhdmp - ok
23:52:36.0583 0x0dbc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:52:36.0583 0x0dbc viaide - ok
23:52:36.0599 0x0dbc [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:52:36.0599 0x0dbc volmgr - ok
23:52:36.0630 0x0dbc [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:52:36.0630 0x0dbc volmgrx - ok
23:52:36.0661 0x0dbc [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:52:36.0677 0x0dbc volsnap - ok
23:52:36.0693 0x0dbc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:52:36.0693 0x0dbc vsmraid - ok
23:52:36.0786 0x0dbc [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
23:52:36.0833 0x0dbc VSS - ok
23:52:36.0849 0x0dbc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:52:36.0849 0x0dbc vwifibus - ok
23:52:36.0880 0x0dbc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:52:36.0880 0x0dbc vwififlt - ok
23:52:36.0911 0x0dbc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:52:36.0911 0x0dbc vwifimp - ok
23:52:36.0942 0x0dbc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:52:36.0942 0x0dbc W32Time - ok
23:52:36.0989 0x0dbc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:52:36.0989 0x0dbc WacomPen - ok
23:52:37.0020 0x0dbc [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:52:37.0020 0x0dbc WANARP - ok
23:52:37.0036 0x0dbc [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:52:37.0036 0x0dbc Wanarpv6 - ok
23:52:37.0114 0x0dbc [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
23:52:37.0145 0x0dbc wbengine - ok
23:52:37.0176 0x0dbc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:52:37.0176 0x0dbc WbioSrvc - ok
23:52:37.0207 0x0dbc [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:52:37.0207 0x0dbc wcncsvc - ok
23:52:37.0239 0x0dbc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:52:37.0239 0x0dbc WcsPlugInService - ok
23:52:37.0270 0x0dbc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:52:37.0270 0x0dbc Wd - ok
23:52:37.0301 0x0dbc [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:52:37.0317 0x0dbc Wdf01000 - ok
23:52:37.0363 0x0dbc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:52:37.0363 0x0dbc WdiServiceHost - ok
23:52:37.0379 0x0dbc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:52:37.0379 0x0dbc WdiSystemHost - ok
23:52:37.0410 0x0dbc [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient C:\Windows\System32\webclnt.dll
23:52:37.0410 0x0dbc WebClient - ok
23:52:37.0426 0x0dbc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:52:37.0441 0x0dbc Wecsvc - ok
23:52:37.0457 0x0dbc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:52:37.0473 0x0dbc wercplsupport - ok
23:52:37.0488 0x0dbc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:52:37.0504 0x0dbc WerSvc - ok
23:52:37.0535 0x0dbc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:52:37.0535 0x0dbc WfpLwf - ok
23:52:37.0566 0x0dbc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:52:37.0566 0x0dbc WIMMount - ok
23:52:37.0582 0x0dbc WinDefend - ok
23:52:37.0582 0x0dbc WinHttpAutoProxySvc - ok
23:52:37.0660 0x0dbc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:52:37.0660 0x0dbc Winmgmt - ok
23:52:37.0816 0x0dbc [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
23:52:37.0878 0x0dbc WinRM - ok
23:52:37.0941 0x0dbc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:52:37.0956 0x0dbc Wlansvc - ok
23:52:38.0128 0x0dbc [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:52:38.0190 0x0dbc wlidsvc - ok
23:52:38.0221 0x0dbc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:52:38.0221 0x0dbc WmiAcpi - ok
23:52:38.0253 0x0dbc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:52:38.0268 0x0dbc wmiApSrv - ok
23:52:38.0315 0x0dbc WMPNetworkSvc - ok
23:52:38.0331 0x0dbc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:52:38.0331 0x0dbc WPCSvc - ok
23:52:38.0346 0x0dbc [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:52:38.0346 0x0dbc WPDBusEnum - ok
23:52:38.0362 0x0dbc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:52:38.0377 0x0dbc ws2ifsl - ok
23:52:38.0409 0x0dbc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:52:38.0409 0x0dbc wscsvc - ok
23:52:38.0409 0x0dbc WSearch - ok
23:52:38.0565 0x0dbc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
23:52:38.0627 0x0dbc wuauserv - ok
23:52:38.0658 0x0dbc [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:52:38.0658 0x0dbc WudfPf - ok
23:52:38.0689 0x0dbc [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:38.0689 0x0dbc WUDFRd - ok
23:52:38.0721 0x0dbc [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:52:38.0721 0x0dbc wudfsvc - ok
23:52:38.0736 0x0dbc [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:52:38.0752 0x0dbc WwanSvc - ok
23:52:38.0783 0x0dbc ================ Scan global ===============================
23:52:38.0814 0x0dbc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:52:38.0830 0x0dbc [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:52:38.0845 0x0dbc [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:52:38.0877 0x0dbc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:52:38.0923 0x0dbc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:52:38.0939 0x0dbc [ Global ] - ok
23:52:38.0939 0x0dbc ================ Scan MBR ==================================
23:52:38.0939 0x0dbc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:52:39.0204 0x0dbc \Device\Harddisk0\DR0 - ok
23:52:39.0204 0x0dbc ================ Scan VBR ==================================
23:52:39.0220 0x0dbc [ C502F4BB1CE2A15E2F3DA9B076B8C751 ] \Device\Harddisk0\DR0\Partition1
23:52:39.0220 0x0dbc \Device\Harddisk0\DR0\Partition1 - ok
23:52:39.0251 0x0dbc [ 8EDDCD5EF53B12440ED58D2DCABDA2AB ] \Device\Harddisk0\DR0\Partition2
23:52:39.0251 0x0dbc \Device\Harddisk0\DR0\Partition2 - ok
23:52:39.0251 0x0dbc ================ Scan generic autorun ======================
23:52:39.0251 0x0dbc SynTPEnh - ok
23:52:39.0313 0x0dbc [ F9EF20F6FDA1444C0864BD7AEDC10CAF, E6A18BD7200E7DE7599753DA27469AEC479A315931956D457547F243FCB92C2A ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
23:52:39.0329 0x0dbc TosSENotify - ok
23:52:39.0329 0x0dbc TosReelTimeMonitor - ok
23:52:39.0345 0x0dbc TosNC - ok
23:52:39.0407 0x0dbc [ BACA0077A128322183F1A323A51EF7E4, 21C72EC574B7C2DD1480036CAD2C5DA15CACE2123A0608AD779292A94EACF39F ] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
23:52:39.0423 0x0dbc Toshiba TEMPRO - ok
23:52:39.0485 0x0dbc [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
23:52:39.0501 0x0dbc SmartAudio - ok
23:52:39.0532 0x0dbc [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
23:52:39.0532 0x0dbc cAudioFilterAgent - ok
23:52:39.0532 0x0dbc TPwrMain - ok
23:52:39.0547 0x0dbc HSON - ok
23:52:39.0547 0x0dbc SmoothView - ok
23:52:39.0547 0x0dbc 00TCrdMain - ok
23:52:39.0547 0x0dbc SmartFaceVWatcher - ok
23:52:39.0563 0x0dbc Teco - ok
23:52:39.0563 0x0dbc TosWaitSrv - ok
23:52:39.0579 0x0dbc [ F82483A80D49ACCA81193A294FB233CD, 7EEA9E7F62A92AD98569B1A4F4809D91D7ED671821A738EB75BC6E469DB44494 ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
23:52:39.0579 0x0dbc TosVolRegulator - ok
23:52:39.0641 0x0dbc [ 104A28EA683C17D5470B3934D158142D, 286E7AF73C94D5CCD9F84C83C5343F385290D786D130701C367E56D5681A751C ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
23:52:39.0641 0x0dbc Toshiba Registration - ok
23:52:39.0703 0x0dbc [ 80A02F5ADDDF2D615B85A4F19424DCBB, BBAC2A551CE02625FD7F3944D4EBDC7EF5C9F2C9D698449D77695C2B1DC1CE45 ] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
23:52:39.0735 0x0dbc NBAgent - ok
23:52:39.0781 0x0dbc [ 1846FCC3B3640682C5EAC1B1A42F10F3, 579B94A6CD52DC419C90398512E535FA5097BB4F757EDF171AC1B0EB7742E3FC ] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
23:52:39.0797 0x0dbc Bing Bar - ok
23:52:39.0844 0x0dbc [ 9ED4F1D990A3D16112155EA2D50E7975, D2BAA0ACE51286774D9BC622FEE650AD918DF44AEC0BA1E43D28C1E70408FCBF ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
23:52:39.0844 0x0dbc Microsoft Default Manager - ok
23:52:39.0891 0x0dbc [ 21EE540CC1AC0F16E34BE3D84BF93269, 1A4F67879043DCD622F9280E359D9BB189EF1C2FF23FB101606808740EA25B42 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:52:39.0891 0x0dbc StartCCC - ok
23:52:40.0015 0x0dbc [ F7E0783DA9043BC131BB37C77EDB04DF, CD24E9B89789BE57230C52B24E63F29C6E650876E5FB0CB1304390B7E698FF93 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
23:52:40.0062 0x0dbc TWebCamera - ok
23:52:40.0140 0x0dbc [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
23:52:40.0171 0x0dbc ToshibaServiceStation - ok
23:52:40.0234 0x0dbc [ 0600CB2613BEA0C6C0987B58D56D77B9, BFA2AC5BBC90E49A7A1C4D890C79ED4A757CB4C9C8215174F51430962BF346F4 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:52:40.0234 0x0dbc Adobe Reader Speed Launcher - ok
23:52:40.0312 0x0dbc [ B63E5C7807334A3A8F731062F15462CC, F4E501F749C10C44E8F501A34D8DD309892968BE70DA17734267BBCDDC351444 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:52:40.0343 0x0dbc Adobe ARM - ok
23:52:40.0405 0x0dbc [ CA1F035A177457B47F9B7D669FE3E91A, ACA93529F3AFD1F9B51B51A192D69321095465321E4382DD857138F45F37C5F7 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
23:52:40.0405 0x0dbc Avira Systray - ok
23:52:40.0624 0x0dbc [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
23:52:40.0655 0x0dbc avgnt - ok
23:52:40.0764 0x0dbc [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:52:40.0795 0x0dbc Sidebar - ok
23:52:40.0827 0x0dbc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:52:40.0827 0x0dbc mctadmin - ok
23:52:40.0889 0x0dbc [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:52:40.0905 0x0dbc Sidebar - ok
23:52:40.0920 0x0dbc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:52:40.0920 0x0dbc mctadmin - ok
23:52:41.0123 0x0dbc [ 05973FB5F863CDB65852D88ADB383A33, BD10E37E9B42D03719AA4FE595F44FEB75E0D598E7E36480506AF18D8236F21F ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
23:52:41.0232 0x0dbc TOSHIBA Online Product Information - ok
23:52:41.0232 0x0dbc Waiting for KSN requests completion. In queue: 62
23:52:42.0246 0x0dbc Waiting for KSN requests completion. In queue: 62
23:52:43.0260 0x0dbc Waiting for KSN requests completion. In queue: 62
23:52:44.0290 0x0dbc AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x41000 ( enabled : updated )
23:52:44.0306 0x0dbc Win FW state via NFP2: enabled
23:52:46.0770 0x0dbc ============================================================
23:52:46.0770 0x0dbc Scan finished
23:52:46.0770 0x0dbc ============================================================
23:52:46.0786 0x1574 Detected object count: 0
23:52:46.0786 0x1574 Actual detected object count: 0
|
|
05.07.2014, 22:58
| #11 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Ok, jetzt aber FRST...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
06.07.2014, 07:43
| #12 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 okay habs. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Petra (administrator) on PETRA-TOSH on 06-07-2014 08:37:24
Running from C:\Users\Petra\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe [243032 2010-03-04] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-624067999-1713132423-900167343-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL =
SearchScopes: HKCU - {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL =
SearchScopes: HKCU - {88E2EDE3-79A1-41F8-873F-FCDEB8B3656F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {B994B10A-6731-49FB-B606-B5D30A86B333} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-05-10]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-07-05] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-06 08:37 - 2014-07-06 08:37 - 00015940 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:27 - 2010-03-04 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-07-06 00:03 - 2013-03-19 08:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 07:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-07-06 00:03 - 2013-03-19 07:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-06 00:03 - 2013-03-19 07:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 06:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-07-06 00:03 - 2013-03-19 05:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-07-06 00:03 - 2011-11-17 09:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-06 00:03 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-06 00:03 - 2011-10-15 08:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-07-06 00:03 - 2011-10-15 07:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-07-06 00:03 - 2011-02-23 07:15 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-07-06 00:03 - 2010-10-16 07:17 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-07-06 00:03 - 2010-10-16 06:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-07-06 00:03 - 2010-08-27 08:14 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-07-06 00:03 - 2010-08-27 07:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-07-06 00:03 - 2010-08-27 05:38 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-07-06 00:02 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-07-06 00:01 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-07-06 00:01 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-07-05 23:49 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-05 23:37 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-05 23:37 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-05 23:37 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-05 23:37 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:24 - 2014-07-06 08:37 - 00000000 ____D () C:\FRST
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 20:36 - 2014-07-05 23:10 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 23:10 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-05 20:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 20:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 21:12 - 2014-07-04 21:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:09 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 21:07 - 2014-07-04 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:05 - 2014-07-03 09:15 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp
==================== One Month Modified Files and Folders =======
2014-07-06 08:37 - 2014-07-06 08:37 - 00015940 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:37 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST
2014-07-06 08:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 08:35 - 2009-07-14 06:51 - 00319940 _____ () C:\Windows\setupact.log
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:31 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-06 08:25 - 2012-06-18 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 23:56 - 2010-11-12 19:11 - 01994592 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 23:39 - 2009-07-14 19:58 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2014-07-05 23:39 - 2009-07-14 19:58 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2014-07-05 23:39 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 23:10 - 2014-07-05 20:36 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 23:10 - 2014-07-05 20:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 23:09 - 2011-12-02 06:30 - 00253052 _____ () C:\Windows\PFRO.log
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 21:05 - 2011-12-02 06:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C71483C9-395E-4E5F-99DC-10583995EFF5}
2014-07-05 20:45 - 2010-11-12 19:32 - 00000000 ____D () C:\Windows\OemDrv
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 22:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:10 - 2014-07-04 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:10 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:15 - 2014-07-03 09:05 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-24 20:39 - 2014-07-04 21:09 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp
2014-06-16 08:08 - 2011-12-11 19:40 - 443683667 _____ () C:\Windows\MEMORY.DMP
2014-06-16 08:08 - 2011-12-11 19:40 - 00000000 ____D () C:\Windows\Minidump
Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\AskSLib.dll
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\Petra\AppData\Local\Temp\{BFD1420D-B4AE-40FD-AC33-9E4D016534D7}.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-07-01 10:40
==================== End Of Log ============================
--- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Petra (administrator) on PETRA-TOSH on 06-07-2014 08:40:42
Running from C:\Users\Petra\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe [243032 2010-03-04] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-624067999-1713132423-900167343-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL =
SearchScopes: HKCU - {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL =
SearchScopes: HKCU - {88E2EDE3-79A1-41F8-873F-FCDEB8B3656F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {B994B10A-6731-49FB-B606-B5D30A86B333} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-05-10]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-07-05] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-06 08:37 - 2014-07-06 08:40 - 00016492 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:27 - 2010-03-04 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-07-06 00:03 - 2013-03-19 08:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 07:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-07-06 00:03 - 2013-03-19 07:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-06 00:03 - 2013-03-19 07:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 06:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-07-06 00:03 - 2013-03-19 05:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-07-06 00:03 - 2011-11-17 09:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-06 00:03 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-06 00:03 - 2011-10-15 08:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-07-06 00:03 - 2011-10-15 07:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-07-06 00:03 - 2011-02-23 07:15 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-07-06 00:03 - 2010-10-16 07:17 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-07-06 00:03 - 2010-10-16 06:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-07-06 00:03 - 2010-08-27 08:14 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-07-06 00:03 - 2010-08-27 07:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-07-06 00:03 - 2010-08-27 05:38 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-07-06 00:02 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-07-06 00:01 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-07-06 00:01 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-07-05 23:49 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-05 23:37 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-05 23:37 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-05 23:37 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-05 23:37 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:24 - 2014-07-06 08:40 - 00000000 ____D () C:\FRST
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 20:36 - 2014-07-05 23:10 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 23:10 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-05 20:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 20:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 21:12 - 2014-07-04 21:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:09 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 21:07 - 2014-07-04 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:05 - 2014-07-03 09:15 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp
==================== One Month Modified Files and Folders =======
2014-07-06 08:40 - 2014-07-06 08:37 - 00016492 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:40 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST
2014-07-06 08:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 08:35 - 2009-07-14 06:51 - 00319940 _____ () C:\Windows\setupact.log
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:31 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-06 08:25 - 2012-06-18 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 23:56 - 2010-11-12 19:11 - 02022700 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 23:39 - 2009-07-14 19:58 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2014-07-05 23:39 - 2009-07-14 19:58 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2014-07-05 23:39 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 23:10 - 2014-07-05 20:36 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 23:10 - 2014-07-05 20:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 23:09 - 2011-12-02 06:30 - 00253052 _____ () C:\Windows\PFRO.log
2014-07-05 22:52 - 2010-11-12 19:32 - 00000000 ____D () C:\Windows\OemDrv
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 21:05 - 2011-12-02 06:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C71483C9-395E-4E5F-99DC-10583995EFF5}
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 22:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:10 - 2014-07-04 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:10 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:15 - 2014-07-03 09:05 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-24 20:39 - 2014-07-04 21:09 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp
2014-06-16 08:08 - 2011-12-11 19:40 - 443683667 _____ () C:\Windows\MEMORY.DMP
2014-06-16 08:08 - 2011-12-11 19:40 - 00000000 ____D () C:\Windows\Minidump
Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\AskSLib.dll
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\Petra\AppData\Local\Temp\{BFD1420D-B4AE-40FD-AC33-9E4D016534D7}.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-07-01 10:40
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Petra at 2014-07-06 08:41:35
Running from C:\Users\Petra\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version: - Amazon EU S.a.r.L.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1401.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 5.0.1399.0 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0426.2136.36953 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help English (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help French (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help German (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0426.2136.36953 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 2.0.271.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Nero 9 Essentials (HKLM-x32\...\{35a33a96-0edd-4bcb-ab72-e736eb49ef5d}) (Version: - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero Express Help (x32 Version: 9.4.34.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.25002 - Nero AG)
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.34.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Photo Service - powered by myphotobook (x32 Version: 1.0.7 - myphotobook GmbH) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.152 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}) (Version: 8.0.29 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Restore Points =========================
22-01-2014 08:37:32 Geplanter Prüfpunkt
15-02-2014 11:52:55 Geplanter Prüfpunkt
05-03-2014 10:44:00 Geplanter Prüfpunkt
13-03-2014 09:40:22 Geplanter Prüfpunkt
22-03-2014 08:15:26 Geplanter Prüfpunkt
31-03-2014 10:03:16 Geplanter Prüfpunkt
14-04-2014 14:02:46 Geplanter Prüfpunkt
04-05-2014 06:48:21 Geplanter Prüfpunkt
24-05-2014 12:00:10 Geplanter Prüfpunkt
01-06-2014 06:46:21 Windows Update
01-07-2014 08:47:23 Geplanter Prüfpunkt
05-07-2014 21:36:32 Windows Update
05-07-2014 21:49:16 Windows Update
06-07-2014 06:25:59 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {27C27DD4-C68A-4ED0-86E0-52EB04A61BC2} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {DEB799E3-76C2-4E97-9052-3A6C656EEC58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-03-17 17:01 - 2010-03-17 17:01 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-03-09 14:31 - 2010-03-09 14:31 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-10 12:06 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-12 19:16 - 2010-11-12 19:16 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-30 12:05 - 2014-06-30 12:05 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-04 21:10 - 2014-06-30 12:08 - 00049744 _____ () C:\Users\Petra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17685178.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50767848.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17685178.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50767848.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0xD0000022
6.1.7600.16385
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x13f4
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3
Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (07/06/2014 08:32:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.07.2014 um 08:29:13 unerwartet heruntergefahren.
Error: (07/06/2014 08:25:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (07/05/2014 11:15:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
avkmgr
Error: (07/05/2014 11:14:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/05/2014 11:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/05/2014 11:10:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mbamchameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/05/2014 11:10:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
avkmgr
Error: (07/05/2014 11:09:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (07/05/2014 11:09:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (07/05/2014 11:01:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Microsoft Office Sessions:
=========================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7600.16385
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d6e801cf988e8aa72017C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc908938c-0481-11e4-acf2-00266c936d90
Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d13f401cf988e8a9d9a95C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc906322b-0481-11e4-acf2-00266c936d90
Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
CodeIntegrity Errors:
===================================
Date: 2014-06-23 19:17:42.923
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\a471079.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-23 19:17:42.912
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\a471079.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 3958.84 MB
Available physical RAM: 2231.27 MB
Total Pagefile: 7915.82 MB
Available Pagefile: 5968.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:148.81 GB) (Free:106.66 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.88 GB) (Free:140.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 316FAB32)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.07.2014, 08:20
| #13 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Hi, da ist noch so einiges zu tun. Wir machen so weiter: Schritt 1 Bitte deinstalliere folgende Programme: Java(TM) 6 Update 17 Deinstalliere es bei Windows 7  über Systemsteuerung/Programme. Schritt 2 Scan mit  Malwarebytes AntimalwareUnter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits". Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten". Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...) Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle. Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread. Schritt 3 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
06.07.2014, 19:36
| #14 |
| | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.07.2014 Suchlauf-Zeit: 19:07:01 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.06.06 Rootkit Datenbank: v2014.07.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Petra Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 271891 Verstrichene Zeit: 18 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=d41b62cfa6c8304ab65c47850f544a13
# engine=19046
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-06 06:34:06
# local_time=2014-07-06 08:34:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 6261 1036501 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 74663 157077317 0 0
# scanned=151037
# found=1
# cleaned=0
# scan_time=2899
sh=E25EDA782B23085570F643F6D9FC95F3540D3905 ft=1 fh=505f46cb9dc52e14 vn="Variante von Win64/Rootkit.Kryptik.Z Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\05.07.2014_23.15.27\necurs0000\svc0000\tsk0000.dta"
|
|
06.07.2014, 19:54
| #15 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 Hi, sieht gut aus! Bevor wir den PC absichern noch diese Schritte: Schritt 1  Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
Reboot:
Der PC startet neu. Dann: Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 |
| antivir, autorun, blockiert, diner dash, excel, flash player, format, install.exe, malware, programm, realtek, security, software, svchost.exe, virus, win64/rootkit.kryptik.z, windows |
Linear-Darstellung
