G data blockiert , keine Systemwiederherstellung möglich , Taskmanager funktioniert nicht

Steffen 70 · 29.03.2015, 16:31

Hallo ,

seit kurzem gibt mir mein PC Rätsel auf.
Windows 7 32bit
Gdata lässt sich nicht mehr ausführen,angeblich sind nicht alle
Komponenten installiert,auch nach Neuinstallierung gehts nicht
Systemwiederherstellung geht nicht mehr
Taskmanager lässt sich nicht mehr starten
Irgendwie sperrt sich mein Rechner gegen jeden Rettungsversuch

Ich habe kürzlich den Link in einer Mail von DHlL geöffnet war wohl eine Spam.
Bin echt ratlos wie ich meinen PC noch retten kann

Viele Grüsse Steffen

deeprybka · 29.03.2015, 17:31

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Steffen 70 · 31.03.2015, 09:41

Hallo,

hier mal der Scan

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Steffen (administrator) on STEFFEN-PC on 31-03-2015 10:39:03
Running from C:\Users\Steffen\Downloads
Loaded Profiles: Steffen (Available profiles: Steffen & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
() C:\Program Files\AntiBrowserSpy\BrowserMask.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\AntiBrowserSpy\SocialBlock_ProxyCheck.exe
() C:\Program Files\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Akamai Technologies, Inc.) C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [323584 2006-04-20] (AVM Berlin GmbH)
HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe [855216 2014-12-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: {27a82824-2466-11df-ad1a-003067031c7a} - G:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: {e245abf6-f955-11e3-ab17-003067031c7a} - F:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3764681053-1311214435-963443542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {15A29993-9DCD-469B-8AB5-678C5F72FF3E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=de_DE
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {81CE708B-5104-4C62-B333-94B417473B29} URL = hxxp://go.mail.com/br/ie9_search_web/?su={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-23] (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-23] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll [2012-11-23] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-11-23] (Sun Microsystems, Inc.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3764681053-1311214435-963443542-1000: @autodesk.com/DWF -> C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll [2011-01-24] (Autodesk)

Chrome: 
=======
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-04]
CHR Extension: (Google Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-04]
CHR Extension: (avast! WebRep) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-03-04]
CHR Extension: (Gmail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "98730404f2d3d842" service could not be unlocked. <===== ATTENTION

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] () [File not signed]
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] () [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] () [File not signed]
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] () [File not signed]
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] () [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] () [File not signed]
S3 agp440; C:\Windows\system32\drivers\agp440.sys [53312 2009-07-14] () [File not signed]
S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] () [File not signed]
S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] () [File not signed]
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [53312 2009-07-14] () [File not signed]
S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] () [File not signed]
R3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [52736 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2011-03-11] () [File not signed]
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-11] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-14] () [File not signed]
R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4194816 2009-07-14] () [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] () [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] () [File not signed]
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [14080 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [369968 2015-01-15] () [File not signed]
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [19024 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [730048 2014-06-16] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] () [File not signed]
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] () [File not signed]
R3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] () [File not signed]
R3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [19968 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] () [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] () [File not signed]
S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2015-03-27] (G Data Software AG)
S1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2015-03-27] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2015-03-27] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-03-27] (G Data Software AG)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] () [File not signed]
R3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] () [File not signed]
S1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2015-03-27] (G Data Software AG)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] () [File not signed]
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] () [File not signed]
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [53760 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2010-11-20] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2015-01-15] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2015-01-15] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-31] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed]
R3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x32.sys [347264 2009-07-14] () [File not signed]
S3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [8939296 2013-02-26] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] () [File not signed]
R3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [13312 2007-10-12] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] () [File not signed]
R2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12368 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [13824 2009-07-14] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] () [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-14] () [File not signed]
S3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2013-08-29] () [File not signed]
S3 USBSTOR; C:\Windows\system32\drivers\USBSTOR.SYS [76288 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-27] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] () [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] () [File not signed]
U5 98730404f2d3d842; C:\Windows\System32\Drivers\98730404f2d3d842.sys [81408 2015-02-27] () <===== ATTENTION Necurs Rootkit?
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] () [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 13:28 - 2015-03-30 13:28 - 00027102 _____ () C:\Users\Steffen\Downloads\Addition.txt
2015-03-30 13:27 - 2015-03-30 13:27 - 00001106 _____ () C:\Users\Steffen\Desktop\FRST - Verknüpfung.lnk
2015-03-30 13:26 - 2015-03-31 10:39 - 00034526 _____ () C:\Users\Steffen\Downloads\FRST.txt
2015-03-30 13:26 - 2015-03-31 10:39 - 00000000 ____D () C:\FRST
2015-03-30 13:26 - 2015-03-30 13:26 - 01135104 _____ (Farbar) C:\Users\Steffen\Downloads\FRST.exe
2015-03-27 23:42 - 2015-03-27 23:45 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2015-03-27 23:41 - 2015-03-27 23:41 - 00000000 ____D () C:\ProgramData\Brother
2015-03-27 22:11 - 2015-03-27 22:11 - 311218386 _____ () C:\Windows\MEMORY.DMP
2015-03-27 22:11 - 2015-03-27 22:11 - 00143800 _____ () C:\Windows\Minidump\032715-18798-01.dmp
2015-03-27 21:00 - 2015-03-31 09:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 21:00 - 2015-03-27 21:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-27 21:00 - 2015-03-27 21:00 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-27 21:00 - 2015-03-27 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-27 21:00 - 2015-03-27 21:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-27 21:00 - 2015-03-17 07:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-27 21:00 - 2015-03-17 07:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-27 21:00 - 2015-03-17 07:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-27 20:57 - 2015-03-27 21:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-03-27 20:47 - 2015-03-31 09:27 - 00000728 _____ () C:\Windows\setupact.log
2015-03-27 20:47 - 2015-03-30 11:56 - 00012366 _____ () C:\Windows\PFRO.log
2015-03-27 20:47 - 2015-03-27 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-27 20:03 - 2015-03-27 22:36 - 00004306 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 20:00 - 2015-03-27 20:00 - 00003520 _____ () C:\Users\Steffen\Documents\cc_20150327_190017.reg
2015-03-27 19:36 - 2015-03-27 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity CBE
2015-03-27 19:28 - 2015-03-27 19:28 - 00002008 _____ () C:\Users\Public\Desktop\G Data InternetSecurity CBE.lnk
2015-03-27 19:25 - 2015-03-27 19:25 - 00056832 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-03-27 19:22 - 2015-03-27 19:22 - 00053248 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00101504 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00050176 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00044544 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-03-27 19:19 - 2015-03-27 19:19 - 00000000 ____D () C:\Program Files\Common Files\G Data
2015-03-27 18:38 - 2015-03-27 18:38 - 00001037 _____ () C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2015-03-27 18:38 - 2015-03-27 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2015-03-19 13:43 - 2015-03-19 13:43 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00002171 _____ () C:\Users\Public\Desktop\SolidView Lite 2014.lnk
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\ProgramData\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\Program Files\Solid Concepts Inc
2015-03-19 12:55 - 2015-03-19 13:41 - 163663800 _____ (Solid Concepts Inc) C:\Users\Steffen\Downloads\svlite_2014v0_x86.exe
2015-03-09 17:44 - 2015-03-09 17:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-09 17:35 - 2015-03-09 17:35 - 00057337 _____ () C:\Users\Steffen\Downloads\Drehteile (2).zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 09:27 - 2012-11-18 17:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-31 09:27 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 13:29 - 2009-07-14 06:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 13:29 - 2009-07-14 06:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 13:28 - 2010-02-28 14:47 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 16:42 - 2013-07-20 09:16 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2015-03-28 16:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-27 23:45 - 2013-03-08 13:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-27 23:45 - 2010-08-07 16:25 - 00000000 ____D () C:\Program Files\Brother
2015-03-27 23:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2015-03-27 22:33 - 2014-07-22 18:17 - 00000000 ____D () C:\Users\Steffen\Downloads\Neuer Ordner
2015-03-27 22:18 - 2010-11-07 13:25 - 00498176 ___SH () C:\Users\Steffen\Documents\Thumbs.db
2015-03-27 22:11 - 2010-04-07 12:10 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 21:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Web
2015-03-27 19:55 - 2014-05-08 19:09 - 00000000 ____D () C:\ProgramData\G Data
2015-03-27 19:55 - 2012-09-03 08:32 - 00000000 ____D () C:\Program Files\AntiBrowserSpy
2015-03-27 19:21 - 2014-05-08 20:11 - 00001558 _____ () C:\Users\Steffen\AppData\Roaming\gdscan.log
2015-03-27 19:19 - 2014-05-08 20:10 - 00000000 ____D () C:\Program Files\G Data
2015-03-27 18:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\spool
2015-03-27 18:34 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\winevt
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\SMI
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\MUI
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\com
2015-03-27 18:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-27 18:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 22:23 - 2012-12-17 18:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 17:48 - 2015-01-20 13:28 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird.bak
2015-03-09 16:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2012-05-23 17:35 - 2012-09-03 09:24 - 0000048 _____ () C:\Users\Steffen\AppData\Roaming\AcroIEHelpe.txt
2012-08-26 13:44 - 2012-09-03 10:06 - 0000017 _____ () C:\Users\Steffen\AppData\Roaming\blckdom.res
2014-05-08 20:11 - 2014-05-08 20:11 - 0000000 _____ () C:\Users\Steffen\AppData\Roaming\gdfw.log
2014-05-08 20:11 - 2015-03-27 19:21 - 0001558 _____ () C:\Users\Steffen\AppData\Roaming\gdscan.log
2012-05-23 17:35 - 2012-05-23 17:35 - 0000264 _____ () C:\Users\Steffen\AppData\Roaming\srvblck5.tmp
2014-10-20 17:22 - 2014-10-20 17:22 - 0004096 ____H () C:\Users\Steffen\AppData\Local\keyfile3.drm
2014-05-08 19:55 - 2014-09-13 15:31 - 0007597 _____ () C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
2012-09-03 08:55 - 2012-09-03 08:55 - 0017408 _____ () C:\Users\Steffen\AppData\Local\WebpageIcons.db
2012-08-11 11:10 - 2012-08-11 11:38 - 4503728 ____T () C:\ProgramData\00etadpu.pad
2013-12-19 17:18 - 2013-12-19 17:20 - 95025368 ____T () C:\ProgramData\8odwoemq.fee
2013-12-19 17:18 - 2013-12-19 17:18 - 0000000 _____ () C:\ProgramData\8odwoemq.odd
2013-10-29 12:00 - 2013-10-29 12:02 - 95025368 ____T () C:\ProgramData\8zwwlhrq.bxx
2013-10-29 12:00 - 2013-10-29 12:00 - 0000000 _____ () C:\ProgramData\8zwwlhrq.fvv
2013-10-30 13:48 - 2013-10-30 13:49 - 95025368 ____T () C:\ProgramData\9oj69hf.bxx
2013-10-30 13:48 - 2013-10-30 13:48 - 0000000 _____ () C:\ProgramData\9oj69hf.fvv
2012-06-15 10:17 - 2012-06-15 10:17 - 4503728 ____T () C:\ProgramData\c_0_lpt.pad
2012-08-20 12:29 - 2012-08-20 12:30 - 4503728 ____T () C:\ProgramData\ism_0_llatsni.pad
2013-10-28 13:51 - 2013-10-28 13:53 - 95025368 ____T () C:\ProgramData\lzjb8av.bxx
2013-10-28 13:51 - 2013-10-28 13:51 - 0000000 _____ () C:\ProgramData\lzjb8av.fvv
2012-09-03 08:22 - 2012-09-03 08:23 - 4503728 ____T () C:\ProgramData\nud0repor.pad
2012-08-06 11:13 - 2012-08-06 11:14 - 4503728 ____T () C:\ProgramData\rat_0ybba.pad
2012-01-03 18:00 - 2012-01-03 18:04 - 0000440 ____H () C:\ProgramData\UeBUrRTJiwSDHt
2012-07-24 17:39 - 2012-07-24 17:40 - 4503728 ____T () C:\ProgramData\z7_0ytr.pad
2012-01-03 18:09 - 2012-01-03 18:09 - 0000296 _____ () C:\ProgramData\~UeBUrRTJiwSDHt
2012-01-03 18:09 - 2012-01-03 18:09 - 0000200 _____ () C:\ProgramData\~UeBUrRTJiwSDHtr

ZeroAccess:
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\@
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\00000004.@
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\1afb2d56
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\55490ac4

Files to move or delete:
====================
C:\ProgramData\00etadpu.pad
C:\ProgramData\8odwoemq.fee
C:\ProgramData\8odwoemq.odd
C:\ProgramData\8zwwlhrq.bxx
C:\ProgramData\8zwwlhrq.fvv
C:\ProgramData\9oj69hf.bxx
C:\ProgramData\9oj69hf.fvv
C:\ProgramData\c_0_lpt.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\lzjb8av.bxx
C:\ProgramData\lzjb8av.fvv
C:\ProgramData\nud0repor.pad
C:\ProgramData\rat_0ybba.pad
C:\ProgramData\z7_0ytr.pad


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2012-10-20 11:09] - [2010-11-20 14:30] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2015-03-19 11:19

==================== End Of Log ============================

--- --- ---

deeprybka · 31.03.2015, 10:58

Hallo,
Du hast echte Malware auf dem PC. Daher bis zum clean keine Geldgeschäfte oder sensible Logins mehr mit diesem PC. Passwörter von einem nicht-infizierten PC aus ändern.

Es fehlt noch die Addition.txt

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Steffen 70 · 31.03.2015, 11:13

Hallo,

hier noch die Addition txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Steffen at 2015-03-31 12:10:01
Running from C:\Users\Steffen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity CBE (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1und1 Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
1und1 Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 141 - Abelssoft)
Autodesk Design Review 2013 (HKLM\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Dassault Systemes Software VC10 Prerequisites x86 (HKLM\...\{B7066BF6-394F-4DA6-B21E-06DF44684816}) (Version: 10.1.1 - Dassault Systemes)
Dassault Systemes Software VC9 Prerequisites x86 (HKLM\...\{50BFDB3B-9CA8-477E-82FE-D3CD5F58F8C4}) (Version: 9.1.2 - Dassault Systemes)
DesignCAD Light 16.3 (HKLM\...\{B4E6AB20-5DBF-42C3-B67D-5E22C5F51D29}) (Version: 16.3 - IMSI)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
eDrawings 2014 (HKLM\...\{81A2E9BB-F9EF-4CF3-84C3-A75E1CE542B6}) (Version: 14.0.5006 - Dassault Systèmes SolidWorks Corp)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Unternehmer 12.0.0.5880u) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
G Data InternetSecurity CBE (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
J2SE Runtime Environment 5.0 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenSSL 1.0.0l Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
Solid Edge 2D Drafting ST6 (HKLM\...\{4DDED18B-9C9C-434B-95FE-CFA9C9EE626F}) (Version: 106.00.02005 - Siemens)
SolidView Lite 2014 (HKLM\...\{7F5CB40E-C3BF-4AAE-A05C-88EC949B9C25}) (Version: 14.0.0131 - Solid Concepts Inc)
STP Viewer 2.3 (HKLM\...\{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1) (Version:  - IdeaMK)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (07/31/2013 2.0.0.3) (HKLM\...\3C34FF4EF99EAC8D565419CDF431F96703771360) (Version: 07/31/2013 2.0.0.3 - 3D Robotics)
Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2012 5.1.2600.0) (HKLM\...\4414E25DD1DDB3A149E9A6222CA82E070C630A02) (Version: 11/15/2012 5.1.2600.0 - Arduino LLC (www.arduino.cc))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{EEFDB0DA-DD97-4F5D-8268-E4C2F6826CE7}\localserver32 -> C:\Program Files\Solid Edge 2D Drafting ST6\Program\PLMVis\Products\JT2Go\VisView.exe (Siemens)
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}\InprocServer32 -> No File Path

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2013-10-31 11:02 - 00000893 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B441022-AB98-44B1-AF2C-31FC0BC1A1DB} - System32\Tasks\AntiBrowserSpy - BrowserMask => C:\Program Files\AntiBrowserSpy\BrowserMask.exe [2014-01-13] ()
Task: {3A10ACAD-BD9D-48BD-A32E-580D563C4DBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {45B0C38E-87F4-4BE0-A9F2-E5F916340473} - System32\Tasks\{1F61290C-8E0C-4416-AEE5-1CEBB920A1AD} => pcalua.exe -a C:\PROGRA~1\bhv\DRAFTB~1.0\UNWISE32.EXE -c /Z /R C:\PROGRA~1\bhv\DRAFTB~1.0\INSTALL.LOG "DraftBoard Pocket 4.0"
Task: {52994C93-3B9F-45C4-94D6-E7EA53191B89} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {65D81529-5BD3-4B57-A165-FC90F36CD01F} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {696703F2-9B2C-4E51-B104-D6097FCD4AD9} - System32\Tasks\AntiBrowserSpy - SocialBlock - IE => C:\Program Files\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe [2014-01-13] ()
Task: {7C37AA85-98F3-40D9-BE59-EF4EBA7E8931} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {B2901578-B14F-404F-A90F-EF3F8A679913} - System32\Tasks\{2750B4D7-494F-428C-8A3C-19B2D344C44C} => C:\Program Files\bhv\DraftBoard Pocket 4.0\DraftBoard.exe [2005-02-28] (Concepts Technology Co., Ltd)
Task: {B8B6A3AE-A707-4734-9541-96D566563C6D} - System32\Tasks\AntiBrowserSpy - SocialBlock - IEProxyCheck => C:\Program Files\AntiBrowserSpy\SocialBlock_ProxyCheck.exe [2014-01-13] ()
Task: {D804DEA6-8DFD-469A-B001-AE7A11787A7C} - System32\Tasks\{B7C30487-AE42-4463-809F-B00DA8DA5F58} => pcalua.exe -a D:\FSetup.exe -d D:\
Task: {FAF08DF0-926A-4597-8AD2-128B0AF1BBF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-04] (Adobe Systems Incorporated)
Task: {FCAC9E6F-8017-474A-8237-B4A9CCA74AB7} - System32\Tasks\{E5549D03-68E0-4D25-A30A-ED02F2D126BD} => pcalua.exe -a "C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNCKPWEY\SE2DDraftV106GERMAN.exe" -d C:\Users\Steffen\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-04-10 12:50 - 2013-03-19 06:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2012-11-18 17:17 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-04-15 15:48 - 2001-10-28 16:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-03-27 18:38 - 2014-01-13 11:15 - 00823424 _____ () C:\Program Files\AntiBrowserSpy\BrowserMask.exe
2015-03-27 18:38 - 2014-01-13 11:15 - 00778240 _____ () C:\Program Files\AntiBrowserSpy\SocialBlock_ProxyCheck.exe
2015-03-27 18:38 - 2014-01-13 11:08 - 01136640 _____ () C:\Program Files\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\System32\pcwum.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Steffen\Downloads\Datenblatt für SMC 4100-T2 Schrittmotorcontroller.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steffen\Documents\Angebot.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Angebot.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Centerplatte bemaßt.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Centerplatte bemaßt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\depot.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\depot.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3764681053-1311214435-963443542-500 - Administrator - Disabled)
Gast (S-1-5-21-3764681053-1311214435-963443542-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3764681053-1311214435-963443542-1002 - Limited - Enabled)
Steffen (S-1-5-21-3764681053-1311214435-963443542-1000 - Administrator - Enabled) => C:\Users\Steffen
UpdatusUser (S-1-5-21-3764681053-1311214435-963443542-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: GDPkIcpt
Description: GDPkIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GDPkIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2015 11:23:17 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 11:23:00 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 10:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EModelViewer.exe, Version: 14.0.0.5006, Zeitstempel: 0x523b68b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.332, Zeitstempel: 0x4e1a9f56
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x3cd8
Startzeit der fehlerhaften Anwendung: 0xEModelViewer.exe0
Pfad der fehlerhaften Anwendung: EModelViewer.exe1
Pfad des fehlerhaften Moduls: EModelViewer.exe2
Berichtskennung: EModelViewer.exe3

Error: (03/31/2015 09:30:10 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (03/31/2015 09:28:10 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 09:28:05 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/30/2015 01:23:04 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/30/2015 01:23:00 PM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/30/2015 00:51:24 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/30/2015 11:57:34 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31


System errors:
=============
Error: (03/31/2015 00:01:40 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "STEFFEN-PC     :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.20
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/31/2015 00:01:40 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "STEFFEN-PC     :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.20
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/31/2015 00:01:40 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{FD3F84CA-8427-4FD4-AD26-67270566FB1F} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (03/31/2015 11:39:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/31/2015 11:39:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/31/2015 11:39:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/31/2015 11:39:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/31/2015 11:39:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/31/2015 11:39:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/31/2015 11:39:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (03/31/2015 11:23:17 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 11:23:00 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 10:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EModelViewer.exe14.0.0.5006523b68b4MSVCR100.dll10.0.40219.3324e1a9f56400000150008d6fd3cd801d06b8ed8e77198C:\Program Files\Common Files\eDrawings2014\EModelViewer.exeC:\Windows\system32\MSVCR100.dll9ba24d98-d782-11e4-a0da-00040ec9f7d9

Error: (03/31/2015 09:30:10 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7601.17514

Error: (03/31/2015 09:28:10 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 09:28:05 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/30/2015 01:23:04 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/30/2015 01:23:00 PM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/30/2015 00:51:24 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/30/2015 11:57:34 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31


CodeIntegrity Errors:
===================================
  Date: 2012-05-06 17:37:55.537
  Description: N/A

  Date: 2012-05-06 17:37:55.475
  Description: N/A

  Date: 2012-05-06 17:37:55.412
  Description: N/A

  Date: 2012-05-06 17:37:55.350
  Description: N/A

  Date: 2012-05-06 17:37:55.287
  Description: N/A

  Date: 2012-05-06 17:37:55.225
  Description: N/A

  Date: 2012-05-06 17:37:55.163
  Description: N/A

  Date: 2012-05-06 18:32:59.885
  Description: N/A

  Date: 2012-05-06 18:32:59.807
  Description: N/A

  Date: 2012-05-06 18:32:59.760
  Description: N/A


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 7550 Dual-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 3327.24 MB
Available physical RAM: 2404.2 MB
Total Pagefile: 6652.78 MB
Available Pagefile: 5173.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:187.42 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 79E5775B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Steffen (administrator) on STEFFEN-PC on 31-03-2015 12:09:24
Running from C:\Users\Steffen\Downloads
Loaded Profiles: Steffen (Available profiles: Steffen & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
() C:\Program Files\AntiBrowserSpy\BrowserMask.exe
() C:\Program Files\AntiBrowserSpy\SocialBlock_ProxyCheck.exe
() C:\Program Files\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Akamai Technologies, Inc.) C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [323584 2006-04-20] (AVM Berlin GmbH)
HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: {27a82824-2466-11df-ad1a-003067031c7a} - G:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: {e245abf6-f955-11e3-ab17-003067031c7a} - F:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3764681053-1311214435-963443542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {15A29993-9DCD-469B-8AB5-678C5F72FF3E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=de_DE
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {81CE708B-5104-4C62-B333-94B417473B29} URL = hxxp://go.mail.com/br/ie9_search_web/?su={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-23] (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-23] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll [2012-11-23] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-11-23] (Sun Microsystems, Inc.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3764681053-1311214435-963443542-1000: @autodesk.com/DWF -> C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll [2011-01-24] (Autodesk)

Chrome: 
=======
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-04]
CHR Extension: (Google Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-04]
CHR Extension: (avast! WebRep) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-03-04]
CHR Extension: (Gmail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "98730404f2d3d842" service could not be unlocked. <===== ATTENTION

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [730048 2014-06-16] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] () [File not signed]
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] () [File not signed]
R3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] () [File not signed]
R3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [19968 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] () [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] () [File not signed]
S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2015-03-27] (G Data Software AG)
S1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2015-03-27] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2015-03-27] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-03-27] (G Data Software AG)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] () [File not signed]
R3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] () [File not signed]
S1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2015-03-27] (G Data Software AG)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] () [File not signed]
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] () [File not signed]
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [53760 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2010-11-20] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2015-01-15] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2015-01-15] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-31] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed]
R3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x32.sys [347264 2009-07-14] () [File not signed]
S3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [8939296 2013-02-26] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] () [File not signed]
R3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [13312 2007-10-12] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] () [File not signed]
R2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12368 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [13824 2009-07-14] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] () [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-14] () [File not signed]
S3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2013-08-29] () [File not signed]
S3 USBSTOR; C:\Windows\system32\drivers\USBSTOR.SYS [76288 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-27] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] () [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] () [File not signed]
U5 98730404f2d3d842; C:\Windows\System32\Drivers\98730404f2d3d842.sys [81408 2015-02-27] () <===== ATTENTION Necurs Rootkit?
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 13:28 - 2015-03-30 13:28 - 00027102 _____ () C:\Users\Steffen\Downloads\Addition.txt
2015-03-30 13:27 - 2015-03-30 13:27 - 00001106 _____ () C:\Users\Steffen\Desktop\FRST - Verknüpfung.lnk
2015-03-30 13:26 - 2015-03-31 12:09 - 00029670 _____ () C:\Users\Steffen\Downloads\FRST.txt
2015-03-30 13:26 - 2015-03-31 12:09 - 00000000 ____D () C:\FRST
2015-03-30 13:26 - 2015-03-30 13:26 - 01135104 _____ (Farbar) C:\Users\Steffen\Downloads\FRST.exe
2015-03-27 23:42 - 2015-03-27 23:45 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2015-03-27 23:41 - 2015-03-27 23:41 - 00000000 ____D () C:\ProgramData\Brother
2015-03-27 22:11 - 2015-03-27 22:11 - 311218386 _____ () C:\Windows\MEMORY.DMP
2015-03-27 22:11 - 2015-03-27 22:11 - 00143800 _____ () C:\Windows\Minidump\032715-18798-01.dmp
2015-03-27 21:00 - 2015-03-31 09:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 21:00 - 2015-03-27 21:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-27 21:00 - 2015-03-27 21:00 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-27 21:00 - 2015-03-27 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-27 21:00 - 2015-03-27 21:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-27 21:00 - 2015-03-17 07:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-27 21:00 - 2015-03-17 07:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-27 21:00 - 2015-03-17 07:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-27 20:57 - 2015-03-27 21:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-03-27 20:47 - 2015-03-31 11:21 - 00000784 _____ () C:\Windows\setupact.log
2015-03-27 20:47 - 2015-03-30 11:56 - 00012366 _____ () C:\Windows\PFRO.log
2015-03-27 20:47 - 2015-03-27 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-27 20:03 - 2015-03-27 22:36 - 00004306 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 20:00 - 2015-03-27 20:00 - 00003520 _____ () C:\Users\Steffen\Documents\cc_20150327_190017.reg
2015-03-27 19:36 - 2015-03-27 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity CBE
2015-03-27 19:28 - 2015-03-27 19:28 - 00002008 _____ () C:\Users\Public\Desktop\G Data InternetSecurity CBE.lnk
2015-03-27 19:25 - 2015-03-27 19:25 - 00056832 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-03-27 19:22 - 2015-03-27 19:22 - 00053248 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00101504 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00050176 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00044544 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-03-27 19:19 - 2015-03-27 19:19 - 00000000 ____D () C:\Program Files\Common Files\G Data
2015-03-27 18:38 - 2015-03-27 18:38 - 00001037 _____ () C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2015-03-27 18:38 - 2015-03-27 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2015-03-19 13:43 - 2015-03-19 13:43 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00002171 _____ () C:\Users\Public\Desktop\SolidView Lite 2014.lnk
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\ProgramData\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\Program Files\Solid Concepts Inc
2015-03-19 12:55 - 2015-03-19 13:41 - 163663800 _____ (Solid Concepts Inc) C:\Users\Steffen\Downloads\svlite_2014v0_x86.exe
2015-03-09 17:44 - 2015-03-09 17:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-09 17:35 - 2015-03-09 17:35 - 00057337 _____ () C:\Users\Steffen\Downloads\Drehteile (2).zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 11:29 - 2009-07-14 06:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-31 11:29 - 2009-07-14 06:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-31 11:25 - 2010-02-28 14:47 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 11:21 - 2012-11-18 17:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-31 11:21 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 10:48 - 2013-07-20 09:16 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2015-03-28 16:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-27 23:45 - 2013-03-08 13:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-27 23:45 - 2010-08-07 16:25 - 00000000 ____D () C:\Program Files\Brother
2015-03-27 23:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2015-03-27 22:33 - 2014-07-22 18:17 - 00000000 ____D () C:\Users\Steffen\Downloads\Neuer Ordner
2015-03-27 22:18 - 2010-11-07 13:25 - 00498176 ___SH () C:\Users\Steffen\Documents\Thumbs.db
2015-03-27 22:11 - 2010-04-07 12:10 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 21:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Web
2015-03-27 19:55 - 2014-05-08 19:09 - 00000000 ____D () C:\ProgramData\G Data
2015-03-27 19:55 - 2012-09-03 08:32 - 00000000 ____D () C:\Program Files\AntiBrowserSpy
2015-03-27 19:21 - 2014-05-08 20:11 - 00001558 _____ () C:\Users\Steffen\AppData\Roaming\gdscan.log
2015-03-27 19:19 - 2014-05-08 20:10 - 00000000 ____D () C:\Program Files\G Data
2015-03-27 18:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\spool
2015-03-27 18:34 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\winevt
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\SMI
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\MUI
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\com
2015-03-27 18:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-27 18:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 22:23 - 2012-12-17 18:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 17:48 - 2015-01-20 13:28 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird.bak
2015-03-09 16:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2012-05-23 17:35 - 2012-09-03 09:24 - 0000048 _____ () C:\Users\Steffen\AppData\Roaming\AcroIEHelpe.txt
2012-08-26 13:44 - 2012-09-03 10:06 - 0000017 _____ () C:\Users\Steffen\AppData\Roaming\blckdom.res
2014-05-08 20:11 - 2014-05-08 20:11 - 0000000 _____ () C:\Users\Steffen\AppData\Roaming\gdfw.log
2014-05-08 20:11 - 2015-03-27 19:21 - 0001558 _____ () C:\Users\Steffen\AppData\Roaming\gdscan.log
2012-05-23 17:35 - 2012-05-23 17:35 - 0000264 _____ () C:\Users\Steffen\AppData\Roaming\srvblck5.tmp
2014-10-20 17:22 - 2014-10-20 17:22 - 0004096 ____H () C:\Users\Steffen\AppData\Local\keyfile3.drm
2014-05-08 19:55 - 2014-09-13 15:31 - 0007597 _____ () C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
2012-09-03 08:55 - 2012-09-03 08:55 - 0017408 _____ () C:\Users\Steffen\AppData\Local\WebpageIcons.db
2012-08-11 11:10 - 2012-08-11 11:38 - 4503728 ____T () C:\ProgramData\00etadpu.pad
2013-12-19 17:18 - 2013-12-19 17:20 - 95025368 ____T () C:\ProgramData\8odwoemq.fee
2013-12-19 17:18 - 2013-12-19 17:18 - 0000000 _____ () C:\ProgramData\8odwoemq.odd
2013-10-29 12:00 - 2013-10-29 12:02 - 95025368 ____T () C:\ProgramData\8zwwlhrq.bxx
2013-10-29 12:00 - 2013-10-29 12:00 - 0000000 _____ () C:\ProgramData\8zwwlhrq.fvv
2013-10-30 13:48 - 2013-10-30 13:49 - 95025368 ____T () C:\ProgramData\9oj69hf.bxx
2013-10-30 13:48 - 2013-10-30 13:48 - 0000000 _____ () C:\ProgramData\9oj69hf.fvv
2012-06-15 10:17 - 2012-06-15 10:17 - 4503728 ____T () C:\ProgramData\c_0_lpt.pad
2012-08-20 12:29 - 2012-08-20 12:30 - 4503728 ____T () C:\ProgramData\ism_0_llatsni.pad
2013-10-28 13:51 - 2013-10-28 13:53 - 95025368 ____T () C:\ProgramData\lzjb8av.bxx
2013-10-28 13:51 - 2013-10-28 13:51 - 0000000 _____ () C:\ProgramData\lzjb8av.fvv
2012-09-03 08:22 - 2012-09-03 08:23 - 4503728 ____T () C:\ProgramData\nud0repor.pad
2012-08-06 11:13 - 2012-08-06 11:14 - 4503728 ____T () C:\ProgramData\rat_0ybba.pad
2012-01-03 18:00 - 2012-01-03 18:04 - 0000440 ____H () C:\ProgramData\UeBUrRTJiwSDHt
2012-07-24 17:39 - 2012-07-24 17:40 - 4503728 ____T () C:\ProgramData\z7_0ytr.pad
2012-01-03 18:09 - 2012-01-03 18:09 - 0000296 _____ () C:\ProgramData\~UeBUrRTJiwSDHt
2012-01-03 18:09 - 2012-01-03 18:09 - 0000200 _____ () C:\ProgramData\~UeBUrRTJiwSDHtr

ZeroAccess:
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\@
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\00000004.@
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\1afb2d56
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\55490ac4

Files to move or delete:
====================
C:\ProgramData\00etadpu.pad
C:\ProgramData\8odwoemq.fee
C:\ProgramData\8odwoemq.odd
C:\ProgramData\8zwwlhrq.bxx
C:\ProgramData\8zwwlhrq.fvv
C:\ProgramData\9oj69hf.bxx
C:\ProgramData\9oj69hf.fvv
C:\ProgramData\c_0_lpt.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\lzjb8av.bxx
C:\ProgramData\lzjb8av.fvv
C:\ProgramData\nud0repor.pad
C:\ProgramData\rat_0ybba.pad
C:\ProgramData\z7_0ytr.pad


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2012-10-20 11:09] - [2010-11-20 14:30] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2015-03-19 11:19

==================== End Of Log ============================

--- --- ---

--- --- ---

deeprybka · 31.03.2015, 11:20

OK.

Dann so weiter:

Schritt 1
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Steffen 70 · 31.03.2015, 11:53

Hallo,

es sind 3 Log Dateien gespeichert .
Die größte ist aber zu groß um sie zu posten??

Steffen

[CODE12:27:16.0173 0x0628 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:27:20.0369 0x0628 ============================================================
12:27:20.0369 0x0628 Current date / time: 2015/03/31 12:27:20.0369
12:27:20.0369 0x0628 SystemInfo:
12:27:20.0369 0x0628
12:27:20.0369 0x0628 OS Version: 6.1.7601 ServicePack: 1.0
12:27:20.0369 0x0628 Product type: Workstation
12:27:20.0369 0x0628 ComputerName: STEFFEN-PC
12:27:20.0369 0x0628 UserName: Steffen
12:27:20.0369 0x0628 Windows directory: C:\Windows
12:27:20.0369 0x0628 System windows directory: C:\Windows
12:27:20.0369 0x0628 Processor architecture: Intel x86
12:27:20.0369 0x0628 Number of processors: 2
12:27:20.0369 0x0628 Page size: 0x1000
12:27:20.0369 0x0628 Boot type: Normal boot
12:27:20.0369 0x0628 ============================================================
12:27:22.0148 0x0628 KLMD registered as C:\Windows\system32\drivers\69785960.sys
12:28:56.0746 0x0628 Raw registry subsystem init failed!
12:28:56.0793 0x0628 System UUID: {46E0A9DE-26BC-4181-AEFA-41A238A50B07}
12:28:57.0152 0x0628 !crdlk
12:28:57.0152 0x0628 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:28:57.0152 0x0628 ============================================================
12:28:57.0152 0x0628 \Device\Harddisk0\DR0:
12:28:57.0152 0x0628 MBR partitions:
12:28:57.0152 0x0628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:28:57.0152 0x0628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:28:57.0152 0x0628 ============================================================
12:28:57.0183 0x0628 C: <-> \Device\Harddisk0\DR0\Partition2
12:28:57.0214 0x0628 E: <-> \Device\Harddisk0\DR0\Partition1
12:28:57.0214 0x0628 ============================================================
12:28:57.0214 0x0628 Initialize success
12:28:57.0214 0x0628 ============================================================
12:29:13.0984 0x1600 ============================================================
12:29:13.0984 0x1600 Scan started
12:29:13.0984 0x1600 Mode: Manual;
12:29:13.0984 0x1600 ============================================================
12:29:13.0984 0x1600 KSN ping started
12:29:27.0462 0x1600 KSN ping finished: true
12:29:27.0462 0x1600 ================ Scan system memory ========================
12:29:27.0462 0x1600 Scan was interrupted by user!
12:29:27.0525 0x1600 AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41010 ( enabled : outofdate )
12:29:27.0525 0x1600 FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
12:29:30.0005 0x1600 ============================================================
12:29:30.0005 0x1600 Scan finished
12:29:30.0005 0x1600 ============================================================
12:29:30.0005 0x0470 Detected object count: 0
12:29:30.0005 0x0470 Actual detected object count: 0
12:29:50.0535 0x1578 Deinitialize success
][/CODE]

Code:

ATTFilter

12:30:23.0272 0x1470  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:30:29.0372 0x1470  ============================================================
12:30:29.0372 0x1470  Current date / time: 2015/03/31 12:30:29.0372
12:30:29.0372 0x1470  SystemInfo:
12:30:29.0372 0x1470  
12:30:29.0372 0x1470  OS Version: 6.1.7601 ServicePack: 1.0
12:30:29.0372 0x1470  Product type: Workstation
12:30:29.0372 0x1470  ComputerName: STEFFEN-PC
12:30:29.0372 0x1470  UserName: Steffen
12:30:29.0372 0x1470  Windows directory: C:\Windows
12:30:29.0372 0x1470  System windows directory: C:\Windows
12:30:29.0372 0x1470  Processor architecture: Intel x86
12:30:29.0372 0x1470  Number of processors: 2
12:30:29.0372 0x1470  Page size: 0x1000
12:30:29.0372 0x1470  Boot type: Normal boot
12:30:29.0372 0x1470  ============================================================
12:30:31.0103 0x1470  KLMD registered as C:\Windows\system32\drivers\78456187.sys
12:30:40.0744 0x1470  KLMD registered as C:\Windows\system32\drivers\84929018.sys
12:30:41.0384 0x0828  Deinitialize success

Code:

ATTFilter

12:30:23.0272 0x1470  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:30:29.0372 0x1470  ============================================================
12:30:29.0372 0x1470  Current date / time: 2015/03/31 12:30:29.0372
12:30:29.0372 0x1470  SystemInfo:
12:30:29.0372 0x1470  
12:30:29.0372 0x1470  OS Version: 6.1.7601 ServicePack: 1.0
12:30:29.0372 0x1470  Product type: Workstation
12:30:29.0372 0x1470  ComputerName: STEFFEN-PC
12:30:29.0372 0x1470  UserName: Steffen
12:30:29.0372 0x1470  Windows directory: C:\Windows
12:30:29.0372 0x1470  System windows directory: C:\Windows
12:30:29.0372 0x1470  Processor architecture: Intel x86
12:30:29.0372 0x1470  Number of processors: 2
12:30:29.0372 0x1470  Page size: 0x1000
12:30:29.0372 0x1470  Boot type: Normal boot
12:30:29.0372 0x1470  ============================================================
12:30:31.0103 0x1470  KLMD registered as C:\Windows\system32\drivers\78456187.sys
12:30:40.0744 0x1470  KLMD registered as C:\Windows\system32\drivers\84929018.sys
12:30:41.0384 0x0828  Deinitialize success
12:32:58.0976 0x0dcc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:32:59.0163 0x0dcc  ============================================================
12:32:59.0163 0x0dcc  Current date / time: 2015/03/31 12:32:59.0163
12:32:59.0163 0x0dcc  SystemInfo:
12:32:59.0163 0x0dcc  
12:32:59.0163 0x0dcc  OS Version: 6.1.7601 ServicePack: 1.0
12:32:59.0163 0x0dcc  Product type: Workstation
12:32:59.0163 0x0dcc  ComputerName: STEFFEN-PC
12:32:59.0163 0x0dcc  UserName: Steffen
12:32:59.0163 0x0dcc  Windows directory: C:\Windows
12:32:59.0163 0x0dcc  System windows directory: C:\Windows
12:32:59.0163 0x0dcc  Processor architecture: Intel x86
12:32:59.0163 0x0dcc  Number of processors: 2
12:32:59.0163 0x0dcc  Page size: 0x1000
12:32:59.0163 0x0dcc  Boot type: Normal boot
12:32:59.0163 0x0dcc  ============================================================
12:32:59.0179 0x0dcc  BG loaded
12:32:59.0709 0x0dcc  System UUID: {46E0A9DE-26BC-4181-AEFA-41A238A50B07}
12:33:00.0739 0x0dcc  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:33:00.0801 0x0dcc  ============================================================
12:33:00.0801 0x0dcc  \Device\Harddisk0\DR0:
12:33:00.0895 0x0dcc  MBR partitions:
12:33:00.0895 0x0dcc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:33:00.0895 0x0dcc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:33:00.0895 0x0dcc  ============================================================
12:33:01.0082 0x0dcc  C: <-> \Device\Harddisk0\DR0\Partition2
12:33:01.0207 0x0dcc  E: <-> \Device\Harddisk0\DR0\Partition1
12:33:01.0207 0x0dcc  ============================================================
12:33:01.0207 0x0dcc  Initialize success
12:33:01.0207 0x0dcc  ============================================================
12:33:19.0556 0x0dd0  ============================================================
12:33:19.0556 0x0dd0  Scan started
12:33:19.0556 0x0dd0  Mode: Manual; SigCheck; TDLFS; 
12:33:19.0556 0x0dd0  ============================================================
12:33:19.0556 0x0dd0  KSN ping started
12:33:21.0959 0x0dd0  KSN ping finished: true
12:33:25.0718 0x0dd0  ================ Scan system memory ========================
12:33:25.0718 0x0dd0  System memory - ok
12:33:25.0718 0x0dd0  ================ Scan services =============================
12:33:25.0921 0x0dd0  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:33:26.0015 0x0dd0  1394ohci - ok
12:33:26.0015 0x0dd0  Suspicious service (NoAccess): 98730404f2d3d842
12:33:26.0077 0x0dd0  [ 6EC2346C82F95E3BFBD2EFE50E2C8AF9, 253271FFE32145DC09A9AFFF380E356871AC61F23CF2F3BE58415DB18E38B5CF ] 98730404f2d3d842 C:\Windows\System32\Drivers\98730404f2d3d842.sys
12:33:26.0077 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\98730404f2d3d842.sys. md5: 6EC2346C82F95E3BFBD2EFE50E2C8AF9, sha256: 253271FFE32145DC09A9AFFF380E356871AC61F23CF2F3BE58415DB18E38B5CF
12:33:26.0108 0x0dd0  98730404f2d3d842 - detected Rootkit.Win32.Necurs.gen ( 0 )
12:33:28.0636 0x0dd0  98730404f2d3d842 ( Rootkit.Win32.Necurs.gen ) - infected
12:33:28.0636 0x0dd0  Force sending object to P2P due to detect: 98730404f2d3d842
12:33:31.0397 0x0dd0  Object send P2P result: true
12:33:33.0846 0x0dd0  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:33:33.0862 0x0dd0  ACPI - ok
12:33:33.0908 0x0dd0  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:33:33.0971 0x0dd0  AcpiPmi - ok
12:33:34.0064 0x0dd0  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:33:34.0096 0x0dd0  AdobeFlashPlayerUpdateSvc - ok
12:33:34.0158 0x0dd0  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:33:34.0189 0x0dd0  adp94xx - ok
12:33:34.0205 0x0dd0  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:33:34.0236 0x0dd0  adpahci - ok
12:33:34.0267 0x0dd0  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:33:34.0283 0x0dd0  adpu320 - ok
12:33:34.0330 0x0dd0  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:33:34.0486 0x0dd0  AeLookupSvc - ok
12:33:34.0548 0x0dd0  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
12:33:34.0610 0x0dd0  AFD - ok
12:33:34.0642 0x0dd0  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:33:34.0657 0x0dd0  agp440 - ok
12:33:34.0688 0x0dd0  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:33:34.0704 0x0dd0  aic78xx - ok
12:33:34.0735 0x0dd0  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:33:34.0766 0x0dd0  ALG - ok
12:33:34.0798 0x0dd0  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:33:34.0813 0x0dd0  aliide - ok
12:33:34.0844 0x0dd0  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:33:34.0860 0x0dd0  amdagp - ok
12:33:34.0876 0x0dd0  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:33:34.0876 0x0dd0  amdide - ok
12:33:34.0907 0x0dd0  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:33:34.0954 0x0dd0  AmdK8 - ok
12:33:34.0985 0x0dd0  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:33:35.0016 0x0dd0  AmdPPM - ok
12:33:35.0047 0x0dd0  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:33:35.0063 0x0dd0  amdsata - ok
12:33:35.0094 0x0dd0  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:33:35.0125 0x0dd0  amdsbs - ok
12:33:35.0156 0x0dd0  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:33:35.0156 0x0dd0  amdxata - ok
12:33:35.0188 0x0dd0  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
12:33:35.0234 0x0dd0  AppID - ok
12:33:35.0266 0x0dd0  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:33:35.0344 0x0dd0  AppIDSvc - ok
12:33:35.0422 0x0dd0  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
12:33:35.0484 0x0dd0  Appinfo - ok
12:33:35.0531 0x0dd0  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:33:35.0546 0x0dd0  arc - ok
12:33:35.0562 0x0dd0  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:33:35.0578 0x0dd0  arcsas - ok
12:33:35.0702 0x0dd0  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:33:35.0843 0x0dd0  aspnet_state - ok
12:33:35.0874 0x0dd0  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:33:35.0983 0x0dd0  AsyncMac - ok
12:33:35.0999 0x0dd0  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:33:36.0014 0x0dd0  atapi - ok
12:33:36.0217 0x0dd0  [ 712D8A95E45B070114C5309ADA7358FF, 1F0285CFB9982637186531489743798511BA75B612B202231E9BC1CF5372C0BB ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:33:36.0404 0x0dd0  atikmdag - ok
12:33:36.0467 0x0dd0  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:33:36.0514 0x0dd0  AudioEndpointBuilder - ok
12:33:36.0560 0x0dd0  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:33:36.0576 0x0dd0  Audiosrv - ok
12:33:36.0997 0x0dd0  [ B90962C56D37665500E3B2510844F57E, D3A97436CACA7FD2E6EF6B07536F26665C06F6251472FAB96E923039412E6E85 ] AVKProxy        C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
12:33:37.0060 0x0dd0  AVKProxy - ok
12:33:37.0278 0x0dd0  [ 56C6F2D7F1D515B4B534217443D3B67F, CB9E94EE515EE7C426B34EC40DFDEF27893C3379C011B2FF6EEF318A34BCF482 ] AVKService      C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
12:33:37.0309 0x0dd0  AVKService - ok
12:33:37.0684 0x0dd0  [ 460DF58F2B393689EA6B87288BA7DFC5, D0330FC768B98DB4E76132CB40044E600AFE83964E63845C2534254EA5B15DA2 ] AVKWCtl         C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
12:33:37.0762 0x0dd0  AVKWCtl - ok
12:33:37.0793 0x0dd0  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:33:37.0886 0x0dd0  AxInstSV - ok
12:33:37.0949 0x0dd0  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:33:37.0996 0x0dd0  b06bdrv - ok
12:33:38.0042 0x0dd0  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:33:38.0105 0x0dd0  b57nd60x - ok
12:33:38.0167 0x0dd0  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:33:38.0198 0x0dd0  BDESVC - ok
12:33:38.0214 0x0dd0  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:33:38.0261 0x0dd0  Beep - ok
12:33:38.0323 0x0dd0  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
12:33:38.0386 0x0dd0  BFE - ok
12:33:38.0464 0x0dd0  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
12:33:38.0526 0x0dd0  BITS - ok
12:33:38.0557 0x0dd0  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:33:38.0573 0x0dd0  blbdrive - ok
12:33:38.0604 0x0dd0  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:33:38.0635 0x0dd0  bowser - ok
12:33:38.0666 0x0dd0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:33:38.0682 0x0dd0  BrFiltLo - ok
12:33:38.0698 0x0dd0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:33:38.0713 0x0dd0  BrFiltUp - ok
12:33:38.0744 0x0dd0  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
12:33:38.0776 0x0dd0  Browser - ok
12:33:38.0807 0x0dd0  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:33:38.0869 0x0dd0  Brserid - ok
12:33:38.0885 0x0dd0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:33:38.0916 0x0dd0  BrSerWdm - ok
12:33:38.0916 0x0dd0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:33:38.0932 0x0dd0  BrUsbMdm - ok
12:33:38.0947 0x0dd0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:33:38.0978 0x0dd0  BrUsbSer - ok
12:33:38.0978 0x0dd0  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:33:39.0010 0x0dd0  BTHMODEM - ok
12:33:39.0056 0x0dd0  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:33:39.0119 0x0dd0  bthserv - ok
12:33:39.0166 0x0dd0  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:33:39.0212 0x0dd0  cdfs - ok
12:33:39.0259 0x0dd0  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:33:39.0290 0x0dd0  cdrom - ok
12:33:39.0337 0x0dd0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:33:39.0384 0x0dd0  CertPropSvc - ok
12:33:39.0400 0x0dd0  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:33:39.0446 0x0dd0  circlass - ok
12:33:39.0478 0x0dd0  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
12:33:39.0493 0x0dd0  CLFS - ok
12:33:39.0556 0x0dd0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:33:39.0571 0x0dd0  clr_optimization_v2.0.50727_32 - ok
12:33:39.0634 0x0dd0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:33:39.0836 0x0dd0  clr_optimization_v4.0.30319_32 - ok
12:33:39.0868 0x0dd0  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:33:39.0899 0x0dd0  CmBatt - ok
12:33:39.0930 0x0dd0  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:33:39.0946 0x0dd0  cmdide - ok
12:33:39.0992 0x0dd0  [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG             C:\Windows\system32\Drivers\cng.sys
12:33:40.0039 0x0dd0  CNG - ok
12:33:40.0055 0x0dd0  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:33:40.0070 0x0dd0  Compbatt - ok
12:33:40.0102 0x0dd0  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:33:40.0133 0x0dd0  CompositeBus - ok
12:33:40.0148 0x0dd0  COMSysApp - ok
12:33:40.0164 0x0dd0  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:33:40.0180 0x0dd0  crcdisk - ok
12:33:40.0226 0x0dd0  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:33:40.0289 0x0dd0  CryptSvc - ok
12:33:40.0351 0x0dd0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:33:40.0414 0x0dd0  DcomLaunch - ok
12:33:40.0445 0x0dd0  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:33:40.0492 0x0dd0  defragsvc - ok
12:33:40.0538 0x0dd0  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:33:40.0570 0x0dd0  DfsC - ok
12:33:40.0648 0x0dd0  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:33:40.0710 0x0dd0  Dhcp - ok
12:33:40.0741 0x0dd0  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:33:40.0804 0x0dd0  discache - ok
12:33:40.0835 0x0dd0  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:33:40.0850 0x0dd0  Disk - ok
12:33:40.0897 0x0dd0  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:33:40.0944 0x0dd0  Dnscache - ok
12:33:40.0975 0x0dd0  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:33:41.0022 0x0dd0  dot3svc - ok
12:33:41.0069 0x0dd0  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
12:33:41.0131 0x0dd0  DPS - ok
12:33:41.0178 0x0dd0  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:33:41.0225 0x0dd0  drmkaud - ok
12:33:41.0303 0x0dd0  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:33:41.0334 0x0dd0  DXGKrnl - ok
12:33:41.0365 0x0dd0  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:33:41.0412 0x0dd0  EapHost - ok
12:33:41.0584 0x0dd0  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:33:41.0755 0x0dd0  ebdrv - ok
12:33:41.0786 0x0dd0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS             C:\Windows\System32\lsass.exe
12:33:41.0833 0x0dd0  EFS - ok
12:33:41.0927 0x0dd0  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:33:42.0005 0x0dd0  ehRecvr - ok
12:33:42.0036 0x0dd0  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
12:33:42.0098 0x0dd0  ehSched - ok
12:33:42.0176 0x0dd0  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:33:42.0192 0x0dd0  elxstor - ok
12:33:42.0223 0x0dd0  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:33:42.0254 0x0dd0  ErrDev - ok
12:33:42.0317 0x0dd0  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:33:42.0348 0x0dd0  EventSystem - ok
12:33:42.0379 0x0dd0  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:33:42.0426 0x0dd0  exfat - ok
12:33:42.0457 0x0dd0  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:33:42.0504 0x0dd0  fastfat - ok
12:33:42.0582 0x0dd0  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
12:33:42.0644 0x0dd0  Fax - ok
12:33:42.0676 0x0dd0  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:33:42.0707 0x0dd0  fdc - ok
12:33:42.0738 0x0dd0  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:33:42.0800 0x0dd0  fdPHost - ok
12:33:42.0832 0x0dd0  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:33:42.0847 0x0dd0  FDResPub - ok
12:33:42.0863 0x0dd0  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:33:42.0878 0x0dd0  FileInfo - ok
12:33:42.0894 0x0dd0  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:33:42.0941 0x0dd0  Filetrace - ok
12:33:42.0972 0x0dd0  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:33:43.0003 0x0dd0  flpydisk - ok
12:33:43.0034 0x0dd0  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:33:43.0066 0x0dd0  FltMgr - ok
12:33:43.0144 0x0dd0  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
12:33:43.0190 0x0dd0  FontCache - ok
12:33:43.0253 0x0dd0  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:33:43.0268 0x0dd0  FontCache3.0.0.0 - ok
12:33:43.0300 0x0dd0  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:33:43.0300 0x0dd0  FsDepends - ok
12:33:43.0315 0x0dd0  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:33:43.0331 0x0dd0  Fs_Rec - ok
12:33:43.0378 0x0dd0  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:33:43.0393 0x0dd0  fvevol - ok
12:33:43.0440 0x0dd0  [ B45F1DF1CCE34E2AF422F0ED78CD70EF, 2B0E705B2274B5801FE70C2A44D9B73BB2D5659BBBB03631737EC55E8D90E997 ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
12:33:43.0487 0x0dd0  FWLANUSB - ok
12:33:43.0518 0x0dd0  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:33:43.0549 0x0dd0  gagp30kx - ok
12:33:43.0580 0x0dd0  [ 6E755F8DA0790AA6924B8BE91CC99A4B, 7804DC14E6CC1775DB4A7833D0B8FC73C8AA1A2A81F65811FC26FC773FB50670 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
12:33:43.0596 0x0dd0  GDBehave - ok
12:33:43.0955 0x0dd0  [ FE489997ABB4335371188561E22E08C7, 8F7859E2228464664B410FCC9224C727784A2EC115D618BF0889BFFEC96D97C2 ] GDFwSvc         C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
12:33:44.0033 0x0dd0  GDFwSvc - ok
12:33:44.0080 0x0dd0  [ 0B644EB2DA939985D674B653FA446933, BE4517F73A6A20433403100F6B30EDDB194EB243772C8D4AB0C5FB732793FF74 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
12:33:44.0111 0x0dd0  GDMnIcpt - ok
12:33:44.0158 0x0dd0  [ B7D00C0B098A27937B249E50398D0A73, FD2EF6B9FB85E7A8FB92051C11EB7A3DCD334F9BEAE7F0F242972C06A94BD799 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
12:33:44.0173 0x0dd0  GDPkIcpt - ok
12:33:44.0298 0x0dd0  [ 846972E3EBB10D2F39A69B5E6CF08313, 7E2EC3BBF066C3C40F75F2533D1AB2307C3331FA460243A4F4B31A61714C159E ] GDScan          C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
12:33:44.0329 0x0dd0  GDScan - ok
12:33:44.0376 0x0dd0  [ 3B6E35FDA3AB07A081CA1D0BCB205F19, F0C92BC0152A427D11EA9B1389DA7CDE2BB1DBAE12EE8D9C781E7A215F511D61 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd32.sys
12:33:44.0392 0x0dd0  gdwfpcd - ok
12:33:44.0454 0x0dd0  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:33:44.0501 0x0dd0  gpsvc - ok
12:33:44.0532 0x0dd0  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:33:44.0579 0x0dd0  hcw85cir - ok
12:33:44.0626 0x0dd0  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:33:44.0626 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: A5EF29D5315111C80A5C1ABAD14C8972, sha256: A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A
12:33:44.0626 0x0dd0  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
12:33:47.0106 0x0dd0  Detect skipped due to KSN trusted
12:33:47.0106 0x0dd0  HdAudAddService - ok
12:33:47.0137 0x0dd0  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:33:47.0184 0x0dd0  HDAudBus - ok
12:33:47.0215 0x0dd0  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:33:47.0215 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 1D58A7F3E11A9731D0EAAAA8405ACC36, sha256: 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215
12:33:47.0215 0x0dd0  HidBatt - detected LockedFile.Multi.Generic ( 1 )
12:33:49.0696 0x0dd0  Detect skipped due to KSN trusted
12:33:49.0696 0x0dd0  HidBatt - ok
12:33:49.0711 0x0dd0  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:33:49.0742 0x0dd0  HidBth - ok
12:33:49.0774 0x0dd0  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:33:49.0774 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: CF50B4CF4A4F229B9F3C08351F99CA5E, sha256: B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F
12:33:49.0774 0x0dd0  HidIr - detected LockedFile.Multi.Generic ( 1 )
12:33:52.0270 0x0dd0  Detect skipped due to KSN trusted
12:33:52.0270 0x0dd0  HidIr - ok
12:33:52.0316 0x0dd0  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
12:33:52.0379 0x0dd0  hidserv - ok
12:33:52.0488 0x0dd0  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:33:52.0488 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 10C19F8290891AF023EAEC0832E1EB4D, sha256: E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853
12:33:52.0488 0x0dd0  HidUsb - detected LockedFile.Multi.Generic ( 1 )
12:34:02.0503 0x0dd0  Object is SCO, delete is not allowed
12:34:02.0503 0x0dd0  HidUsb ( LockedFile.Multi.Generic ) - warning
12:34:10.0475 0x0dd0  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:34:10.0537 0x0dd0  hkmsvc - ok
12:34:10.0615 0x0dd0  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:34:10.0678 0x0dd0  HomeGroupListener - ok
12:34:10.0787 0x0dd0  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:34:10.0865 0x0dd0  HomeGroupProvider - ok
12:34:10.0958 0x0dd0  [ 6AD5573C959D466C1BB6360C3CE21FEF, 7CA95C1D756C2223C16B9DF517FCDBBBAAAE3C6FD85F1EE8DA8628ECBD24E93E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
12:34:10.0974 0x0dd0  HookCentre - ok
12:34:11.0068 0x0dd0  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:34:11.0068 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 295FDC419039090EB8B49FFDBB374549, sha256: 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7
12:34:11.0068 0x0dd0  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
12:34:16.0964 0x0dd0  Detect skipped due to KSN trusted
12:34:16.0964 0x0dd0  HpSAMD - ok
12:34:17.0136 0x0dd0  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:34:17.0136 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 871917B07A141BFF43D76D8844D48106, sha256: 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987
12:34:17.0152 0x0dd0  HTTP - detected LockedFile.Multi.Generic ( 1 )
12:34:19.0632 0x0dd0  Detect skipped due to KSN trusted
12:34:19.0632 0x0dd0  HTTP - ok
12:34:19.0694 0x0dd0  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:34:19.0694 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: 0C4E035C7F105F1299258C90886C64C5, sha256: CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4
12:34:19.0694 0x0dd0  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
12:34:23.0704 0x0dd0  Detect skipped due to KSN trusted
12:34:23.0704 0x0dd0  hwpolicy - ok
12:34:23.0844 0x0dd0  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:34:23.0844 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: F151F0BDC47F4A28B1B20A0818EA36D6, sha256: 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79
12:34:23.0844 0x0dd0  i8042prt - detected LockedFile.Multi.Generic ( 1 )
12:34:26.0309 0x0dd0  Detect skipped due to KSN trusted
12:34:26.0309 0x0dd0  i8042prt - ok
12:34:26.0449 0x0dd0  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:34:26.0449 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 5CD5F9A5444E6CDCB0AC89BD62D8B76E, sha256: 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0
12:34:26.0449 0x0dd0  iaStorV - detected LockedFile.Multi.Generic ( 1 )
12:34:28.0914 0x0dd0  Detect skipped due to KSN trusted
12:34:28.0914 0x0dd0  iaStorV - ok
12:34:29.0023 0x0dd0  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:34:29.0086 0x0dd0  idsvc - ok
12:34:29.0117 0x0dd0  IEEtwCollectorService - ok
12:34:29.0148 0x0dd0  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:34:29.0148 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 4173FF5708F3236CF25195FECD742915, sha256: 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D
12:34:29.0148 0x0dd0  iirsp - detected LockedFile.Multi.Generic ( 1 )
12:34:31.0940 0x0dd0  Detect skipped due to KSN trusted
12:34:31.0940 0x0dd0  iirsp - ok
12:34:32.0018 0x0dd0  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:34:32.0081 0x0dd0  IKEEXT - ok
12:34:32.0112 0x0dd0  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:34:32.0112 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: A0F12F2C9BA6C72F3987CE780E77C130, sha256: 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034
12:34:32.0112 0x0dd0  intelide - detected LockedFile.Multi.Generic ( 1 )
12:34:34.0608 0x0dd0  Detect skipped due to KSN trusted
12:34:34.0608 0x0dd0  intelide - ok
12:34:34.0639 0x0dd0  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:34:34.0639 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: 3B514D27BFC4ACCB4037BC6685F766E0, sha256: F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A
12:34:34.0639 0x0dd0  intelppm - detected LockedFile.Multi.Generic ( 1 )
12:34:37.0120 0x0dd0  Detect skipped due to KSN trusted
12:34:37.0120 0x0dd0  intelppm - ok
12:34:37.0166 0x0dd0  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:34:37.0213 0x0dd0  IPBusEnum - ok
12:34:37.0229 0x0dd0  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:34:37.0229 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 709D1761D3B19A932FF0238EA6D50200, sha256: 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823
12:34:37.0229 0x0dd0  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
12:34:39.0709 0x0dd0  Detect skipped due to KSN trusted
12:34:39.0709 0x0dd0  IpFilterDriver - ok
12:34:39.0787 0x0dd0  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:34:39.0850 0x0dd0  iphlpsvc - ok
12:34:39.0881 0x0dd0  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:34:39.0881 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 4BD7134618C1D2A27466A099062547BF, sha256: 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964
12:34:39.0896 0x0dd0  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
12:34:42.0361 0x0dd0  Detect skipped due to KSN trusted
12:34:42.0377 0x0dd0  IPMIDRV - ok
12:34:42.0408 0x0dd0  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:34:42.0408 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: A5FA468D67ABCDAA36264E463A7BB0CD, sha256: EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63
12:34:42.0408 0x0dd0  IPNAT - detected LockedFile.Multi.Generic ( 1 )
12:34:44.0873 0x0dd0  Detect skipped due to KSN trusted
12:34:44.0873 0x0dd0  IPNAT - ok
12:34:44.0904 0x0dd0  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:34:44.0904 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 42996CFF20A3084A56017B7902307E9F, sha256: 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D
12:34:44.0904 0x0dd0  IRENUM - detected LockedFile.Multi.Generic ( 1 )
12:34:47.0369 0x0dd0  Detect skipped due to KSN trusted
12:34:47.0369 0x0dd0  IRENUM - ok
12:34:47.0400 0x0dd0  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:34:47.0400 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 1F32BB6B38F62F7DF1A7AB7292638A35, sha256: 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F
12:34:47.0400 0x0dd0  isapnp - detected LockedFile.Multi.Generic ( 1 )
12:34:49.0880 0x0dd0  Detect skipped due to KSN trusted
12:34:49.0880 0x0dd0  isapnp - ok
12:34:49.0927 0x0dd0  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:34:49.0927 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: EB34CE31FABD4DC4343FD2AD16D2CAF9, sha256: D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C
12:34:49.0927 0x0dd0  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
12:34:52.0392 0x0dd0  Detect skipped due to KSN trusted
12:34:52.0392 0x0dd0  iScsiPrt - ok
12:34:52.0439 0x0dd0  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:34:52.0439 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: ADEF52CA1AEAE82B50DF86B56413107E, sha256: A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2
12:34:52.0439 0x0dd0  kbdclass - detected LockedFile.Multi.Generic ( 1 )
12:34:54.0919 0x0dd0  Detect skipped due to KSN trusted
12:34:54.0919 0x0dd0  kbdclass - ok
12:34:54.0966 0x0dd0  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:34:54.0966 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 9E3CED91863E6EE98C24794D05E27A71, sha256: 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F
12:34:54.0966 0x0dd0  kbdhid - detected LockedFile.Multi.Generic ( 1 )
12:34:57.0446 0x0dd0  Detect skipped due to KSN trusted
12:34:57.0446 0x0dd0  kbdhid - ok
12:34:57.0462 0x0dd0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso          C:\Windows\system32\lsass.exe
12:34:57.0478 0x0dd0  KeyIso - ok
12:34:57.0509 0x0dd0  [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:34:57.0509 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: EF88BAC2B489D9C46F4E41ACF0219CD0, sha256: BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A
12:34:57.0509 0x0dd0  KSecDD - detected LockedFile.Multi.Generic ( 1 )
12:34:59.0974 0x0dd0  Detect skipped due to KSN trusted
12:34:59.0974 0x0dd0  KSecDD - ok
12:35:00.0005 0x0dd0  [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:35:00.0005 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 49D70660EE8266988C1F99A0297A1430, sha256: D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4
12:35:00.0005 0x0dd0  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
12:35:02.0485 0x0dd0  Detect skipped due to KSN trusted
12:35:02.0485 0x0dd0  KSecPkg - ok
12:35:02.0532 0x0dd0  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:35:02.0579 0x0dd0  KtmRm - ok
12:35:02.0610 0x0dd0  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:35:02.0672 0x0dd0  LanmanServer - ok
12:35:02.0719 0x0dd0  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:35:02.0782 0x0dd0  LanmanWorkstation - ok
12:35:02.0844 0x0dd0  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:35:02.0844 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: F7611EC07349979DA9B0AE1F18CCC7A6, sha256: 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E
12:35:02.0860 0x0dd0  lltdio - detected LockedFile.Multi.Generic ( 1 )
12:35:05.0324 0x0dd0  Detect skipped due to KSN trusted
12:35:05.0324 0x0dd0  lltdio - ok
12:35:05.0418 0x0dd0  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:35:05.0496 0x0dd0  lltdsvc - ok
12:35:05.0512 0x0dd0  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:35:05.0558 0x0dd0  lmhosts - ok
12:35:05.0590 0x0dd0  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:35:05.0590 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: EB119A53CCF2ACC000AC71B065B78FEF, sha256: 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9
12:35:05.0590 0x0dd0  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
12:35:08.0070 0x0dd0  Detect skipped due to KSN trusted
12:35:08.0070 0x0dd0  LSI_FC - ok
12:35:08.0117 0x0dd0  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:35:08.0117 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 8ADE1C877256A22E49B75D1CC9161F9C, sha256: 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7
12:35:08.0117 0x0dd0  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
12:35:10.0597 0x0dd0  Detect skipped due to KSN trusted
12:35:10.0597 0x0dd0  LSI_SAS - ok
12:35:10.0613 0x0dd0  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:35:10.0613 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: DC9DC3D3DAA0E276FD2EC262E38B11E9, sha256: A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC
12:35:10.0628 0x0dd0  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
12:35:20.0644 0x0dd0  LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
12:35:20.0644 0x0dd0  Force sending object to P2P due to detect: LSI_SAS2
12:35:32.0874 0x0dd0  Object send P2P result: true
12:35:35.0308 0x0dd0  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:35:35.0308 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0A036C7D7CAB643A7F07135AC47E0524, sha256: 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8
12:35:35.0308 0x0dd0  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
12:35:37.0788 0x0dd0  Detect skipped due to KSN trusted
12:35:37.0788 0x0dd0  LSI_SCSI - ok
12:35:37.0819 0x0dd0  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:35:37.0819 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 6703E366CC18D3B6E534F5CF7DF39CEE, sha256: 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4
12:35:37.0819 0x0dd0  luafv - detected LockedFile.Multi.Generic ( 1 )
12:35:40.0315 0x0dd0  Detect skipped due to KSN trusted
12:35:40.0315 0x0dd0  luafv - ok
12:35:40.0456 0x0dd0  [ AB73A39A5E45F465B02C11C500BB0278, 6863B27DA7A0808F232B93CB74ACA09751B6F63FD9FB26EB3FA0282636CE9807 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:35:40.0471 0x0dd0  MBAMProtector - ok
12:35:40.0596 0x0dd0  [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler   C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
12:35:40.0658 0x0dd0  MBAMScheduler - ok
12:35:40.0768 0x0dd0  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
12:35:40.0846 0x0dd0  MBAMService - ok
12:35:40.0892 0x0dd0  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:35:40.0924 0x0dd0  MBAMSwissArmy - ok
12:35:40.0955 0x0dd0  [ 2A1B51A1FE8DC4DC0D52EC700CB02CEF, BF689A361F941F91B63D5F8E54925550333C068F65E59E4DBF0A7B66B8C7EDD6 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:35:40.0970 0x0dd0  MBAMWebAccessControl - ok
12:35:41.0002 0x0dd0  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:35:41.0033 0x0dd0  Mcx2Svc - ok
12:35:41.0064 0x0dd0  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:35:41.0064 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: 0FFF5B045293002AB38EB1FD1FC2FB74, sha256: 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374
12:35:41.0064 0x0dd0  megasas - detected LockedFile.Multi.Generic ( 1 )
12:35:43.0560 0x0dd0  Detect skipped due to KSN trusted
12:35:43.0560 0x0dd0  megasas - ok
12:35:43.0591 0x0dd0  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:35:43.0591 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: DCBAB2920C75F390CAF1D29F675D03D6, sha256: 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB
12:35:43.0591 0x0dd0  MegaSR - detected LockedFile.Multi.Generic ( 1 )
12:35:46.0196 0x0dd0  Detect skipped due to KSN trusted
12:35:46.0196 0x0dd0  MegaSR - ok
12:35:46.0228 0x0dd0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
12:35:46.0274 0x0dd0  MMCSS - ok
12:35:46.0290 0x0dd0  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
12:35:46.0290 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: F001861E5700EE84E2D4E52C712F4964, sha256: F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE
12:35:46.0290 0x0dd0  Modem - detected LockedFile.Multi.Generic ( 1 )
12:35:48.0770 0x0dd0  Detect skipped due to KSN trusted
12:35:48.0770 0x0dd0  Modem - ok
12:35:48.0802 0x0dd0  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:35:48.0802 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: 79D10964DE86B292320E9DFE02282A23, sha256: 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72
12:35:48.0817 0x0dd0  monitor - detected LockedFile.Multi.Generic ( 1 )
12:35:51.0282 0x0dd0  Detect skipped due to KSN trusted
12:35:51.0282 0x0dd0  monitor - ok
12:35:51.0329 0x0dd0  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:35:51.0329 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: FB18CC1D4C2E716B6B903B0AC0CC0609, sha256: F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E
12:35:51.0329 0x0dd0  mouclass - detected LockedFile.Multi.Generic ( 1 )
12:35:53.0809 0x0dd0  Detect skipped due to KSN trusted
12:35:53.0809 0x0dd0  mouclass - ok
12:35:53.0872 0x0dd0  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:35:53.0872 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: 2C388D2CD01C9042596CF3C8F3C7B24D, sha256: B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703
12:35:53.0872 0x0dd0  mouhid - detected LockedFile.Multi.Generic ( 1 )
12:35:56.0352 0x0dd0  Detect skipped due to KSN trusted
12:35:56.0352 0x0dd0  mouhid - ok
12:35:56.0446 0x0dd0  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:35:56.0446 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: FC8771F45ECCCFD89684E38842539B9B, sha256: 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A
12:35:56.0446 0x0dd0  mountmgr - detected LockedFile.Multi.Generic ( 1 )
12:35:58.0988 0x0dd0  Detect skipped due to KSN trusted
12:35:58.0988 0x0dd0  mountmgr - ok
12:35:59.0051 0x0dd0  [ AE7DAFFEC2CDF695C95925C4C1F8EC02, 9F6F4FDE4678FD506CEBB4BAC29A4B30CDD391F1554B33530009F69F5EE8DB3A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:35:59.0082 0x0dd0  MozillaMaintenance - ok
12:35:59.0098 0x0dd0  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:35:59.0098 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: 2D699FB6E89CE0D8DA14ECC03B3EDFE0, sha256: D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420
12:35:59.0098 0x0dd0  mpio - detected LockedFile.Multi.Generic ( 1 )
12:36:01.0562 0x0dd0  Detect skipped due to KSN trusted
12:36:01.0562 0x0dd0  mpio - ok
12:36:01.0609 0x0dd0  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:36:01.0609 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: AD2723A7B53DD1AACAE6AD8C0BFBF4D0, sha256: 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2
12:36:01.0609 0x0dd0  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
12:36:04.0090 0x0dd0  Detect skipped due to KSN trusted
12:36:04.0090 0x0dd0  mpsdrv - ok
12:36:04.0168 0x0dd0  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:36:04.0230 0x0dd0  MpsSvc - ok
12:36:04.0277 0x0dd0  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:36:04.0277 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 03F899F521D2AAED1C55008F734DF252, sha256: 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5
12:36:04.0277 0x0dd0  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
12:36:06.0757 0x0dd0  Detect skipped due to KSN trusted
12:36:06.0757 0x0dd0  MRxDAV - ok
12:36:06.0804 0x0dd0  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:36:06.0804 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 5D16C921E3671636C0EBA3BBAAC5FD25, sha256: 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C
12:36:06.0804 0x0dd0  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
12:36:09.0284 0x0dd0  Detect skipped due to KSN trusted
12:36:09.0284 0x0dd0  mrxsmb - ok
12:36:09.0331 0x0dd0  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:36:09.0331 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 6D17A4791ACA19328C685D256349FEFC, sha256: 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668
12:36:09.0331 0x0dd0  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
12:36:11.0796 0x0dd0  Detect skipped due to KSN trusted
12:36:11.0796 0x0dd0  mrxsmb10 - ok
12:36:11.0827 0x0dd0  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:36:11.0827 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: B81F204D146000BE76651A50670A5E9E, sha256: 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17
12:36:11.0827 0x0dd0  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
12:36:14.0323 0x0dd0  Detect skipped due to KSN trusted
12:36:14.0323 0x0dd0  mrxsmb20 - ok
12:36:14.0354 0x0dd0  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:36:14.0354 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: 012C5F4E9349E711E11E0F19A8589F0A, sha256: 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584
12:36:14.0354 0x0dd0  msahci - detected LockedFile.Multi.Generic ( 1 )
12:36:16.0819 0x0dd0  Detect skipped due to KSN trusted
12:36:16.0819 0x0dd0  msahci - ok
12:36:16.0866 0x0dd0  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:36:16.0866 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: 55055F8AD8BE27A64C831322A780A228, sha256: C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304
12:36:16.0866 0x0dd0  msdsm - detected LockedFile.Multi.Generic ( 1 )
12:36:19.0346 0x0dd0  Detect skipped due to KSN trusted
12:36:19.0346 0x0dd0  msdsm - ok
12:36:19.0487 0x0dd0  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
12:36:19.0534 0x0dd0  MSDTC - ok
12:36:19.0549 0x0dd0  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:36:19.0549 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: DAEFB28E3AF5A76ABCC2C3078C07327F, sha256: 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF
12:36:19.0549 0x0dd0  Msfs - detected LockedFile.Multi.Generic ( 1 )
12:36:22.0030 0x0dd0  Detect skipped due to KSN trusted
12:36:22.0030 0x0dd0  Msfs - ok
12:36:22.0045 0x0dd0  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:36:22.0045 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: 3E1E5767043C5AF9367F0056295E9F84, sha256: B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70
12:36:22.0045 0x0dd0  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
12:36:32.0060 0x0dd0  mshidkmdf ( LockedFile.Multi.Generic ) - warning
12:36:32.0060 0x0dd0  Force sending object to P2P due to detect: mshidkmdf
12:36:36.0912 0x0dd0  Object send P2P result: true
12:36:42.0388 0x0dd0  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:36:42.0388 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: 0A4E5757AE09FA9622E3158CC1AEF114, sha256: ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54
12:36:42.0403 0x0dd0  msisadrv - detected LockedFile.Multi.Generic ( 1 )
12:36:44.0868 0x0dd0  Detect skipped due to KSN trusted
12:36:44.0868 0x0dd0  msisadrv - ok
12:36:44.0915 0x0dd0  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:36:44.0977 0x0dd0  MSiSCSI - ok
12:36:44.0977 0x0dd0  msiserver - ok
12:36:45.0024 0x0dd0  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:36:45.0024 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 8C0860D6366AAFFB6C5BB9DF9448E631, sha256: 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77
12:36:45.0024 0x0dd0  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
12:36:47.0504 0x0dd0  Detect skipped due to KSN trusted
12:36:47.0504 0x0dd0  MSKSSRV - ok
12:36:47.0520 0x0dd0  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:36:47.0520 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: 3EA8B949F963562CEDBB549EAC0C11CE, sha256: 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D
12:36:47.0520 0x0dd0  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
12:36:50.0000 0x0dd0  Detect skipped due to KSN trusted
12:36:50.0000 0x0dd0  MSPCLOCK - ok
12:36:50.0016 0x0dd0  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:36:50.0016 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: F456E973590D663B1073E9C463B40932, sha256: 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11
12:36:50.0016 0x0dd0  MSPQM - detected LockedFile.Multi.Generic ( 1 )
12:36:52.0496 0x0dd0  Detect skipped due to KSN trusted
12:36:52.0496 0x0dd0  MSPQM - ok
12:36:52.0528 0x0dd0  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:36:52.0528 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 0E008FC4819D238C51D7C93E7B41E560, sha256: 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2
12:36:52.0543 0x0dd0  MsRPC - detected LockedFile.Multi.Generic ( 1 )
12:36:55.0008 0x0dd0  Detect skipped due to KSN trusted
12:36:55.0008 0x0dd0  MsRPC - ok
12:36:55.0055 0x0dd0  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:36:55.0055 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: FC6B9FF600CC585EA38B12589BD4E246, sha256: F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A
12:36:55.0055 0x0dd0  mssmbios - detected LockedFile.Multi.Generic ( 1 )
12:36:57.0535 0x0dd0  Detect skipped due to KSN trusted
12:36:57.0535 0x0dd0  mssmbios - ok
12:36:57.0582 0x0dd0  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:36:57.0582 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: B42C6B921F61A6E55159B8BE6CD54A36, sha256: 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C
12:36:57.0582 0x0dd0  MSTEE - detected LockedFile.Multi.Generic ( 1 )
12:37:00.0109 0x0dd0  Detect skipped due to KSN trusted
12:37:00.0109 0x0dd0  MSTEE - ok
12:37:00.0125 0x0dd0  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:37:00.0125 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 33599130F44E1F34631CEA241DE8AC84, sha256: E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B
12:37:00.0125 0x0dd0  MTConfig - detected LockedFile.Multi.Generic ( 1 )
12:37:02.0590 0x0dd0  Detect skipped due to KSN trusted
12:37:02.0590 0x0dd0  MTConfig - ok
12:37:02.0621 0x0dd0  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:37:02.0621 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: 159FAD02F64E6381758C990F753BCC80, sha256: E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598
12:37:02.0621 0x0dd0  Mup - detected LockedFile.Multi.Generic ( 1 )
12:37:05.0101 0x0dd0  Detect skipped due to KSN trusted
12:37:05.0101 0x0dd0  Mup - ok
12:37:05.0164 0x0dd0  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
12:37:05.0210 0x0dd0  napagent - ok
12:37:05.0273 0x0dd0  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:37:05.0273 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 26384429FCD85D83746F63E798AB1480, sha256: 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB
12:37:05.0273 0x0dd0  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
12:37:07.0753 0x0dd0  Detect skipped due to KSN trusted
12:37:07.0753 0x0dd0  NativeWifiP - ok
12:37:07.0831 0x0dd0  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:37:07.0831 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 8C9C922D71F1CD4DEF73F186416B7896, sha256: 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7
12:37:07.0831 0x0dd0  NDIS - detected LockedFile.Multi.Generic ( 1 )
12:37:10.0296 0x0dd0  Detect skipped due to KSN trusted
12:37:10.0296 0x0dd0  NDIS - ok
12:37:10.0499 0x0dd0  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:37:10.0499 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 0E1787AA6C9191D3D319E8BAFE86F80C, sha256: F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278
12:37:10.0499 0x0dd0  NdisCap - detected LockedFile.Multi.Generic ( 1 )
12:37:12.0979 0x0dd0  Detect skipped due to KSN trusted
12:37:12.0995 0x0dd0  NdisCap - ok
12:37:13.0010 0x0dd0  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:37:13.0010 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: E4A8AEC125A2E43A9E32AFEEA7C9C888, sha256: 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55
12:37:13.0010 0x0dd0  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
12:37:15.0475 0x0dd0  Detect skipped due to KSN trusted
12:37:15.0475 0x0dd0  NdisTapi - ok
12:37:15.0522 0x0dd0  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:37:15.0522 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: D8A65DAFB3EB41CBB622745676FCD072, sha256: 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7
12:37:15.0522 0x0dd0  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
12:37:18.0002 0x0dd0  Detect skipped due to KSN trusted
12:37:18.0002 0x0dd0  Ndisuio - ok
12:37:18.0034 0x0dd0  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:37:18.0034 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 38FBE267E7E6983311179230FACB1017, sha256: CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14
12:37:18.0034 0x0dd0  NdisWan - detected LockedFile.Multi.Generic ( 1 )
12:37:20.0514 0x0dd0  Detect skipped due to KSN trusted
12:37:20.0514 0x0dd0  NdisWan - ok
12:37:20.0545 0x0dd0  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:37:20.0545 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: A4BDC541E69674FBFF1A8FF00BE913F2, sha256: 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA
12:37:20.0545 0x0dd0  NDProxy - detected LockedFile.Multi.Generic ( 1 )
12:37:23.0026 0x0dd0  Detect skipped due to KSN trusted
12:37:23.0026 0x0dd0  NDProxy - ok
12:37:23.0072 0x0dd0  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:37:23.0072 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 80B275B1CE3B0E79909DB7B39AF74D51, sha256: 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796
12:37:23.0072 0x0dd0  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
12:37:25.0553 0x0dd0  Detect skipped due to KSN trusted
12:37:25.0553 0x0dd0  NetBIOS - ok
12:37:25.0600 0x0dd0  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:37:25.0600 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 280122DDCF04B378EDD1AD54D71C1E54, sha256: F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0
12:37:25.0600 0x0dd0  NetBT - detected LockedFile.Multi.Generic ( 1 )
12:37:28.0064 0x0dd0  Detect skipped due to KSN trusted
12:37:28.0064 0x0dd0  NetBT - ok
12:37:28.0080 0x0dd0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] Netlogon        C:\Windows\system32\lsass.exe
12:37:28.0111 0x0dd0  Netlogon - ok
12:37:28.0142 0x0dd0  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
12:37:28.0220 0x0dd0  Netman - ok
12:37:28.0283 0x0dd0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0345 0x0dd0  NetMsmqActivator - ok
12:37:28.0361 0x0dd0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0376 0x0dd0  NetPipeActivator - ok
12:37:28.0439 0x0dd0  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
12:37:28.0486 0x0dd0  netprofm - ok
12:37:28.0532 0x0dd0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0564 0x0dd0  NetTcpActivator - ok
12:37:28.0564 0x0dd0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0579 0x0dd0  NetTcpPortSharing - ok
12:37:28.0626 0x0dd0  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:37:28.0626 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 1D85C4B390B0EE09C7A46B91EFB2C097, sha256: 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348
12:37:28.0626 0x0dd0  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
12:37:31.0106 0x0dd0  Detect skipped due to KSN trusted
12:37:31.0106 0x0dd0  nfrd960 - ok
12:37:31.0153 0x0dd0  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:37:31.0184 0x0dd0  NlaSvc - ok
12:37:31.0216 0x0dd0  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:37:31.0216 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1DB262A9F8C087E8153D89BEF3D2235F, sha256: A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101
12:37:31.0216 0x0dd0  Npfs - detected LockedFile.Multi.Generic ( 1 )
12:37:33.0680 0x0dd0  Detect skipped due to KSN trusted
12:37:33.0680 0x0dd0  Npfs - ok
12:37:33.0727 0x0dd0  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
12:37:33.0758 0x0dd0  nsi - ok
12:37:33.0790 0x0dd0  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:37:33.0790 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E9A0A4D07E53D8FEA2BB8387A3293C58, sha256: 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A
12:37:33.0790 0x0dd0  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
12:37:36.0270 0x0dd0  Detect skipped due to KSN trusted
12:37:36.0270 0x0dd0  nsiproxy - ok
12:37:36.0364 0x0dd0  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:37:36.0364 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: C8DFF8D07755A66C7A4A738930F0FEAC, sha256: A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA
12:37:36.0364 0x0dd0  Ntfs - detected LockedFile.Multi.Generic ( 1 )
12:37:46.0379 0x0dd0  Object is SCO, delete is not allowed
12:37:46.0379 0x0dd0  Ntfs ( LockedFile.Multi.Generic ) - warning
12:37:49.0826 0x0dd0  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
12:37:49.0826 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: F9756A98D69098DCA8945D62858A812C, sha256: 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045
12:37:49.0826 0x0dd0  Null - detected LockedFile.Multi.Generic ( 1 )
12:37:52.0291 0x0dd0  Detect skipped due to KSN trusted
12:37:52.0291 0x0dd0  Null - ok
12:37:52.0369 0x0dd0  [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
12:37:52.0369 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvm62x32.sys. md5: B5E37E31C053BC9950455A257526514B, sha256: 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B
12:37:52.0369 0x0dd0  NVENETFD - detected LockedFile.Multi.Generic ( 1 )
12:37:54.0850 0x0dd0  Detect skipped due to KSN trusted
12:37:54.0850 0x0dd0  NVENETFD - ok
12:37:55.0286 0x0dd0  [ B69E6F70CE1151C8D62ABC9DEF64DFBE, B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:37:55.0286 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: B69E6F70CE1151C8D62ABC9DEF64DFBE, sha256: B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B
12:37:55.0318 0x0dd0  nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
12:37:57.0798 0x0dd0  Detect skipped due to KSN trusted
12:37:57.0798 0x0dd0  nvlddmkm - ok
12:37:57.0829 0x0dd0  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:37:57.0829 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: B3E25EE28883877076E0E1FF877D02E0, sha256: 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C
12:37:57.0829 0x0dd0  nvraid - detected LockedFile.Multi.Generic ( 1 )
12:38:00.0310 0x0dd0  Detect skipped due to KSN trusted
12:38:00.0310 0x0dd0  nvraid - ok
12:38:00.0356 0x0dd0  [ C44EE36DD84FA95EB81D79C374756003, 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
12:38:00.0356 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: C44EE36DD84FA95EB81D79C374756003, sha256: 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682
12:38:00.0356 0x0dd0  nvsmu - detected LockedFile.Multi.Generic ( 1 )
12:38:02.0836 0x0dd0  Detect skipped due to KSN trusted
12:38:02.0836 0x0dd0  nvsmu - ok
12:38:02.0867 0x0dd0  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:38:02.0867 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: 4380E59A170D88C4F1022EFF6719A8A4, sha256: 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2
12:38:02.0867 0x0dd0  nvstor - detected LockedFile.Multi.Generic ( 1 )
12:38:05.0347 0x0dd0  Detect skipped due to KSN trusted
12:38:05.0347 0x0dd0  nvstor - ok
12:38:05.0456 0x0dd0  [ E4284FCF99FEA13A7E1836F87AE356F6, 541C40DD3483810632320E8F23427BB52593D156E876C6023BE7F7A8589383E8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:38:05.0488 0x0dd0  nvsvc - ok
12:38:05.0628 0x0dd0  [ 03E60E0BFA53ED15DC984FA34B44BB0F, 50ABF2E303B9A2B6DDD0DB411C24C3CD6CC30AFA664B5682CF9189F96548CC10 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:38:05.0690 0x0dd0  nvUpdatusService - ok
12:38:05.0722 0x0dd0  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:38:05.0722 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 5A0983915F02BAE73267CC2A041F717D, sha256: D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8
12:38:05.0722 0x0dd0  nv_agp - detected LockedFile.Multi.Generic ( 1 )
12:38:08.0186 0x0dd0  Detect skipped due to KSN trusted
12:38:08.0186 0x0dd0  nv_agp - ok
12:38:08.0218 0x0dd0  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:38:08.0218 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 08A70A1F2CDDE9BB49B885CB817A66EB, sha256: 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63
12:38:08.0218 0x0dd0  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
12:38:10.0698 0x0dd0  Detect skipped due to KSN trusted
12:38:10.0698 0x0dd0  ohci1394 - ok
12:38:10.0760 0x0dd0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:38:10.0776 0x0dd0  ose - ok
12:38:10.0823 0x0dd0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:38:10.0901 0x0dd0  p2pimsvc - ok
12:38:10.0948 0x0dd0  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:38:10.0994 0x0dd0  p2psvc - ok
12:38:11.0026 0x0dd0  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:38:11.0026 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 2EA877ED5DD9713C5AC74E8EA7348D14, sha256: 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE
12:38:11.0026 0x0dd0  Parport - detected LockedFile.Multi.Generic ( 1 )
12:38:13.0506 0x0dd0  Detect skipped due to KSN trusted
12:38:13.0506 0x0dd0  Parport - ok
12:38:13.0537 0x0dd0  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:38:13.0537 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 3F34A1B4C5F6475F320C275E63AFCE9B, sha256: 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B
12:38:13.0537 0x0dd0  partmgr - detected LockedFile.Multi.Generic ( 1 )
12:38:16.0018 0x0dd0  Detect skipped due to KSN trusted
12:38:16.0018 0x0dd0  partmgr - ok
12:38:16.0049 0x0dd0  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:38:16.0049 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parvdm.sys. md5: EB0A59F29C19B86479D36B35983DAADC, sha256: AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8
12:38:16.0049 0x0dd0  Parvdm - detected LockedFile.Multi.Generic ( 1 )
12:38:18.0514 0x0dd0  Detect skipped due to

deeprybka · 31.03.2015, 11:54

Als zip anhängen oder Postings splitten.

Steffen 70 · 31.03.2015, 11:54

Code:

ATTFilter

2:38:18.0514 0x0dd0  Parvdm - ok
12:38:18.0560 0x0dd0  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:38:18.0654 0x0dd0  PcaSvc - ok
12:38:18.0685 0x0dd0  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
12:38:18.0685 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 673E55C3498EB970088E812EA820AA8F, sha256: 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5
12:38:18.0685 0x0dd0  pci - detected LockedFile.Multi.Generic ( 1 )
12:38:28.0529 0x0dd0  Object is SCO, delete is not allowed
12:38:28.0529 0x0dd0  pci ( LockedFile.Multi.Generic ) - warning
12:38:28.0560 0x0dd0  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:38:28.0560 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: AFE86F419014DB4E5593F69FFE26CE0A, sha256: CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00
12:38:28.0560 0x0dd0  pciide - detected LockedFile.Multi.Generic ( 1 )
12:38:28.0560 0x0dd0  Object is SCO, delete is not allowed
12:38:28.0560 0x0dd0  pciide ( LockedFile.Multi.Generic ) - warning
12:38:28.0591 0x0dd0  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:38:28.0591 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: F396431B31693E71E8A80687EF523506, sha256: BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B
12:38:28.0591 0x0dd0  pcmcia - detected LockedFile.Multi.Generic ( 1 )
12:38:28.0591 0x0dd0  Object is SCO, delete is not allowed
12:38:28.0591 0x0dd0  pcmcia ( LockedFile.Multi.Generic ) - warning
12:38:28.0607 0x0dd0  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:38:28.0622 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: 250F6B43D2B613172035C6747AEEB19F, sha256: A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9
12:38:28.0622 0x0dd0  pcw - detected LockedFile.Multi.Generic ( 1 )
12:38:28.0622 0x0dd0  pcw ( LockedFile.Multi.Generic ) - warning
12:38:28.0685 0x0dd0  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:38:28.0685 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 9E0104BA49F4E6973749A02BF41344ED, sha256: B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116
12:38:28.0700 0x0dd0  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
12:38:28.0700 0x0dd0  Object is SCO, delete is not allowed
12:38:28.0700 0x0dd0  PEAUTH ( LockedFile.Multi.Generic ) - warning
12:38:28.0700 0x0dd0  Force sending object to P2P due to detect: PEAUTH
12:38:28.0700 0x0dd0  Object send P2P result: false
12:38:28.0825 0x0dd0  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
12:38:28.0919 0x0dd0  pla - ok
12:38:28.0981 0x0dd0  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:38:29.0028 0x0dd0  PlugPlay - ok
12:38:29.0044 0x0dd0  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:38:29.0075 0x0dd0  PNRPAutoReg - ok
12:38:29.0106 0x0dd0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:38:29.0137 0x0dd0  PNRPsvc - ok
12:38:29.0184 0x0dd0  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:38:29.0231 0x0dd0  PolicyAgent - ok
12:38:29.0278 0x0dd0  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
12:38:29.0309 0x0dd0  Power - ok
12:38:29.0356 0x0dd0  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:38:29.0356 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 631E3E205AD6D86F2AED6A4A8E69F2DB, sha256: 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065
12:38:29.0356 0x0dd0  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0356 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0356 0x0dd0  PptpMiniport ( LockedFile.Multi.Generic ) - warning
12:38:29.0387 0x0dd0  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:38:29.0387 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 85B1E3A0C7585BC4AAE6899EC6FCF011, sha256: 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3
12:38:29.0387 0x0dd0  Processor - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0387 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0387 0x0dd0  Processor ( LockedFile.Multi.Generic ) - warning
12:38:29.0387 0x0dd0  Force sending object to P2P due to detect: Processor
12:38:29.0387 0x0dd0  Object send P2P result: false
12:38:29.0449 0x0dd0  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:38:29.0512 0x0dd0  ProfSvc - ok
12:38:29.0527 0x0dd0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:38:29.0543 0x0dd0  ProtectedStorage - ok
12:38:29.0558 0x0dd0  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:38:29.0558 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 6270CCAE2A86DE6D146529FE55B3246A, sha256: 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883
12:38:29.0558 0x0dd0  Psched - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0558 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0558 0x0dd0  Psched ( LockedFile.Multi.Generic ) - warning
12:38:29.0668 0x0dd0  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:38:29.0668 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: AB95ECF1F6659A60DDC166D8315B0751, sha256: 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D
12:38:29.0668 0x0dd0  ql2300 - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0668 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0668 0x0dd0  ql2300 ( LockedFile.Multi.Generic ) - warning
12:38:29.0683 0x0dd0  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:38:29.0683 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: B4DD51DD25182244B86737DC51AF2270, sha256: 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B
12:38:29.0699 0x0dd0  ql40xx - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0699 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0699 0x0dd0  ql40xx ( LockedFile.Multi.Generic ) - warning
12:38:29.0699 0x0dd0  Force sending object to P2P due to detect: ql40xx
12:38:29.0699 0x0dd0  Object send P2P result: false
12:38:29.0730 0x0dd0  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
12:38:29.0761 0x0dd0  QWAVE - ok
12:38:29.0792 0x0dd0  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:38:29.0792 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 584078CA1B95CA72DF2A27C336F9719D, sha256: 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121
12:38:29.0792 0x0dd0  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0792 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0792 0x0dd0  QWAVEdrv ( LockedFile.Multi.Generic ) - warning
12:38:29.0792 0x0dd0  Force sending object to P2P due to detect: QWAVEdrv
12:38:29.0792 0x0dd0  Object send P2P result: false
12:38:29.0808 0x0dd0  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:38:29.0824 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 30A81B53C766D0133BB86D234E5556AB, sha256: 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090
12:38:29.0824 0x0dd0  RasAcd - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0824 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0824 0x0dd0  RasAcd ( LockedFile.Multi.Generic ) - warning
12:38:29.0839 0x0dd0  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:38:29.0839 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 57EC4AEF73660166074D8F7F31C0D4FD, sha256: C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF
12:38:29.0839 0x0dd0  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0839 0x0dd0  RasAgileVpn ( LockedFile.Multi.Generic ) - warning
12:38:29.0870 0x0dd0  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:38:29.0917 0x0dd0  RasAuto - ok
12:38:29.0933 0x0dd0  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:38:29.0933 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: D9F91EAFEC2815365CBE6D167E4E332A, sha256: 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C
12:38:29.0933 0x0dd0  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
12:38:29.0933 0x0dd0  Object is SCO, delete is not allowed
12:38:29.0933 0x0dd0  Rasl2tp ( LockedFile.Multi.Generic ) - warning
12:38:29.0933 0x0dd0  Force sending object to P2P due to detect: Rasl2tp
12:38:29.0933 0x0dd0  Object send P2P result: false
12:38:29.0980 0x0dd0  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
12:38:30.0058 0x0dd0  RasMan - ok
12:38:30.0073 0x0dd0  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:38:30.0073 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 0FE8B15916307A6AC12BFB6A63E45507, sha256: 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E
12:38:30.0073 0x0dd0  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0073 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0073 0x0dd0  RasPppoe ( LockedFile.Multi.Generic ) - warning
12:38:30.0104 0x0dd0  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:38:30.0104 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: 44101F495A83EA6401D886E7FD70096B, sha256: 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A
12:38:30.0120 0x0dd0  RasSstp - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0120 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0120 0x0dd0  RasSstp ( LockedFile.Multi.Generic ) - warning
12:38:30.0120 0x0dd0  Force sending object to P2P due to detect: RasSstp
12:38:30.0120 0x0dd0  Object send P2P result: false
12:38:30.0151 0x0dd0  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:38:30.0151 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: D528BC58A489409BA40334EBF96A311B, sha256: C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61
12:38:30.0151 0x0dd0  rdbss - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0167 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0167 0x0dd0  rdbss ( LockedFile.Multi.Generic ) - warning
12:38:30.0182 0x0dd0  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:38:30.0182 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 0D8F05481CB76E70E1DA06EE9F0DA9DF, sha256: 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB
12:38:30.0182 0x0dd0  rdpbus - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0182 0x0dd0  rdpbus ( LockedFile.Multi.Generic ) - warning
12:38:30.0214 0x0dd0  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:38:30.0214 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 23DAE03F29D253AE74C44F99E515F9A1, sha256: 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430
12:38:30.0214 0x0dd0  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0214 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0214 0x0dd0  RDPCDD ( LockedFile.Multi.Generic ) - warning
12:38:30.0214 0x0dd0  Force sending object to P2P due to detect: RDPCDD
12:38:30.0214 0x0dd0  Object send P2P result: false
12:38:30.0245 0x0dd0  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:38:30.0245 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: 5A53CA1598DD4156D44196D200C94B8A, sha256: 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4
12:38:30.0245 0x0dd0  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0245 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0245 0x0dd0  RDPENCDD ( LockedFile.Multi.Generic ) - warning
12:38:30.0245 0x0dd0  Force sending object to P2P due to detect: RDPENCDD
12:38:30.0245 0x0dd0  Object send P2P result: false
12:38:30.0260 0x0dd0  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:38:30.0260 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 44B0A53CD4F27D50ED461DAE0C0B4E1F, sha256: CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91
12:38:30.0260 0x0dd0  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0260 0x0dd0  RDPREFMP ( LockedFile.Multi.Generic ) - warning
12:38:30.0260 0x0dd0  Force sending object to P2P due to detect: RDPREFMP
12:38:30.0260 0x0dd0  Object send P2P result: false
12:38:30.0307 0x0dd0  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:38:30.0307 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: CD9214A6AE17D188D17C3CF8CB9CC693, sha256: 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60
12:38:30.0307 0x0dd0  RDPWD - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0307 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0307 0x0dd0  RDPWD ( LockedFile.Multi.Generic ) - warning
12:38:30.0354 0x0dd0  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:38:30.0354 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 518395321DC96FE2C9F0E96AC743B656, sha256: 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776
12:38:30.0385 0x0dd0  rdyboost - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0385 0x0dd0  rdyboost ( LockedFile.Multi.Generic ) - warning
12:38:30.0385 0x0dd0  Force sending object to P2P due to detect: rdyboost
12:38:30.0385 0x0dd0  Object send P2P result: false
12:38:30.0416 0x0dd0  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:38:30.0463 0x0dd0  RemoteAccess - ok
12:38:30.0494 0x0dd0  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:38:30.0541 0x0dd0  RemoteRegistry - ok
12:38:30.0572 0x0dd0  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:38:30.0604 0x0dd0  RpcEptMapper - ok
12:38:30.0635 0x0dd0  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
12:38:30.0682 0x0dd0  RpcLocator - ok
12:38:30.0728 0x0dd0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
12:38:30.0760 0x0dd0  RpcSs - ok
12:38:30.0806 0x0dd0  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:38:30.0806 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 032B0D36AD92B582D869879F5AF5B928, sha256: 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184
12:38:30.0806 0x0dd0  rspndr - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0806 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0806 0x0dd0  rspndr ( LockedFile.Multi.Generic ) - warning
12:38:30.0822 0x0dd0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] SamSs           C:\Windows\system32\lsass.exe
12:38:30.0853 0x0dd0  SamSs - ok
12:38:30.0884 0x0dd0  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:38:30.0884 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: 05D860DA1040F111503AC416CCEF2BCA, sha256: DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E
12:38:30.0884 0x0dd0  sbp2port - detected LockedFile.Multi.Generic ( 1 )
12:38:30.0884 0x0dd0  Object is SCO, delete is not allowed
12:38:30.0884 0x0dd0  sbp2port ( LockedFile.Multi.Generic ) - warning
12:38:30.0916 0x0dd0  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:38:30.0978 0x0dd0  SCardSvr - ok
12:38:31.0009 0x0dd0  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:38:31.0009 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 0693B5EC673E34DC147E195779A4DCF6, sha256: AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670
12:38:31.0009 0x0dd0  scfilter - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0009 0x0dd0  scfilter ( LockedFile.Multi.Generic ) - warning
12:38:31.0009 0x0dd0  Force sending object to P2P due to detect: scfilter
12:38:31.0009 0x0dd0  Object send P2P result: false
12:38:31.0087 0x0dd0  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
12:38:31.0165 0x0dd0  Schedule - ok
12:38:31.0181 0x0dd0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:38:31.0212 0x0dd0  SCPolicySvc - ok
12:38:31.0243 0x0dd0  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:38:31.0290 0x0dd0  SDRSVC - ok
12:38:31.0321 0x0dd0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:38:31.0321 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 90A3935D05B494A5A39D37E71F09A677, sha256: F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952
12:38:31.0321 0x0dd0  secdrv - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0321 0x0dd0  secdrv ( LockedFile.Multi.Generic ) - warning
12:38:31.0368 0x0dd0  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
12:38:31.0415 0x0dd0  seclogon - ok
12:38:31.0446 0x0dd0  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
12:38:31.0477 0x0dd0  SENS - ok
12:38:31.0508 0x0dd0  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:38:31.0571 0x0dd0  SensrSvc - ok
12:38:31.0586 0x0dd0  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:38:31.0586 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: 9AD8B8B515E3DF6ACD4212EF465DE2D1, sha256: E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86
12:38:31.0586 0x0dd0  Serenum - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0586 0x0dd0  Object is SCO, delete is not allowed
12:38:31.0586 0x0dd0  Serenum ( LockedFile.Multi.Generic ) - warning
12:38:31.0618 0x0dd0  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:38:31.0618 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: 5FB7FCEA0490D821F26F39CC5EA3D1E2, sha256: A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F
12:38:31.0618 0x0dd0  Serial - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0618 0x0dd0  Object is SCO, delete is not allowed
12:38:31.0618 0x0dd0  Serial ( LockedFile.Multi.Generic ) - warning
12:38:31.0618 0x0dd0  Force sending object to P2P due to detect: Serial
12:38:31.0618 0x0dd0  Object send P2P result: false
12:38:31.0649 0x0dd0  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:38:31.0649 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 79BFFB520327FF916A582DFEA17AA813, sha256: 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C
12:38:31.0649 0x0dd0  sermouse - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0649 0x0dd0  Object is SCO, delete is not allowed
12:38:31.0649 0x0dd0  sermouse ( LockedFile.Multi.Generic ) - warning
12:38:31.0696 0x0dd0  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:38:31.0742 0x0dd0  SessionEnv - ok
12:38:31.0774 0x0dd0  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:38:31.0774 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: 9F976E1EB233DF46FCE808D9DEA3EB9C, sha256: 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75
12:38:31.0774 0x0dd0  sffdisk - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0774 0x0dd0  Object is SCO, delete is not allowed
12:38:31.0774 0x0dd0  sffdisk ( LockedFile.Multi.Generic ) - warning
12:38:31.0789 0x0dd0  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:38:31.0789 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 932A68EE27833CFD57C1639D375F2731, sha256: 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3
12:38:31.0789 0x0dd0  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0789 0x0dd0  Object is SCO, delete is not allowed
12:38:31.0789 0x0dd0  sffp_mmc ( LockedFile.Multi.Generic ) - warning
12:38:31.0789 0x0dd0  Force sending object to P2P due to detect: sffp_mmc
12:38:31.0789 0x0dd0  Object send P2P result: false
12:38:31.0789 0x0dd0  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:38:31.0805 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: 6D4CCAEDC018F1CF52866BBBAA235982, sha256: AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131
12:38:31.0805 0x0dd0  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0805 0x0dd0  Object is SCO, delete is not allowed
12:38:31.0805 0x0dd0  sffp_sd ( LockedFile.Multi.Generic ) - warning
12:38:31.0805 0x0dd0  Force sending object to P2P due to detect: sffp_sd
12:38:31.0805 0x0dd0  Object send P2P result: false
12:38:31.0820 0x0dd0  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:38:31.0820 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: DB96666CC8312EBC45032F30B007A547, sha256: C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7
12:38:31.0820 0x0dd0  sfloppy - detected LockedFile.Multi.Generic ( 1 )
12:38:31.0820 0x0dd0  Object is SCO, delete is not allowed
12:38:31.0820 0x0dd0  sfloppy ( LockedFile.Multi.Generic ) - warning
12:38:31.0820 0x0dd0  Force sending object to P2P due to detect: sfloppy
12:38:31.0836 0x0dd0  Object send P2P result: false
12:38:31.0883 0x0dd0  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:38:31.0961 0x0dd0  SharedAccess - ok
12:38:32.0023 0x0dd0  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:38:32.0086 0x0dd0  ShellHWDetection - ok
12:38:32.0086 0x0dd0  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:38:32.0086 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sisagp.sys. md5: 2565CAC0DC9FE0371BDCE60832582B2E, sha256: 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D
12:38:32.0086 0x0dd0  sisagp - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0086 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0086 0x0dd0  sisagp ( LockedFile.Multi.Generic ) - warning
12:38:32.0086 0x0dd0  Force sending object to P2P due to detect: sisagp
12:38:32.0086 0x0dd0  Object send P2P result: false
12:38:32.0132 0x0dd0  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:38:32.0132 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: A9F0486851BECB6DDA1D89D381E71055, sha256: 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35
12:38:32.0132 0x0dd0  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0132 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0132 0x0dd0  SiSRaid2 ( LockedFile.Multi.Generic ) - warning
12:38:32.0148 0x0dd0  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:38:32.0148 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 3727097B55738E2F554972C3BE5BC1AA, sha256: 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566
12:38:32.0148 0x0dd0  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0148 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0148 0x0dd0  SiSRaid4 ( LockedFile.Multi.Generic ) - warning
12:38:32.0148 0x0dd0  Force sending object to P2P due to detect: SiSRaid4
12:38:32.0148 0x0dd0  Object send P2P result: false
12:38:32.0179 0x0dd0  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:38:32.0179 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 3E21C083B8A01CB70BA1F09303010FCE, sha256: 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197
12:38:32.0179 0x0dd0  Smb - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0179 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0179 0x0dd0  Smb ( LockedFile.Multi.Generic ) - warning
12:38:32.0179 0x0dd0  Force sending object to P2P due to detect: Smb
12:38:32.0179 0x0dd0  Object send P2P result: false
12:38:32.0210 0x0dd0  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:38:32.0257 0x0dd0  SNMPTRAP - ok
12:38:32.0273 0x0dd0  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:38:32.0273 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: 95CF1AE7527FB70F7816563CBC09D942, sha256: CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65
12:38:32.0273 0x0dd0  spldr - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0273 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0273 0x0dd0  spldr ( LockedFile.Multi.Generic ) - warning
12:38:32.0273 0x0dd0  Force sending object to P2P due to detect: spldr
12:38:32.0273 0x0dd0  Object send P2P result: false
12:38:32.0320 0x0dd0  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
12:38:32.0382 0x0dd0  Spooler - ok
12:38:32.0554 0x0dd0  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
12:38:32.0678 0x0dd0  sppsvc - ok
12:38:32.0725 0x0dd0  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:38:32.0772 0x0dd0  sppuinotify - ok
12:38:32.0819 0x0dd0  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:38:32.0819 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: E4C2764065D66EA1D2D3EBC28FE99C46, sha256: 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5
12:38:32.0819 0x0dd0  srv - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0819 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0819 0x0dd0  srv ( LockedFile.Multi.Generic ) - warning
12:38:32.0850 0x0dd0  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:38:32.0850 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: 03F0545BD8D4C77FA0AE1CEEDFCC71AB, sha256: 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0
12:38:32.0850 0x0dd0  srv2 - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0850 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0850 0x0dd0  srv2 ( LockedFile.Multi.Generic ) - warning
12:38:32.0866 0x0dd0  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:38:32.0866 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: BE6BD660CAA6F291AE06A718A4FA8ABC, sha256: CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59
12:38:32.0866 0x0dd0  srvnet - detected LockedFile.Multi.Generic ( 1 )
12:38:32.0866 0x0dd0  Object is SCO, delete is not allowed
12:38:32.0866 0x0dd0  srvnet ( LockedFile.Multi.Generic ) - warning
12:38:32.0897 0x0dd0  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:38:32.0944 0x0dd0  SSDPSRV - ok
12:38:32.0975 0x0dd0  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:38:32.0990 0x0dd0  SstpSvc - ok
12:38:33.0084 0x0dd0  [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:38:33.0100 0x0dd0  Stereo Service - ok
12:38:33.0131 0x0dd0  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:38:33.0131 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: DB32D325C192B801DF274BFD12A7E72B, sha256: F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA
12:38:33.0146 0x0dd0  stexstor - detected LockedFile.Multi.Generic ( 1 )
12:38:33.0146 0x0dd0  stexstor ( LockedFile.Multi.Generic ) - warning
12:38:33.0146 0x0dd0  Force sending object to P2P due to detect: stexstor
12:38:33.0146 0x0dd0  Object send P2P result: false
12:38:33.0209 0x0dd0  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:38:33.0271 0x0dd0  StiSvc - ok
12:38:33.0302 0x0dd0  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:38:33.0318 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: E58C78A848ADD9610A4DB6D214AF5224, sha256: 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426
12:38:33.0318 0x0dd0  swenum - detected LockedFile.Multi.Generic ( 1 )
12:38:33.0318 0x0dd0  Object is SCO, delete is not allowed
12:38:33.0318 0x0dd0  swenum ( LockedFile.Multi.Generic ) - warning
12:38:33.0318 0x0dd0  Force sending object to P2P due to detect: swenum
12:38:33.0334 0x0dd0  Object send P2P result: false
12:38:33.0365 0x0dd0  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
12:38:33.0412 0x0dd0  swprv - ok
12:38:33.0505 0x0dd0  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
12:38:33.0583 0x0dd0  SysMain - ok
12:38:33.0630 0x0dd0  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
12:38:33.0661 0x0dd0  TabletInputService - ok
12:38:33.0692 0x0dd0  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:38:33.0739 0x0dd0  TapiSrv - ok
12:38:33.0770 0x0dd0  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
12:38:33.0802 0x0dd0  TBS - ok
12:38:33.0926 0x0dd0  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:38:33.0926 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
12:38:33.0942 0x0dd0  Tcpip - detected LockedFile.Multi.Generic ( 1 )
12:38:33.0942 0x0dd0  Object is SCO, delete is not allowed
12:38:33.0942 0x0dd0  Tcpip ( LockedFile.Multi.Generic ) - warning
12:38:33.0942 0x0dd0  Force sending object to P2P due to detect: Tcpip
12:38:33.0942 0x0dd0  Object send P2P result: false
12:38:34.0020 0x0dd0  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:38:34.0020 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
12:38:34.0020 0x0dd0  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0020 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0020 0x0dd0  TCPIP6 ( LockedFile.Multi.Generic ) - warning
12:38:34.0051 0x0dd0  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:38:34.0051 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 3EEBD3BD93DA46A26E89893C7AB2FF3B, sha256: 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E
12:38:34.0067 0x0dd0  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0067 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0067 0x0dd0  tcpipreg ( LockedFile.Multi.Generic ) - warning
12:38:34.0082 0x0dd0  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:38:34.0082 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 1CB91B2BD8F6DD367DFC2EF26FD751B2, sha256: 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954
12:38:34.0082 0x0dd0  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0082 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0082 0x0dd0  TDPIPE ( LockedFile.Multi.Generic ) - warning
12:38:34.0114 0x0dd0  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:38:34.0114 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 2C2C5AFE7EE4F620D69C23C0617651A8, sha256: E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103
12:38:34.0114 0x0dd0  TDTCP - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0114 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0114 0x0dd0  TDTCP ( LockedFile.Multi.Generic ) - warning
12:38:34.0114 0x0dd0  Force sending object to P2P due to detect: TDTCP
12:38:34.0114 0x0dd0  Object send P2P result: false
12:38:34.0145 0x0dd0  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:38:34.0145 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 7FE680A3DFA421C4A8E4879AE4C5AAB0, sha256: A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD
12:38:34.0145 0x0dd0  tdx - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0145 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0145 0x0dd0  tdx ( LockedFile.Multi.Generic ) - warning
12:38:34.0160 0x0dd0  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:38:34.0160 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 04DBF4B01EA4BF25A9A3E84AFFAC9B20, sha256: 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663
12:38:34.0160 0x0dd0  TermDD - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0160 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0160 0x0dd0  TermDD ( LockedFile.Multi.Generic ) - warning
12:38:34.0238 0x0dd0  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
12:38:34.0316 0x0dd0  TermService - ok
12:38:34.0348 0x0dd0  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
12:38:34.0379 0x0dd0  Themes - ok
12:38:34.0410 0x0dd0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:38:34.0426 0x0dd0  THREADORDER - ok
12:38:34.0457 0x0dd0  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
12:38:34.0504 0x0dd0  TrkWks - ok
12:38:34.0566 0x0dd0  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:38:34.0613 0x0dd0  TrustedInstaller - ok
12:38:34.0660 0x0dd0  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:38:34.0660 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 6C5139E4283249518F7743D7043775B3, sha256: 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F
12:38:34.0660 0x0dd0  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0660 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0660 0x0dd0  tssecsrv ( LockedFile.Multi.Generic ) - warning
12:38:34.0660 0x0dd0  Force sending object to P2P due to detect: tssecsrv
12:38:34.0660 0x0dd0  Object send P2P result: false
12:38:34.0706 0x0dd0  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:38:34.0706 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: FD1D6C73E6333BE727CBCC6054247654, sha256: 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E
12:38:34.0706 0x0dd0  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0706 0x0dd0  TsUsbFlt ( LockedFile.Multi.Generic ) - warning
12:38:34.0769 0x0dd0  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:38:34.0769 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: B2FA25D9B17A68BB93D58B0556E8C90D, sha256: 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE
12:38:34.0769 0x0dd0  tunnel - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0769 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0769 0x0dd0  tunnel ( LockedFile.Multi.Generic ) - warning
12:38:34.0769 0x0dd0  Force sending object to P2P due to detect: tunnel
12:38:34.0769 0x0dd0  Object send P2P result: false
12:38:34.0800 0x0dd0  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:38:34.0800 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: 750FBCB269F4D7DD2E420C56B795DB6D, sha256: E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7
12:38:34.0800 0x0dd0  uagp35 - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0800 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0800 0x0dd0  uagp35 ( LockedFile.Multi.Generic ) - warning
12:38:34.0831 0x0dd0  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:38:34.0831 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: EE43346C7E4B5E63E54F927BABBB32FF, sha256: BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9
12:38:34.0831 0x0dd0  udfs - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0831 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0831 0x0dd0  udfs ( LockedFile.Multi.Generic ) - warning
12:38:34.0862 0x0dd0  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:38:34.0878 0x0dd0  UI0Detect - ok
12:38:34.0925 0x0dd0  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:38:34.0925 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 44E8048ACE47BEFBFDC2E9BE4CBC8880, sha256: 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C
12:38:34.0925 0x0dd0  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0925 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0925 0x0dd0  uliagpkx ( LockedFile.Multi.Generic ) - warning
12:38:34.0956 0x0dd0  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:38:34.0956 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: D295BED4B898F0FD999FCFA9B32B071B, sha256: D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2
12:38:34.0972 0x0dd0  umbus - detected LockedFile.Multi.Generic ( 1 )
12:38:34.0972 0x0dd0  Object is SCO, delete is not allowed
12:38:34.0972 0x0dd0  umbus ( LockedFile.Multi.Generic ) - warning
12:38:34.0972 0x0dd0  Force sending object to P2P due to detect: umbus
12:38:34.0972 0x0dd0  Object send P2P result: false
12:38:35.0003 0x0dd0  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:38:35.0003 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: 7550AD0C6998BA1CB4843E920EE0FEAC, sha256: 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D
12:38:35.0003 0x0dd0  UmPass - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0003 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0003 0x0dd0  UmPass ( LockedFile.Multi.Generic ) - warning
12:38:35.0003 0x0dd0  Force sending object to P2P due to detect: UmPass
12:38:35.0003 0x0dd0  Object send P2P result: false
12:38:35.0050 0x0dd0  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
12:38:35.0128 0x0dd0  upnphost - ok
12:38:35.0159 0x0dd0  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:38:35.0159 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 0803FBA9FE829D61AE26EC0BCC910C46, sha256: 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B
12:38:35.0159 0x0dd0  usbccgp - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0159 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0159 0x0dd0  usbccgp ( LockedFile.Multi.Generic ) - warning
12:38:35.0190 0x0dd0  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:38:35.0190 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 2352AB5F9F8F097BF9D41D5A4718A041, sha256: 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C
12:38:35.0190 0x0dd0  usbcir - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0190 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0190 0x0dd0  usbcir ( LockedFile.Multi.Generic ) - warning
12:38:35.0221 0x0dd0  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:38:35.0221 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: D40855F89B69305140BBD7E9A3BA2DA6, sha256: 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C
12:38:35.0221 0x0dd0  usbehci - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0221 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0221 0x0dd0  usbehci ( LockedFile.Multi.Generic ) - warning
12:38:35.0221 0x0dd0  Force sending object to P2P due to detect: usbehci
12:38:35.0221 0x0dd0  Object send P2P result: false
12:38:35.0284 0x0dd0  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:38:35.0284 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: EDF2DF71C4F1E13A6AC75F5224DE655A, sha256: 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C
12:38:35.0284 0x0dd0  usbhub - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0284 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0284 0x0dd0  usbhub ( LockedFile.Multi.Generic ) - warning
12:38:35.0284 0x0dd0  Force sending object to P2P due to detect: usbhub
12:38:35.0284 0x0dd0  Object send P2P result: false
12:38:35.0330 0x0dd0  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:38:35.0330 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9828C8D14CC2676421778F0DE638CF97, sha256: 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453
12:38:35.0330 0x0dd0  usbohci - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0330 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0330 0x0dd0  usbohci ( LockedFile.Multi.Generic ) - warning
12:38:35.0330 0x0dd0  Force sending object to P2P due to detect: usbohci
12:38:35.0330 0x0dd0  Object send P2P result: false
12:38:35.0362 0x0dd0  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:38:35.0362 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 797D862FE0875E75C7CC4C1AD7B30252, sha256: 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069
12:38:35.0362 0x0dd0  usbprint - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0362 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0362 0x0dd0  usbprint ( LockedFile.Multi.Generic ) - warning
12:38:35.0393 0x0dd0  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:38:35.0393 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: 576096CCBC07E7C4EA4F5E6686D6888F, sha256: 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED
12:38:35.0393 0x0dd0  usbscan - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0393 0x0dd0  usbscan ( LockedFile.Multi.Generic ) - warning
12:38:35.0393 0x0dd0  Force sending object to P2P due to detect: usbscan
12:38:35.0408 0x0dd0  Object send P2P result: false
12:38:35.0440 0x0dd0  [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
12:38:35.0440 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser.sys. md5: 007C0C8D5B01D82ACEB70431D15083F6, sha256: 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C
12:38:35.0440 0x0dd0  usbser - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0440 0x0dd0  usbser ( LockedFile.Multi.Generic ) - warning
12:38:35.0471 0x0dd0  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
12:38:35.0471 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\USBSTOR.SYS. md5: F991AB9CC6B908DB552166768176896A, sha256: AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026
12:38:35.0471 0x0dd0  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0471 0x0dd0  USBSTOR ( LockedFile.Multi.Generic ) - warning
12:38:35.0502 0x0dd0  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:38:35.0502 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: 800AABFD625EEFF899F7E5496BDE37AB, sha256: 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2
12:38:35.0502 0x0dd0  usbuhci - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0502 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0502 0x0dd0  usbuhci ( LockedFile.Multi.Generic ) - warning
12:38:35.0533 0x0dd0  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
12:38:35.0596 0x0dd0  UxSms - ok
12:38:35.0611 0x0dd0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] VaultSvc        C:\Windows\system32\lsass.exe
12:38:35.0627 0x0dd0  VaultSvc - ok
12:38:35.0658 0x0dd0  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:38:35.0658 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: A059C4C3EDB09E07D21A8E5C0AABD3CB, sha256: BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07
12:38:35.0658 0x0dd0  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0658 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0658 0x0dd0  vdrvroot ( LockedFile.Multi.Generic ) - warning
12:38:35.0720 0x0dd0  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
12:38:35.0783 0x0dd0  vds - ok
12:38:35.0814 0x0dd0  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:38:35.0814 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 17C408214EA61696CEC9C66E388B14F3, sha256: 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97
12:38:35.0814 0x0dd0  vga - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0814 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0814 0x0dd0  vga ( LockedFile.Multi.Generic ) - warning
12:38:35.0830 0x0dd0  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:38:35.0830 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 8E38096AD5C8570A6F1570A61E251561, sha256: 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39
12:38:35.0830 0x0dd0  VgaSave - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0830 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0830 0x0dd0  VgaSave ( LockedFile.Multi.Generic ) - warning
12:38:35.0876 0x0dd0  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:38:35.0876 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 5461686CCA2FDA57B024547733AB42E3, sha256: 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84
12:38:35.0876 0x0dd0  vhdmp - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0876 0x0dd0  vhdmp ( LockedFile.Multi.Generic ) - warning
12:38:35.0876 0x0dd0  Force sending object to P2P due to detect: vhdmp
12:38:35.0876 0x0dd0  Object send P2P result: false
12:38:35.0923 0x0dd0  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:38:35.0923 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaagp.sys. md5: C829317A37B4BEA8F39735D4B076E923, sha256: 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497
12:38:35.0923 0x0dd0  viaagp - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0923 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0923 0x0dd0  viaagp ( LockedFile.Multi.Generic ) - warning
12:38:35.0954 0x0dd0  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:38:35.0954 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viac7.sys. md5: E02F079A6AA107F06B16549C6E5C7B74, sha256: B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788
12:38:35.0954 0x0dd0  ViaC7 - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0954 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0954 0x0dd0  ViaC7 ( LockedFile.Multi.Generic ) - warning
12:38:35.0986 0x0dd0  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:38:35.0986 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E43574F6A56A0EE11809B48C09E4FD3C, sha256: 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9
12:38:35.0986 0x0dd0  viaide - detected LockedFile.Multi.Generic ( 1 )
12:38:35.0986 0x0dd0  Object is SCO, delete is not allowed
12:38:35.0986 0x0dd0  viaide ( LockedFile.Multi.Generic ) - warning
12:38:35.0986 0x0dd0  Force sending object to P2P due to detect: viaide
12:38:35.0986 0x0dd0  Object send P2P result: false
12:38:36.0017 0x0dd0  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:38:36.0017 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: 4C63E00F2F4B5F86AB48A58CD990F212, sha256: 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035
12:38:36.0017 0x0dd0  volmgr - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0017 0x0dd0  Object is SCO, delete is not allowed
12:38:36.0017 0x0dd0  volmgr ( LockedFile.Multi.Generic ) - warning
12:38:36.0017 0x0dd0  Force sending object to P2P due to detect: volmgr
12:38:36.0017 0x0dd0  Object send P2P result: false
12:38:36.0048 0x0dd0  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:38:36.0048 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: B5BB72067DDDDBBFB04B2F89FF8C3C87, sha256: 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC
12:38:36.0048 0x0dd0  volmgrx - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0048 0x0dd0  Object is SCO, delete is not allowed
12:38:36.0048 0x0dd0  volmgrx ( LockedFile.Multi.Generic ) - warning
12:38:36.0048 0x0dd0  Force sending object to P2P due to detect: volmgrx
12:38:36.0048 0x0dd0  Object send P2P result: false
12:38:36.0095 0x0dd0  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:38:36.0095 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: F497F67932C6FA693D7DE2780631CFE7, sha256: DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6
12:38:36.0095 0x0dd0  volsnap - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0095 0x0dd0  Object is SCO, delete is not allowed
12:38:36.0095 0x0dd0  volsnap ( LockedFile.Multi.Generic ) - warning
12:38:36.0095 0x0dd0  Force sending object to P2P due to detect: volsnap
12:38:36.0095 0x0dd0  Object send P2P result: false
12:38:36.0126 0x0dd0  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:38:36.0126 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 9DFA0CC2F8855A04816729651175B631, sha256: 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3
12:38:36.0126 0x0dd0  vsmraid - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0126 0x0dd0  Object is SCO, delete is not allowed
12:38:36.0126 0x0dd0  vsmraid ( LockedFile.Multi.Generic ) - warning
12:38:36.0220 0x0dd0  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
12:38:36.0329 0x0dd0  VSS - ok
12:38:36.0360 0x0dd0  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:38:36.0360 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vwifibus.sys. md5: 90567B1E658001E79D7C8BBD3DDE5AA6, sha256: EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557
12:38:36.0360 0x0dd0  vwifibus - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0360 0x0dd0  vwifibus ( LockedFile.Multi.Generic ) - warning
12:38:36.0360 0x0dd0  Force sending object to P2P due to detect: vwifibus
12:38:36.0360 0x0dd0  Object send P2P result: false
12:38:36.0422 0x0dd0  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:38:36.0485 0x0dd0  W32Time - ok
12:38:36.0516 0x0dd0  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:38:36.0516 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: DE3721E89C653AA281428C8A69745D90, sha256: 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516
12:38:36.0516 0x0dd0  WacomPen - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0516 0x0dd0  Object is SCO, delete is not allowed
12:38:36.0516 0x0dd0  WacomPen ( LockedFile.Multi.Generic ) - warning
12:38:36.0516 0x0dd0  Force sending object to P2P due to detect: WacomPen
12:38:36.0516 0x0dd0  Object send P2P result: false
12:38:36.0563 0x0dd0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:38:36.0563 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
12:38:36.0563 0x0dd0  WANARP - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0563 0x0dd0  Object is SCO, delete is not allowed
12:38:36.0563 0x0dd0  WANARP ( LockedFile.Multi.Generic ) - warning
12:38:36.0563 0x0dd0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:38:36.0563 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
12:38:36.0563 0x0dd0  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
12:38:36.0563 0x0dd0  Object is SCO, delete is not allowed
12:38:36.0563 0x0dd0  Wanarpv6 ( LockedFile.Multi.Generic ) - warning
12:38:36.0563 0x0dd0  Force sending object to P2P due to detect: Wanarpv6
12:38:36.0563 0x0dd0  Object send P2P result: false
12:38:36.0672 0x0dd0  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
12:38:36.0781 0x0dd0  wbengine - ok
12:38:36.0828 0x0dd0  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:38:36.0859 0x0dd0  WbioSrvc - ok
12:38:36.0890 0x0dd0  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:38:36.0922 0x0dd0  wcncsvc - ok
12:38:36.0937 0x0dd0  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:38:36.0953 0x0dd0  WcsPlugInService - ok
12:38:37.0000 0x0dd0  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:38:37.0000 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 1112A9BADACB47B7C0BB0392E3158DFF, sha256: 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4
12:38:37.0000 0x0dd0  Wd - detected LockedFile.Multi.Generic ( 1 )
12:38:37.0000 0x0dd0  Object is SCO, delete is not allowed
12:38:37.0000 0x0dd0  Wd ( LockedFile.Multi.Generic ) - warning
12:38:37.0062 0x0dd0  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:38:37.0062 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 25944D2CC49E0A6C581D02A74B7D6645, sha256: AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE
12:38:37.0062 0x0dd0  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
12:38:37.0062 0x0dd0  Object is SCO, delete is not allowed
12:38:37.0062 0x0dd0  Wdf01000 ( LockedFile.Multi.Generic ) - warning
12:38:37.0062 0x0dd0  Force sending object to P2P due to detect: Wdf01000
12:38:37.0078 0x0dd0  Object send P2P result: false
12:38:37.0093 0x0dd0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:38:37.0187 0x0dd0  WdiServiceHost - ok
12:38:37.0187 0x0dd0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:38:37.0202 0x0dd0  WdiSystemHost - ok
12:38:37.0234 0x0dd0  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
12:38:37.0265 0x0dd0  WebClient - ok
12:38:37.0312 0x0dd0  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:38:37.0358 0x0dd0  Wecsvc - ok
12:38:37.0374 0x0dd0  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:38:37.0421 0x0dd0  wercplsupport - ok
12:38:37.0452 0x0dd0  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:38:37.0483 0x0dd0  WerSvc - ok
12:38:37.0530 0x0dd0  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:38:37.0530 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8B9A943F3B53861F2BFAF6C186168F79, sha256: 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713
12:38:37.0530 0x0dd0  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
12:38:37.0530 0x0dd0  WfpLwf ( LockedFile.Multi.Generic ) - warning
12:38:37.0530 0x0dd0  Force sending object to P2P due to detect: WfpLwf
12:38:37.0530 0x0dd0  Object send P2P result: false
12:38:37.0546 0x0dd0  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:38:37.0546 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 5CF95B35E59E2A38023836FFF31BE64C, sha256: CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D
12:38:37.0546 0x0dd0  WIMMount - detected LockedFile.Multi.Generic ( 1 )
12:38:37.0546 0x0dd0  WIMMount ( LockedFile.Multi.Generic ) - warning
12:38:37.0639 0x0dd0  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:38:37.0733 0x0dd0  WinDefend - ok
12:38:37.0764 0x0dd0  WinHttpAutoProxySvc - ok
12:38:37.0826 0x0dd0  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:38:37.0889 0x0dd0  Winmgmt - ok
12:38:37.0998 0x0dd0  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:38:38.0107 0x0dd0  WinRM - ok
12:38:38.0154 0x0dd0  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:38:38.0154 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: A67E5F9A400F3BD1BE3D80613B45F708, sha256: E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367
12:38:38.0154 0x0dd0  WinUsb - detected LockedFile.Multi.Generic ( 1 )
12:38:38.0154 0x0dd0  WinUsb ( LockedFile.Multi.Generic ) - warning
12:38:38.0154 0x0dd0  Force sending object to P2P due to detect: WinUsb
12:38:38.0154 0x0dd0  Object send P2P result: false
12:38:38.0232 0x0dd0  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:38:38.0263 0x0dd0  Wlansvc - ok
12:38:38.0310 0x0dd0  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:38:38.0310 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: 0217679B8FCA58714C3BF2726D2CA84E, sha256: 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A
12:38:38.0310 0x0dd0  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
12:38:38.0310 0x0dd0  Object is SCO, delete is not allowed
12:38:38.0310 0x0dd0  WmiAcpi ( LockedFile.Multi.Generic ) - warning
12:38:38.0341 0x0dd0  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:38:38.0388 0x0dd0  wmiApSrv - ok
12:38:38.0513 0x0dd0  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:38:38.0575 0x0dd0  WMPNetworkSvc - ok
12:38:38.0606 0x0dd0  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:38:38.0653 0x0dd0  WPCSvc - ok
12:38:38.0684 0x0dd0  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:38:38.0731 0x0dd0  WPDBusEnum - ok
12:38:38.0762 0x0dd0  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:38:38.0762 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6DB3276587B853BF886B69528FDB048C, sha256: 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C
12:38:38.0762 0x0dd0  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
12:38:38.0762 0x0dd0  Object is SCO, delete is not allowed
12:38:38.0762 0x0dd0  ws2ifsl ( LockedFile.Multi.Generic ) - warning
12:38:38.0762 0x0dd0  Force sending object to P2P due to detect: ws2ifsl
12:38:38.0778 0x0dd0  Object send P2P result: false
12:38:38.0794 0x0dd0  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:38:38.0825 0x0dd0  wscsvc - ok
12:38:38.0825 0x0dd0  WSearch - ok
12:38:38.0981 0x0dd0  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
12:38:39.0043 0x0dd0  wuauserv - ok
12:38:39.0090 0x0dd0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:38:39.0090 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 06E6F32C8D0A3F66D956F57B43A2E070, sha256: 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943
12:38:39.0090 0x0dd0  WudfPf - detected LockedFile.Multi.Generic ( 1 )
12:38:39.0090 0x0dd0  Object is SCO, delete is not allowed
12:38:39.0090 0x0dd0  WudfPf ( LockedFile.Multi.Generic ) - warning
12:38:39.0090 0x0dd0  Force sending object to P2P due to detect: WudfPf
12:38:39.0090 0x0dd0  Object send P2P result: false
12:38:39.0106 0x0dd0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:38:39.0106 0x0dd0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 867C301E8B790040AE9CF6486E8041DF, sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
12:38:39.0106 0x0dd0  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
12:38:39.0106 0x0dd0  Object is SCO, delete is not allowed
12:38:39.0106 0x0dd0  WUDFRd ( LockedFile.Multi.Generic ) - warning
12:38:39.0106 0x0dd0  Force sending object to P2P due to detect: WUDFRd
12:38:39.0121 0x0dd0  Object send P2P result: false
12:38:39.0152 0x0dd0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:38:39.0199 0x0dd0  wudfsvc - ok
12:38:39.0230 0x0dd0  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:38:39.0293 0x0dd0  WwanSvc - ok
12:38:39.0324 0x0dd0  ================ Scan global ===============================
12:38:39.0355 0x0dd0  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
12:38:39.0386 0x0dd0  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:38:39.0418 0x0dd0  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:38:39.0449 0x0dd0  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:38:39.0480 0x0dd0  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:38:39.0496 0x0dd0  [ Global ] - ok
12:38:39.0496 0x0dd0  ================ Scan MBR ==================================
12:38:39.0511 0x0dd0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:38:39.0683 0x0dd0  \Device\Harddisk0\DR0 - ok
12:38:39.0683 0x0dd0  ================ Scan VBR ==================================
12:38:39.0683 0x0dd0  [ FA6446873707FE19EAA751E6F3BFA568 ] \Device\Harddisk0\DR0\Partition1
12:38:39.0683 0x0dd0  \Device\Harddisk0\DR0\Partition1 - ok
12:38:39.0714 0x0dd0  [ 086FB0FB9F4BA3DD31E6CF289DC97C22 ] \Device\Harddisk0\DR0\Partition2
12:38:39.0714 0x0dd0  \Device\Harddisk0\DR0\Partition2 - ok
12:38:39.0714 0x0dd0  ================ Scan generic autorun ======================
12:38:39.0761 0x0dd0  [ C26DC901D106AB96F405A35069B8E8EB, F245F715BFFCC5C535AA43ED630CE146794BCA56D9EBA46E6778450D06232731 ] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
12:38:39.0792 0x0dd0  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
12:38:39.0792 0x0dd0  AVMWlanClient ( UnsignedFile.Multi.Generic ) - warning
12:38:39.0917 0x0dd0  [ A9F3C6135C9756E21A331F20437BC83E, 2576B4DD5D8374FF3042704DC885B4674ABF3E239BD7697785680C1D705901BA ] C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
12:38:39.0932 0x0dd0  G Data ASM - ok
12:38:40.0010 0x0dd0  [ E66532FD491AD5604C36916715FBA092, 43FA8EF2025E7F1281CA024CB2EB2A433310E1515DCA9359035B3FB4BAE1FA8C ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
12:38:40.0026 0x0dd0  Adobe Reader Speed Launcher - ok
12:38:40.0151 0x0dd0  [ 3CB07566302BCEEB898DE270A0BEC175, B234D1044D8702A0929BB48F729EB5078B44AA7CD574B6482633B51289E70200 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:38:40.0213 0x0dd0  Adobe ARM - ok
12:38:40.0260 0x0dd0  [ 13E7CFE8E269ED15E7FC9C3EBBCB7E2B, 3B64263BA305F094B09B1961621C50CA6F9771F80CAC9F916B18BB0C7753A662 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
12:38:40.0291 0x0dd0  SunJavaUpdateSched - ok
12:38:40.0556 0x0dd0  [ 2A06A880B6AECB9B1F384B60F35D5831, A5FF754AFBC6F818F470F50253A9E88BA24C5AA3E056D28AAF32ABBF1202C81B ] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
12:38:40.0619 0x0dd0  GDFirewallTray - ok
12:38:40.0728 0x0dd0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:38:40.0853 0x0dd0  Sidebar - ok
12:38:40.0884 0x0dd0  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:38:40.0915 0x0dd0  mctadmin - ok
12:38:41.0009 0x0dd0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:38:41.0071 0x0dd0  Sidebar - ok
12:38:41.0087 0x0dd0  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:38:41.0087 0x0dd0  mctadmin - ok
12:38:41.0414 0x0dd0  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
12:38:41.0555 0x0dd0  Akamai NetSession Interface - ok
12:38:41.0648 0x0dd0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:38:41.0695 0x0dd0  Sidebar - ok
12:38:41.0726 0x0dd0  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:38:41.0742 0x0dd0  mctadmin - ok
12:38:41.0820 0x0dd0  AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41010 ( enabled : outofdate )
12:38:41.0820 0x0dd0  FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
12:38:41.0820 0x0dd0  ============================================================
12:38:41.0820 0x0dd0  Scan finished
12:38:41.0820 0x0dd0  ============================================================
12:38:41.0836 0x0dc4  Detected object count: 99
12:38:41.0836 0x0dc4  Actual detected object count: 99
12:40:29.0008 0x0dc4  98730404f2d3d842 ( Rootkit.Win32.Necurs.gen ) - skipped by user
12:40:29.0008 0x0dc4  98730404f2d3d842 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
12:40:29.0008 0x0dc4  HidUsb ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0008 0x0dc4  HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0008 0x0dc4  LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0008 0x0dc4  LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0008 0x0dc4  mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0008 0x0dc4  mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0008 0x0dc4  Ntfs ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0008 0x0dc4  Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  pci ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  pci ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  pciide ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  pciide ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  pcmcia ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  pcw ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  pcw ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  Processor ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  Processor ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  Psched ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  Psched ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  ql2300 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0023 0x0dc4  ql40xx ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0023 0x0dc4  ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  RasAcd ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  RasSstp ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  rdbss ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  rdpbus ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0039 0x0dc4  RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0039 0x0dc4  RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  RDPWD ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  rdyboost ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  rspndr ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  sbp2port ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  scfilter ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  secdrv ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0054 0x0dc4  Serenum ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0054 0x0dc4  Serenum ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  Serial ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  Serial ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  sermouse ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  sermouse ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  sffdisk ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  sfloppy ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  sisagp ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  sisagp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0070 0x0dc4  Smb ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0070 0x0dc4  Smb ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  spldr ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  spldr ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  srv ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  srv ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  srv2 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  srvnet ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  srvnet ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  stexstor ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  stexstor ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  swenum ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  swenum ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  Tcpip ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0086 0x0dc4  tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0086 0x0dc4  tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0101 0x0dc4  TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0101 0x0dc4  TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0101 0x0dc4  TDTCP ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0101 0x0dc4  TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0101 0x0dc4  tdx ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0101 0x0dc4  tdx ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0101 0x0dc4  TermDD ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0101 0x0dc4  TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0101 0x0dc4  tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0101 0x0dc4  tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0101 0x0dc4  TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0101 0x0dc4  TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0117 0x0dc4  tunnel ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0117 0x0dc4  tunnel ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0117 0x0dc4  uagp35 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0117 0x0dc4  uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0117 0x0dc4  udfs ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0117 0x0dc4  udfs ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0117 0x0dc4  uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0117 0x0dc4  uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0117 0x0dc4  umbus ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0117 0x0dc4  umbus ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0117 0x0dc4  UmPass ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0117 0x0dc4  UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0132 0x0dc4  usbccgp ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0132 0x0dc4  usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0132 0x0dc4  usbcir ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0132 0x0dc4  usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0132 0x0dc4  usbehci ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0132 0x0dc4  usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0132 0x0dc4  usbhub ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0132 0x0dc4  usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0132 0x0dc4  usbohci ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0132 0x0dc4  usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0132 0x0dc4  usbprint ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0132 0x0dc4  usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0132 0x0dc4  usbscan ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0132 0x0dc4  usbscan ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  usbser ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  usbser ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  usbuhci ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  vga ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  vga ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  VgaSave ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  vhdmp ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  viaagp ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  viaagp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0148 0x0dc4  ViaC7 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0148 0x0dc4  ViaC7 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0164 0x0dc4  viaide ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0164 0x0dc4  viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0164 0x0dc4  volmgr ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0164 0x0dc4  volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0164 0x0dc4  volmgrx ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0164 0x0dc4  volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0164 0x0dc4  volsnap ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0164 0x0dc4  volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0164 0x0dc4  vsmraid ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0164 0x0dc4  vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0164 0x0dc4  vwifibus ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0164 0x0dc4  vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0164 0x0dc4  WacomPen ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0164 0x0dc4  WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  WANARP ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  Wd ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  WIMMount ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  WinUsb ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0179 0x0dc4  ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0179 0x0dc4  ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0195 0x0dc4  WudfPf ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0195 0x0dc4  WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0195 0x0dc4  WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
12:40:29.0195 0x0dc4  WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:40:29.0195 0x0dc4  AVMWlanClient ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:29.0195 0x0dc4  AVMWlanClient ( UnsignedFile.Multi.Generic ) - User select action: Skip

deeprybka · 31.03.2015, 12:01

Gut.

Schritt 1

Starte bitte TDSSkiller.exe.
Vista und Win7 User mit Rechtsklick "als Administrator ausführen".

Wähle wieder "Change parameters" und setze die Haken wie beim letzten Scan.
Drücke auf Start Scan.
Mache während des Scans nichts am Rechner!
Gehe sicher, dass (nur!) bei 98730404f2d3d842 ( Rootkit.Win32.Necurs.gen ) die Option Cure (default) oder Delete angehakt ist.
Drücke Continue --> Reboot.
TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
Poste bitte den Inhalt dieses Logfiles in deinen Thread.

Steffen 70 · 01.04.2015, 15:54

Code:

ATTFilter

16:34:55.0048 0x0ac0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:34:59.0603 0x0ac0  ============================================================
16:34:59.0603 0x0ac0  Current date / time: 2015/04/01 16:34:59.0603
16:34:59.0603 0x0ac0  SystemInfo:
16:34:59.0603 0x0ac0  
16:34:59.0603 0x0ac0  OS Version: 6.1.7601 ServicePack: 1.0
16:34:59.0603 0x0ac0  Product type: Workstation
16:34:59.0603 0x0ac0  ComputerName: STEFFEN-PC
16:34:59.0603 0x0ac0  UserName: Steffen
16:34:59.0603 0x0ac0  Windows directory: C:\Windows
16:34:59.0603 0x0ac0  System windows directory: C:\Windows
16:34:59.0603 0x0ac0  Processor architecture: Intel x86
16:34:59.0603 0x0ac0  Number of processors: 2
16:34:59.0603 0x0ac0  Page size: 0x1000
16:34:59.0603 0x0ac0  Boot type: Normal boot
16:34:59.0603 0x0ac0  ============================================================
16:35:01.0178 0x0ac0  KLMD registered as C:\Windows\system32\drivers\34980713.sys
16:35:22.0519 0x0ac0  System UUID: {46E0A9DE-26BC-4181-AEFA-41A238A50B07}
16:35:22.0972 0x0ac0  !crdlk
16:35:22.0987 0x0ac0  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:35:22.0987 0x0ac0  ============================================================
16:35:22.0987 0x0ac0  \Device\Harddisk0\DR0:
16:35:22.0987 0x0ac0  MBR partitions:
16:35:22.0987 0x0ac0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:35:22.0987 0x0ac0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
16:35:22.0987 0x0ac0  ============================================================
16:35:23.0034 0x0ac0  C: <-> \Device\Harddisk0\DR0\Partition2
16:35:23.0050 0x0ac0  E: <-> \Device\Harddisk0\DR0\Partition1
16:35:23.0050 0x0ac0  ============================================================
16:35:23.0050 0x0ac0  Initialize success
16:35:23.0050 0x0ac0  ============================================================
16:35:58.0742 0x0ba0  ============================================================
16:35:58.0742 0x0ba0  Scan started
16:35:58.0742 0x0ba0  Mode: Manual; SigCheck; TDLFS; 
16:35:58.0742 0x0ba0  ============================================================
16:35:58.0742 0x0ba0  KSN ping started
16:36:12.0174 0x0ba0  KSN ping finished: true
16:36:13.0172 0x0ba0  ================ Scan system memory ========================
16:36:13.0172 0x0ba0  Scan was interrupted by user!
16:36:13.0250 0x0ba0  AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41010 ( enabled : outofdate )
16:36:13.0250 0x0ba0  FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
16:36:15.0700 0x0ba0  ============================================================
16:36:15.0700 0x0ba0  Scan finished
16:36:15.0700 0x0ba0  ============================================================
16:36:15.0700 0x0250  Detected object count: 0
16:36:15.0700 0x0250  Actual detected object count: 0
16:37:56.0398 0x0cd4  ============================================================
16:37:56.0398 0x0cd4  Scan started
16:37:56.0398 0x0cd4  Mode: Manual; SigCheck; TDLFS; 
16:37:56.0398 0x0cd4  ============================================================
16:37:56.0398 0x0cd4  KSN ping started
16:38:10.0063 0x0cd4  KSN ping finished: true
16:38:11.0171 0x0cd4  ================ Scan system memory ========================
16:38:11.0171 0x0cd4  System memory - ok
16:38:11.0171 0x0cd4  ================ Scan services =============================
16:38:11.0358 0x0cd4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:38:11.0405 0x0cd4  1394ohci - ok
16:38:11.0436 0x0cd4  Suspicious service (NoAccess): 98730404f2d3d842
16:38:11.0483 0x0cd4  [ 6EC2346C82F95E3BFBD2EFE50E2C8AF9, 253271FFE32145DC09A9AFFF380E356871AC61F23CF2F3BE58415DB18E38B5CF ] 98730404f2d3d842 C:\Windows\System32\Drivers\98730404f2d3d842.sys
16:38:11.0483 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\98730404f2d3d842.sys. md5: 6EC2346C82F95E3BFBD2EFE50E2C8AF9, sha256: 253271FFE32145DC09A9AFFF380E356871AC61F23CF2F3BE58415DB18E38B5CF
16:38:11.0530 0x0cd4  98730404f2d3d842 - detected Rootkit.Win32.Necurs.gen ( 0 )
16:38:13.0979 0x0cd4  98730404f2d3d842 ( Rootkit.Win32.Necurs.gen ) - infected
16:38:13.0979 0x0cd4  Force sending object to P2P due to detect: 98730404f2d3d842
16:38:16.0522 0x0cd4  Object send P2P result: true
16:38:18.0986 0x0cd4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:38:19.0018 0x0cd4  ACPI - ok
16:38:19.0064 0x0cd4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:38:19.0080 0x0cd4  AcpiPmi - ok
16:38:19.0174 0x0cd4  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:38:19.0205 0x0cd4  AdobeFlashPlayerUpdateSvc - ok
16:38:19.0298 0x0cd4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:38:19.0345 0x0cd4  adp94xx - ok
16:38:19.0408 0x0cd4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:38:19.0439 0x0cd4  adpahci - ok
16:38:19.0501 0x0cd4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:38:19.0517 0x0cd4  adpu320 - ok
16:38:19.0548 0x0cd4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:38:19.0579 0x0cd4  AeLookupSvc - ok
16:38:19.0657 0x0cd4  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
16:38:19.0704 0x0cd4  AFD - ok
16:38:19.0751 0x0cd4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:38:19.0766 0x0cd4  agp440 - ok
16:38:19.0829 0x0cd4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:38:19.0844 0x0cd4  aic78xx - ok
16:38:19.0891 0x0cd4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
16:38:19.0907 0x0cd4  ALG - ok
16:38:19.0954 0x0cd4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:38:19.0954 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\aliide.sys. md5: 0D40BCF52EA90FC7DF2AEAB6503DEA44, sha256: 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6
16:38:19.0954 0x0cd4  aliide - detected LockedFile.Multi.Generic ( 1 )
16:38:22.0325 0x0cd4  Detect skipped due to KSN trusted
16:38:22.0325 0x0cd4  aliide - ok
16:38:22.0387 0x0cd4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:38:22.0418 0x0cd4  amdagp - ok
16:38:22.0450 0x0cd4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:38:22.0465 0x0cd4  amdide - ok
16:38:22.0512 0x0cd4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:38:22.0528 0x0cd4  AmdK8 - ok
16:38:22.0559 0x0cd4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:38:22.0574 0x0cd4  AmdPPM - ok
16:38:22.0637 0x0cd4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:38:22.0652 0x0cd4  amdsata - ok
16:38:22.0699 0x0cd4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:38:22.0715 0x0cd4  amdsbs - ok
16:38:22.0746 0x0cd4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:38:22.0762 0x0cd4  amdxata - ok
16:38:22.0793 0x0cd4  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
16:38:22.0840 0x0cd4  AppID - ok
16:38:22.0886 0x0cd4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:38:22.0918 0x0cd4  AppIDSvc - ok
16:38:22.0949 0x0cd4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
16:38:22.0964 0x0cd4  Appinfo - ok
16:38:23.0011 0x0cd4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:38:23.0011 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arc.sys. md5: 2932004F49677BD84DBC72EDB754FFB3, sha256: 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8
16:38:23.0027 0x0cd4  arc - detected LockedFile.Multi.Generic ( 1 )
16:38:25.0414 0x0cd4  Detect skipped due to KSN trusted
16:38:25.0414 0x0cd4  arc - ok
16:38:25.0445 0x0cd4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:38:25.0460 0x0cd4  arcsas - ok
16:38:25.0601 0x0cd4  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:38:25.0632 0x0cd4  aspnet_state - ok
16:38:25.0694 0x0cd4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:38:25.0726 0x0cd4  AsyncMac - ok
16:38:25.0772 0x0cd4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:38:25.0788 0x0cd4  atapi - ok
16:38:26.0022 0x0cd4  [ 712D8A95E45B070114C5309ADA7358FF, 1F0285CFB9982637186531489743798511BA75B612B202231E9BC1CF5372C0BB ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:38:26.0147 0x0cd4  atikmdag - ok
16:38:26.0256 0x0cd4  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:38:26.0287 0x0cd4  AudioEndpointBuilder - ok
16:38:26.0350 0x0cd4  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:38:26.0396 0x0cd4  Audiosrv - ok
16:38:26.0911 0x0cd4  [ B90962C56D37665500E3B2510844F57E, D3A97436CACA7FD2E6EF6B07536F26665C06F6251472FAB96E923039412E6E85 ] AVKProxy        C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
16:38:26.0974 0x0cd4  AVKProxy - ok
16:38:27.0208 0x0cd4  [ 56C6F2D7F1D515B4B534217443D3B67F, CB9E94EE515EE7C426B34EC40DFDEF27893C3379C011B2FF6EEF318A34BCF482 ] AVKService      C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
16:38:27.0239 0x0cd4  AVKService - ok
16:38:27.0551 0x0cd4  [ 460DF58F2B393689EA6B87288BA7DFC5, D0330FC768B98DB4E76132CB40044E600AFE83964E63845C2534254EA5B15DA2 ] AVKWCtl         C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
16:38:27.0660 0x0cd4  AVKWCtl - ok
16:38:27.0722 0x0cd4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:38:27.0738 0x0cd4  AxInstSV - ok
16:38:27.0816 0x0cd4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:38:27.0832 0x0cd4  b06bdrv - ok
16:38:27.0878 0x0cd4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:38:27.0894 0x0cd4  b57nd60x - ok
16:38:27.0956 0x0cd4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
16:38:27.0972 0x0cd4  BDESVC - ok
16:38:28.0003 0x0cd4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:38:28.0019 0x0cd4  Beep - ok
16:38:28.0097 0x0cd4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
16:38:28.0144 0x0cd4  BFE - ok
16:38:28.0237 0x0cd4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
16:38:28.0284 0x0cd4  BITS - ok
16:38:28.0331 0x0cd4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:38:28.0346 0x0cd4  blbdrive - ok
16:38:28.0393 0x0cd4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:38:28.0409 0x0cd4  bowser - ok
16:38:28.0456 0x0cd4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:38:28.0471 0x0cd4  BrFiltLo - ok
16:38:28.0487 0x0cd4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:38:28.0502 0x0cd4  BrFiltUp - ok
16:38:28.0549 0x0cd4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
16:38:28.0580 0x0cd4  Browser - ok
16:38:28.0658 0x0cd4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:38:28.0674 0x0cd4  Brserid - ok
16:38:28.0705 0x0cd4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:38:28.0721 0x0cd4  BrSerWdm - ok
16:38:28.0721 0x0cd4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:38:28.0736 0x0cd4  BrUsbMdm - ok
16:38:28.0736 0x0cd4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:38:28.0752 0x0cd4  BrUsbSer - ok
16:38:28.0768 0x0cd4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:38:28.0783 0x0cd4  BTHMODEM - ok
16:38:28.0830 0x0cd4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
16:38:28.0861 0x0cd4  bthserv - ok
16:38:28.0908 0x0cd4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:38:28.0908 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: 77EA11B065E0A8AB902D78145CA51E10, sha256: 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A
16:38:28.0924 0x0cd4  cdfs - detected LockedFile.Multi.Generic ( 1 )
16:38:31.0310 0x0cd4  Detect skipped due to KSN trusted
16:38:31.0310 0x0cd4  cdfs - ok
16:38:31.0373 0x0cd4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:38:31.0388 0x0cd4  cdrom - ok
16:38:31.0451 0x0cd4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:38:31.0482 0x0cd4  CertPropSvc - ok
16:38:31.0513 0x0cd4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:38:31.0544 0x0cd4  circlass - ok
16:38:31.0638 0x0cd4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
16:38:31.0669 0x0cd4  CLFS - ok
16:38:31.0747 0x0cd4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:31.0763 0x0cd4  clr_optimization_v2.0.50727_32 - ok
16:38:31.0825 0x0cd4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:38:31.0856 0x0cd4  clr_optimization_v4.0.30319_32 - ok
16:38:31.0919 0x0cd4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:38:31.0934 0x0cd4  CmBatt - ok
16:38:31.0966 0x0cd4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:38:31.0981 0x0cd4  cmdide - ok
16:38:32.0044 0x0cd4  [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG             C:\Windows\system32\Drivers\cng.sys
16:38:32.0090 0x0cd4  CNG - ok
16:38:32.0122 0x0cd4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:38:32.0137 0x0cd4  Compbatt - ok
16:38:32.0184 0x0cd4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:38:32.0215 0x0cd4  CompositeBus - ok
16:38:32.0231 0x0cd4  COMSysApp - ok
16:38:32.0262 0x0cd4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:38:32.0262 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 2C4EBCFC84A9B44F209DFF6C6E6C61D1, sha256: 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6
16:38:32.0278 0x0cd4  crcdisk - detected LockedFile.Multi.Generic ( 1 )
16:38:34.0680 0x0cd4  Detect skipped due to KSN trusted
16:38:34.0680 0x0cd4  crcdisk - ok
16:38:34.0742 0x0cd4  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:38:34.0774 0x0cd4  CryptSvc - ok
16:38:34.0852 0x0cd4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:38:34.0914 0x0cd4  DcomLaunch - ok
16:38:34.0961 0x0cd4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
16:38:35.0008 0x0cd4  defragsvc - ok
16:38:35.0054 0x0cd4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:38:35.0086 0x0cd4  DfsC - ok
16:38:35.0148 0x0cd4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:38:35.0179 0x0cd4  Dhcp - ok
16:38:35.0226 0x0cd4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
16:38:35.0273 0x0cd4  discache - ok
16:38:35.0320 0x0cd4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:38:35.0335 0x0cd4  Disk - ok
16:38:35.0382 0x0cd4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:38:35.0413 0x0cd4  Dnscache - ok
16:38:35.0444 0x0cd4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:38:35.0476 0x0cd4  dot3svc - ok
16:38:35.0522 0x0cd4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
16:38:35.0569 0x0cd4  DPS - ok
16:38:35.0647 0x0cd4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:38:35.0663 0x0cd4  drmkaud - ok
16:38:35.0756 0x0cd4  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:38:35.0803 0x0cd4  DXGKrnl - ok
16:38:35.0850 0x0cd4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
16:38:35.0897 0x0cd4  EapHost - ok
16:38:36.0084 0x0cd4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:38:36.0178 0x0cd4  ebdrv - ok
16:38:36.0240 0x0cd4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS             C:\Windows\System32\lsass.exe
16:38:36.0256 0x0cd4  EFS - ok
16:38:36.0349 0x0cd4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:38:36.0396 0x0cd4  ehRecvr - ok
16:38:36.0443 0x0cd4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
16:38:36.0458 0x0cd4  ehSched - ok
16:38:36.0536 0x0cd4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:38:36.0568 0x0cd4  elxstor - ok
16:38:36.0630 0x0cd4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:38:36.0646 0x0cd4  ErrDev - ok
16:38:36.0724 0x0cd4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
16:38:36.0770 0x0cd4  EventSystem - ok
16:38:36.0817 0x0cd4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:38:36.0864 0x0cd4  exfat - ok
16:38:36.0895 0x0cd4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:38:36.0926 0x0cd4  fastfat - ok
16:38:37.0020 0x0cd4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
16:38:37.0051 0x0cd4  Fax - ok
16:38:37.0098 0x0cd4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:38:37.0114 0x0cd4  fdc - ok
16:38:37.0145 0x0cd4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
16:38:37.0192 0x0cd4  fdPHost - ok
16:38:37.0207 0x0cd4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:38:37.0238 0x0cd4  FDResPub - ok
16:38:37.0270 0x0cd4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:38:37.0285 0x0cd4  FileInfo - ok
16:38:37.0316 0x0cd4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:38:37.0348 0x0cd4  Filetrace - ok
16:38:37.0379 0x0cd4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:38:37.0394 0x0cd4  flpydisk - ok
16:38:37.0426 0x0cd4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:38:37.0426 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: 7520EC808E0C35E0EE6F841294316653, sha256: 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67
16:38:37.0457 0x0cd4  FltMgr - detected LockedFile.Multi.Generic ( 1 )
16:38:39.0828 0x0cd4  Detect skipped due to KSN trusted
16:38:39.0828 0x0cd4  FltMgr - ok
16:38:39.0953 0x0cd4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
16:38:40.0015 0x0cd4  FontCache - ok
16:38:40.0093 0x0cd4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:38:40.0109 0x0cd4  FontCache3.0.0.0 - ok
16:38:40.0156 0x0cd4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:38:40.0171 0x0cd4  FsDepends - ok
16:38:40.0202 0x0cd4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:38:40.0234 0x0cd4  Fs_Rec - ok
16:38:40.0280 0x0cd4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:38:40.0312 0x0cd4  fvevol - ok
16:38:40.0358 0x0cd4  [ B45F1DF1CCE34E2AF422F0ED78CD70EF, 2B0E705B2274B5801FE70C2A44D9B73BB2D5659BBBB03631737EC55E8D90E997 ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
16:38:40.0374 0x0cd4  FWLANUSB - ok
16:38:40.0421 0x0cd4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:38:40.0421 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 65EE0C7A58B65E74AE05637418153938, sha256: 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF
16:38:40.0436 0x0cd4  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
16:38:42.0839 0x0cd4  Detect skipped due to KSN trusted
16:38:42.0839 0x0cd4  gagp30kx - ok
16:38:42.0901 0x0cd4  [ 6E755F8DA0790AA6924B8BE91CC99A4B, 7804DC14E6CC1775DB4A7833D0B8FC73C8AA1A2A81F65811FC26FC773FB50670 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
16:38:42.0917 0x0cd4  GDBehave - ok
16:38:43.0322 0x0cd4  [ FE489997ABB4335371188561E22E08C7, 8F7859E2228464664B410FCC9224C727784A2EC115D618BF0889BFFEC96D97C2 ] GDFwSvc         C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
16:38:43.0588 0x0cd4  GDFwSvc - ok
16:38:43.0666 0x0cd4  [ 0B644EB2DA939985D674B653FA446933, BE4517F73A6A20433403100F6B30EDDB194EB243772C8D4AB0C5FB732793FF74 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
16:38:43.0681 0x0cd4  GDMnIcpt - ok
16:38:43.0759 0x0cd4  [ B7D00C0B098A27937B249E50398D0A73, FD2EF6B9FB85E7A8FB92051C11EB7A3DCD334F9BEAE7F0F242972C06A94BD799 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
16:38:43.0775 0x0cd4  GDPkIcpt - ok
16:38:43.0915 0x0cd4  [ 846972E3EBB10D2F39A69B5E6CF08313, 7E2EC3BBF066C3C40F75F2533D1AB2307C3331FA460243A4F4B31A61714C159E ] GDScan          C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
16:38:43.0946 0x0cd4  GDScan - ok
16:38:44.0009 0x0cd4  [ 3B6E35FDA3AB07A081CA1D0BCB205F19, F0C92BC0152A427D11EA9B1389DA7CDE2BB1DBAE12EE8D9C781E7A215F511D61 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd32.sys
16:38:44.0040 0x0cd4  gdwfpcd - ok
16:38:44.0118 0x0cd4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:38:44.0180 0x0cd4  gpsvc - ok
16:38:44.0212 0x0cd4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:38:44.0227 0x0cd4  hcw85cir - ok
16:38:44.0305 0x0cd4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:38:44.0336 0x0cd4  HdAudAddService - ok
16:38:44.0383 0x0cd4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:38:44.0414 0x0cd4  HDAudBus - ok
16:38:44.0446 0x0cd4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:38:44.0477 0x0cd4  HidBatt - ok
16:38:44.0508 0x0cd4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:38:44.0539 0x0cd4  HidBth - ok
16:38:44.0602 0x0cd4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:38:44.0633 0x0cd4  HidIr - ok
16:38:44.0695 0x0cd4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
16:38:44.0742 0x0cd4  hidserv - ok
16:38:44.0789 0x0cd4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:38:44.0820 0x0cd4  HidUsb - ok
16:38:44.0898 0x0cd4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:38:44.0929 0x0cd4  hkmsvc - ok
16:38:44.0976 0x0cd4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:38:45.0007 0x0cd4  HomeGroupListener - ok
16:38:45.0038 0x0cd4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:38:45.0070 0x0cd4  HomeGroupProvider - ok
16:38:45.0116 0x0cd4  [ 6AD5573C959D466C1BB6360C3CE21FEF, 7CA95C1D756C2223C16B9DF517FCDBBBAAAE3C6FD85F1EE8DA8628ECBD24E93E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
16:38:45.0132 0x0cd4  HookCentre - ok
16:38:45.0194 0x0cd4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:38:45.0210 0x0cd4  HpSAMD - ok
16:38:45.0304 0x0cd4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:38:45.0366 0x0cd4  HTTP - ok
16:38:45.0413 0x0cd4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:38:45.0428 0x0cd4  hwpolicy - ok
16:38:45.0475 0x0cd4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:38:45.0522 0x0cd4  i8042prt - ok
16:38:45.0631 0x0cd4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:38:45.0647 0x0cd4  iaStorV - ok
16:38:45.0787 0x0cd4  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:38:45.0834 0x0cd4  idsvc - ok
16:38:45.0881 0x0cd4  IEEtwCollectorService - ok
16:38:45.0943 0x0cd4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:38:45.0959 0x0cd4  iirsp - ok
16:38:46.0052 0x0cd4  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:38:46.0084 0x0cd4  IKEEXT - ok
16:38:46.0146 0x0cd4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:38:46.0162 0x0cd4  intelide - ok
16:38:46.0193 0x0cd4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:38:46.0224 0x0cd4  intelppm - ok
16:38:46.0271 0x0cd4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:38:46.0318 0x0cd4  IPBusEnum - ok
16:38:46.0349 0x0cd4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:38:46.0396 0x0cd4  IpFilterDriver - ok
16:38:46.0489 0x0cd4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:38:46.0520 0x0cd4  iphlpsvc - ok
16:38:46.0598 0x0cd4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:38:46.0614 0x0cd4  IPMIDRV - ok
16:38:46.0676 0x0cd4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:38:46.0739 0x0cd4  IPNAT - ok
16:38:46.0786 0x0cd4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:38:46.0832 0x0cd4  IRENUM - ok
16:38:46.0879 0x0cd4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:38:46.0895 0x0cd4  isapnp - ok
16:38:46.0926 0x0cd4  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:38:46.0942 0x0cd4  iScsiPrt - ok
16:38:46.0988 0x0cd4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:38:46.0988 0x0cd4  kbdclass - ok
16:38:47.0035 0x0cd4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:38:47.0051 0x0cd4  kbdhid - ok
16:38:47.0082 0x0cd4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso          C:\Windows\system32\lsass.exe
16:38:47.0098 0x0cd4  KeyIso - ok
16:38:47.0129 0x0cd4  [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:38:47.0144 0x0cd4  KSecDD - ok
16:38:47.0176 0x0cd4  [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:38:47.0191 0x0cd4  KSecPkg - ok
16:38:47.0254 0x0cd4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:38:47.0316 0x0cd4  KtmRm - ok
16:38:47.0363 0x0cd4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:38:47.0410 0x0cd4  LanmanServer - ok
16:38:47.0472 0x0cd4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:38:47.0519 0x0cd4  LanmanWorkstation - ok
16:38:47.0612 0x0cd4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:38:47.0675 0x0cd4  lltdio - ok
16:38:47.0753 0x0cd4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:38:47.0784 0x0cd4  lltdsvc - ok
16:38:47.0831 0x0cd4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:38:47.0878 0x0cd4  lmhosts - ok
16:38:47.0924 0x0cd4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:38:47.0940 0x0cd4  LSI_FC - ok
16:38:47.0971 0x0cd4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:38:47.0971 0x0cd4  LSI_SAS - ok
16:38:48.0002 0x0cd4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:38:48.0002 0x0cd4  LSI_SAS2 - ok
16:38:48.0034 0x0cd4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:38:48.0065 0x0cd4  LSI_SCSI - ok
16:38:48.0096 0x0cd4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:38:48.0158 0x0cd4  luafv - ok
16:38:48.0221 0x0cd4  [ AB73A39A5E45F465B02C11C500BB0278, 6863B27DA7A0808F232B93CB74ACA09751B6F63FD9FB26EB3FA0282636CE9807 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:38:48.0236 0x0cd4  MBAMProtector - ok
16:38:48.0361 0x0cd4  [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler   C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
16:38:48.0470 0x0cd4  MBAMScheduler - ok
16:38:48.0595 0x0cd4  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
16:38:48.0642 0x0cd4  MBAMService - ok
16:38:48.0720 0x0cd4  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:38:48.0736 0x0cd4  MBAMSwissArmy - ok
16:38:48.0782 0x0cd4  [ 2A1B51A1FE8DC4DC0D52EC700CB02CEF, BF689A361F941F91B63D5F8E54925550333C068F65E59E4DBF0A7B66B8C7EDD6 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:38:48.0814 0x0cd4  MBAMWebAccessControl - ok
16:38:48.0860 0x0cd4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:38:48.0892 0x0cd4  Mcx2Svc - ok
16:38:48.0938 0x0cd4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:38:48.0954 0x0cd4  megasas - ok
16:38:48.0985 0x0cd4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:38:49.0016 0x0cd4  MegaSR - ok
16:38:49.0063 0x0cd4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
16:38:49.0110 0x0cd4  MMCSS - ok
16:38:49.0141 0x0cd4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
16:38:49.0188 0x0cd4  Modem - ok
16:38:49.0235 0x0cd4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:38:49.0282 0x0cd4  monitor - ok
16:38:49.0328 0x0cd4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:38:49.0344 0x0cd4  mouclass - ok
16:38:49.0391 0x0cd4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:38:49.0406 0x0cd4  mouhid - ok
16:38:49.0453 0x0cd4  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:38:49.0484 0x0cd4  mountmgr - ok
16:38:49.0594 0x0cd4  [ AE7DAFFEC2CDF695C95925C4C1F8EC02, 9F6F4FDE4678FD506CEBB4BAC29A4B30CDD391F1554B33530009F69F5EE8DB3A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:38:49.0625 0x0cd4  MozillaMaintenance - ok
16:38:49.0672 0x0cd4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:38:49.0687 0x0cd4  mpio - ok
16:38:49.0734 0x0cd4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:38:49.0765 0x0cd4  mpsdrv - ok
16:38:49.0843 0x0cd4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:38:49.0890 0x0cd4  MpsSvc - ok
16:38:49.0937 0x0cd4  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:38:49.0984 0x0cd4  MRxDAV - ok
16:38:50.0030 0x0cd4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:38:50.0062 0x0cd4  mrxsmb - ok
16:38:50.0093 0x0cd4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:38:50.0140 0x0cd4  mrxsmb10 - ok
16:38:50.0186 0x0cd4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:38:50.0249 0x0cd4  mrxsmb20 - ok
16:38:50.0296 0x0cd4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:38:50.0311 0x0cd4  msahci - ok
16:38:50.0358 0x0cd4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:38:50.0389 0x0cd4  msdsm - ok
16:38:50.0436 0x0cd4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
16:38:50.0467 0x0cd4  MSDTC - ok
16:38:50.0514 0x0cd4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:38:50.0545 0x0cd4  Msfs - ok
16:38:50.0623 0x0cd4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:38:50.0670 0x0cd4  mshidkmdf - ok
16:38:50.0717 0x0cd4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:38:50.0732 0x0cd4  msisadrv - ok
16:38:50.0795 0x0cd4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:38:50.0826 0x0cd4  MSiSCSI - ok
16:38:50.0842 0x0cd4  msiserver - ok
16:38:50.0888 0x0cd4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:38:50.0935 0x0cd4  MSKSSRV - ok
16:38:50.0951 0x0cd4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:38:50.0966 0x0cd4  MSPCLOCK - ok
16:38:50.0998 0x0cd4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:38:51.0044 0x0cd4  MSPQM - ok
16:38:51.0076 0x0cd4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:38:51.0076 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 0E008FC4819D238C51D7C93E7B41E560, sha256: 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2
16:38:51.0091 0x0cd4  MsRPC - detected LockedFile.Multi.Generic ( 1 )
16:38:53.0478 0x0cd4  Detect skipped due to KSN trusted
16:38:53.0478 0x0cd4  MsRPC - ok
16:38:53.0540 0x0cd4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:38:53.0556 0x0cd4  mssmbios - ok
16:38:53.0634 0x0cd4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:38:53.0634 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: B42C6B921F61A6E55159B8BE6CD54A36, sha256: 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C
16:38:53.0650 0x0cd4  MSTEE - detected LockedFile.Multi.Generic ( 1 )
16:38:56.0036 0x0cd4  Detect skipped due to KSN trusted
16:38:56.0036 0x0cd4  MSTEE - ok
16:38:56.0083 0x0cd4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:38:56.0083 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 33599130F44E1F34631CEA241DE8AC84, sha256: E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B
16:38:56.0099 0x0cd4  MTConfig - detected LockedFile.Multi.Generic ( 1 )
16:38:58.0486 0x0cd4  Detect skipped due to KSN trusted
16:38:58.0486 0x0cd4  MTConfig - ok
16:38:58.0532 0x0cd4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:38:58.0532 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: 159FAD02F64E6381758C990F753BCC80, sha256: E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598
16:38:58.0610 0x0cd4  Mup - detected LockedFile.Multi.Generic ( 1 )
16:39:01.0231 0x0cd4  Detect skipped due to KSN trusted
16:39:01.0231 0x0cd4  Mup - ok
16:39:01.0309 0x0cd4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
16:39:01.0372 0x0cd4  napagent - ok
16:39:01.0418 0x0cd4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:39:01.0418 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 26384429FCD85D83746F63E798AB1480, sha256: 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB
16:39:01.0465 0x0cd4  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
16:39:03.0852 0x0cd4  Detect skipped due to KSN trusted
16:39:03.0852 0x0cd4  NativeWifiP - ok
16:39:03.0961 0x0cd4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:39:03.0961 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 8C9C922D71F1CD4DEF73F186416B7896, sha256: 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7
16:39:04.0024 0x0cd4  NDIS - detected LockedFile.Multi.Generic ( 1 )
16:39:06.0395 0x0cd4  Detect skipped due to KSN trusted
16:39:06.0395 0x0cd4  NDIS - ok
16:39:06.0457 0x0cd4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:39:06.0457 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 0E1787AA6C9191D3D319E8BAFE86F80C, sha256: F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278
16:39:06.0473 0x0cd4  NdisCap - detected LockedFile.Multi.Generic ( 1 )
16:39:08.0860 0x0cd4  Detect skipped due to KSN trusted
16:39:08.0860 0x0cd4  NdisCap - ok
16:39:08.0891 0x0cd4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:39:08.0891 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: E4A8AEC125A2E43A9E32AFEEA7C9C888, sha256: 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55
16:39:08.0922 0x0cd4  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
16:39:18.0937 0x0cd4  Object is SCO, delete is not allowed
16:39:18.0937 0x0cd4  NdisTapi ( LockedFile.Multi.Generic ) - warning
16:39:22.0385 0x0cd4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:39:22.0385 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: D8A65DAFB3EB41CBB622745676FCD072, sha256: 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7
16:39:22.0416 0x0cd4  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
16:39:24.0803 0x0cd4  Detect skipped due to KSN trusted
16:39:24.0803 0x0cd4  Ndisuio - ok
16:39:24.0850 0x0cd4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:39:24.0850 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 38FBE267E7E6983311179230FACB1017, sha256: CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14
16:39:24.0881 0x0cd4  NdisWan - detected LockedFile.Multi.Generic ( 1 )
16:39:27.0268 0x0cd4  Detect skipped due to KSN trusted
16:39:27.0268 0x0cd4  NdisWan - ok
16:39:27.0330 0x0cd4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:39:27.0330 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: A4BDC541E69674FBFF1A8FF00BE913F2, sha256: 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA
16:39:27.0361 0x0cd4  NDProxy - detected LockedFile.Multi.Generic ( 1 )
16:39:29.0748 0x0cd4  Detect skipped due to KSN trusted
16:39:29.0748 0x0cd4  NDProxy - ok
16:39:29.0795 0x0cd4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:39:29.0810 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 80B275B1CE3B0E79909DB7B39AF74D51, sha256: 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796
16:39:29.0826 0x0cd4  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
16:39:32.0213 0x0cd4  Detect skipped due to KSN trusted
16:39:32.0213 0x0cd4  NetBIOS - ok
16:39:32.0291 0x0cd4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:39:32.0291 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 280122DDCF04B378EDD1AD54D71C1E54, sha256: F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0
16:39:32.0353 0x0cd4  NetBT - detected LockedFile.Multi.Generic ( 1 )
16:39:34.0740 0x0cd4  Detect skipped due to KSN trusted
16:39:34.0740 0x0cd4  NetBT - ok
16:39:34.0802 0x0cd4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] Netlogon        C:\Windows\system32\lsass.exe
16:39:34.0818 0x0cd4  Netlogon - ok
16:39:34.0880 0x0cd4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
16:39:34.0912 0x0cd4  Netman - ok
16:39:34.0974 0x0cd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:39:35.0005 0x0cd4  NetMsmqActivator - ok
16:39:35.0036 0x0cd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:39:35.0052 0x0cd4  NetPipeActivator - ok
16:39:35.0130 0x0cd4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
16:39:35.0177 0x0cd4  netprofm - ok
16:39:35.0224 0x0cd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:39:35.0255 0x0cd4  NetTcpActivator - ok
16:39:35.0302 0x0cd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:39:35.0333 0x0cd4  NetTcpPortSharing - ok
16:39:35.0364 0x0cd4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:39:35.0364 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 1D85C4B390B0EE09C7A46B91EFB2C097, sha256: 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348
16:39:35.0411 0x0cd4  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
16:39:37.0782 0x0cd4  Detect skipped due to KSN trusted
16:39:37.0782 0x0cd4  nfrd960 - ok
16:39:37.0860 0x0cd4  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:39:37.0876 0x0cd4  NlaSvc - ok
16:39:37.0922 0x0cd4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:39:37.0922 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1DB262A9F8C087E8153D89BEF3D2235F, sha256: A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101
16:39:37.0954 0x0cd4  Npfs - detected LockedFile.Multi.Generic ( 1 )
16:39:40.0325 0x0cd4  Detect skipped due to KSN trusted
16:39:40.0325 0x0cd4  Npfs - ok
16:39:40.0372 0x0cd4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
16:39:40.0418 0x0cd4  nsi - ok
16:39:40.0450 0x0cd4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:39:40.0450 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E9A0A4D07E53D8FEA2BB8387A3293C58, sha256: 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A
16:39:40.0481 0x0cd4  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
16:39:42.0852 0x0cd4  Detect skipped due to KSN trusted
16:39:42.0852 0x0cd4  nsiproxy - ok
16:39:42.0961 0x0cd4  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:39:42.0961 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: C8DFF8D07755A66C7A4A738930F0FEAC, sha256: A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA
16:39:43.0008 0x0cd4  Ntfs - detected LockedFile.Multi.Generic ( 1 )
16:39:45.0395 0x0cd4  Detect skipped due to KSN trusted
16:39:45.0395 0x0cd4  Ntfs - ok
16:39:45.0426 0x0cd4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
16:39:45.0426 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: F9756A98D69098DCA8945D62858A812C, sha256: 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045
16:39:45.0457 0x0cd4  Null - detected LockedFile.Multi.Generic ( 1 )
16:39:47.0844 0x0cd4  Detect skipped due to KSN trusted
16:39:47.0844 0x0cd4  Null - ok
16:39:48.0094 0x0cd4  [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
16:39:48.0094 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvm62x32.sys. md5: B5E37E31C053BC9950455A257526514B, sha256: 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B
16:39:48.0140 0x0cd4  NVENETFD - detected LockedFile.Multi.Generic ( 1 )
16:39:50.0512 0x0cd4  Detect skipped due to KSN trusted
16:39:50.0512 0x0cd4  NVENETFD - ok
16:39:50.0933 0x0cd4  [ B69E6F70CE1151C8D62ABC9DEF64DFBE, B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:39:50.0933 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: B69E6F70CE1151C8D62ABC9DEF64DFBE, sha256: B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B
16:39:50.0995 0x0cd4  nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
16:39:53.0382 0x0cd4  Detect skipped due to KSN trusted
16:39:53.0398 0x0cd4  nvlddmkm - ok
16:39:53.0444 0x0cd4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:39:53.0444 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: B3E25EE28883877076E0E1FF877D02E0, sha256: 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C
16:39:53.0491 0x0cd4  nvraid - detected LockedFile.Multi.Generic ( 1 )
16:39:55.0862 0x0cd4  Detect skipped due to KSN trusted
16:39:55.0862 0x0cd4  nvraid - ok
16:39:56.0065 0x0cd4  [ C44EE36DD84FA95EB81D79C374756003, 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
16:39:56.0065 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: C44EE36DD84FA95EB81D79C374756003, sha256: 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682
16:39:56.0096 0x0cd4  nvsmu - detected LockedFile.Multi.Generic ( 1 )
16:39:58.0483 0x0cd4  Detect skipped due to KSN trusted
16:39:58.0483 0x0cd4  nvsmu - ok
16:39:58.0561 0x0cd4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:39:58.0561 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: 4380E59A170D88C4F1022EFF6719A8A4, sha256: 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2
16:39:58.0608 0x0cd4  nvstor - detected LockedFile.Multi.Generic ( 1 )
16:40:00.0979 0x0cd4  Detect skipped due to KSN trusted
16:40:00.0979 0x0cd4  nvstor - ok
16:40:01.0088 0x0cd4  [ E4284FCF99FEA13A7E1836F87AE356F6, 541C40DD3483810632320E8F23427BB52593D156E876C6023BE7F7A8589383E8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:40:01.0135 0x0cd4  nvsvc - ok
16:40:01.0291 0x0cd4  [ 03E60E0BFA53ED15DC984FA34B44BB0F, 50ABF2E303B9A2B6DDD0DB411C24C3CD6CC30AFA664B5682CF9189F96548CC10 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:40:01.0354 0x0cd4  nvUpdatusService - ok
16:40:01.0416 0x0cd4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:40:01.0416 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 5A0983915F02BAE73267CC2A041F717D, sha256: D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8
16:40:01.0447 0x0cd4  nv_agp - detected LockedFile.Multi.Generic ( 1 )
16:40:03.0834 0x0cd4  Detect skipped due to KSN trusted
16:40:03.0834 0x0cd4  nv_agp - ok
16:40:04.0084 0x0cd4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:40:04.0084 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 08A70A1F2CDDE9BB49B885CB817A66EB, sha256: 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63
16:40:04.0115 0x0cd4  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
16:40:06.0486 0x0cd4  Detect skipped due to KSN trusted
16:40:06.0486 0x0cd4  ohci1394 - ok
16:40:06.0564 0x0cd4  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:40:06.0580 0x0cd4  ose - ok
16:40:06.0626 0x0cd4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:40:06.0658 0x0cd4  p2pimsvc - ok
16:40:06.0720 0x0cd4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:40:06.0736 0x0cd4  p2psvc - ok
16:40:06.0782 0x0cd4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:40:06.0782 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 2EA877ED5DD9713C5AC74E8EA7348D14, sha256: 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE
16:40:06.0798 0x0cd4  Parport - detected LockedFile.Multi.Generic ( 1 )
16:40:09.0185 0x0cd4  Detect skipped due to KSN trusted
16:40:09.0185 0x0cd4  Parport - ok
16:40:09.0232 0x0cd4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:40:09.0232 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 3F34A1B4C5F6475F320C275E63AFCE9B, sha256: 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B
16:40:09.0247 0x0cd4  partmgr - detected LockedFile.Multi.Generic ( 1 )
16:40:11.0634 0x0cd4  Detect skipped due to KSN trusted
16:40:11.0634 0x0cd4  partmgr - ok
16:40:11.0681 0x0cd4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:40:11.0681 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parvdm.sys. md5: EB0A59F29C19B86479D36B35983DAADC, sha256: AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8
16:40:11.0681 0x0cd4  Parvdm - detected LockedFile.Multi.Generic ( 1 )
16:40:14.0068 0x0cd4  Detect skipped due to KSN trusted
16:40:14.0068 0x0cd4  Parvdm - ok
16:40:14.0130 0x0cd4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:40:14.0161 0x0cd4  PcaSvc - ok
16:40:14.0208 0x0cd4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
16:40:14.0208 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 673E55C3498EB970088E812EA820AA8F, sha256: 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5
16:40:14.0239 0x0cd4  pci - detected LockedFile.Multi.Generic ( 1 )
16:40:16.0626 0x0cd4  Detect skipped due to KSN trusted
16:40:16.0626 0x0cd4  pci - ok
16:40:16.0688 0x0cd4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:40:16.0688 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: AFE86F419014DB4E5593F69FFE26CE0A, sha256: CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00
16:40:16.0704 0x0cd4  pciide - detected LockedFile.Multi.Generic ( 1 )
16:40:19.0091 0x0cd4  Detect skipped due to KSN trusted
16:40:19.0091 0x0cd4  pciide - ok
16:40:19.0169 0x0cd4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:40:19.0169 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: F396431B31693E71E8A80687EF523506, sha256: BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B
16:40:19.0200 0x0cd4  pcmcia - detected LockedFile.Multi.Generic ( 1 )
16:40:21.0571 0x0cd4  Detect skipped due to KSN trusted
16:40:21.0571 0x0cd4  pcmcia - ok
16:40:21.0602 0x0cd4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:40:21.0602 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: 250F6B43D2B613172035C6747AEEB19F, sha256: A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9
16:40:21.0602 0x0cd4  pcw - detected LockedFile.Multi.Generic ( 1 )
16:40:31.0618 0x0cd4  pcw ( LockedFile.Multi.Generic ) - warning
16:40:31.0618 0x0cd4  Force sending object to P2P due to detect: pcw
16:40:35.0112 0x0cd4  Object send P2P result: true
16:40:37.0592 0x0cd4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:40:37.0592 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 9E0104BA49F4E6973749A02BF41344ED, sha256: B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116
16:40:37.0639 0x0cd4  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
16:40:40.0010 0x0cd4  Detect skipped due to KSN trusted
16:40:40.0010 0x0cd4  PEAUTH - ok
16:40:40.0182 0x0cd4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
16:40:40.0260 0x0cd4  pla - ok
16:40:40.0354 0x0cd4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:40:40.0369 0x0cd4  PlugPlay - ok
16:40:40.0416 0x0cd4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:40:40.0432 0x0cd4  PNRPAutoReg - ok
16:40:40.0463 0x0cd4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:40:40.0478 0x0cd4  PNRPsvc - ok
16:40:40.0556 0x0cd4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:40:40.0603 0x0cd4  PolicyAgent - ok
16:40:40.0650 0x0cd4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
16:40:40.0681 0x0cd4  Power - ok
16:40:40.0728 0x0cd4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:40:40.0728 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 631E3E205AD6D86F2AED6A4A8E69F2DB, sha256: 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065
16:40:40.0744 0x0cd4  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
16:40:43.0130 0x0cd4  Detect skipped due to KSN trusted
16:40:43.0130 0x0cd4  PptpMiniport - ok
16:40:43.0193 0x0cd4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:40:43.0193 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 85B1E3A0C7585BC4AAE6899EC6FCF011, sha256: 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3
16:40:43.0224 0x0cd4  Processor - detected LockedFile.Multi.Generic ( 1 )
16:40:45.0595 0x0cd4  Detect skipped due to KSN trusted
16:40:45.0595 0x0cd4  Processor - ok
16:40:45.0673 0x0cd4  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:40:45.0704 0x0cd4  ProfSvc - ok
16:40:45.0720 0x0cd4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:40:45.0736 0x0cd4  ProtectedStorage - ok
16:40:45.0767 0x0cd4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:40:45.0767 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 6270CCAE2A86DE6D146529FE55B3246A, sha256: 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883
16:40:45.0782 0x0cd4  Psched - detected LockedFile.Multi.Generic ( 1 )
16:40:48.0169 0x0cd4  Detect skipped due to KSN trusted
16:40:48.0169 0x0cd4  Psched - o

Steffen 70 · 01.04.2015, 15:55

Code:

ATTFilter

16:40:48.0310 0x0cd4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:40:48.0310 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: AB95ECF1F6659A60DDC166D8315B0751, sha256: 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D
16:40:48.0356 0x0cd4  ql2300 - detected LockedFile.Multi.Generic ( 1 )
16:40:50.0743 0x0cd4  Detect skipped due to KSN trusted
16:40:50.0743 0x0cd4  ql2300 - ok
16:40:50.0774 0x0cd4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:40:50.0774 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: B4DD51DD25182244B86737DC51AF2270, sha256: 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B
16:40:50.0774 0x0cd4  ql40xx - detected LockedFile.Multi.Generic ( 1 )
16:40:53.0161 0x0cd4  Detect skipped due to KSN trusted
16:40:53.0161 0x0cd4  ql40xx - ok
16:40:53.0239 0x0cd4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
16:40:53.0270 0x0cd4  QWAVE - ok
16:40:53.0302 0x0cd4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:40:53.0302 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 584078CA1B95CA72DF2A27C336F9719D, sha256: 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121
16:40:53.0317 0x0cd4  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
16:40:55.0688 0x0cd4  Detect skipped due to KSN trusted
16:40:55.0688 0x0cd4  QWAVEdrv - ok
16:40:55.0720 0x0cd4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:40:55.0720 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 30A81B53C766D0133BB86D234E5556AB, sha256: 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090
16:40:55.0720 0x0cd4  RasAcd - detected LockedFile.Multi.Generic ( 1 )
16:40:58.0106 0x0cd4  Detect skipped due to KSN trusted
16:40:58.0106 0x0cd4  RasAcd - ok
16:40:58.0169 0x0cd4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:40:58.0169 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 57EC4AEF73660166074D8F7F31C0D4FD, sha256: C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF
16:40:58.0184 0x0cd4  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
16:41:00.0571 0x0cd4  Detect skipped due to KSN trusted
16:41:00.0571 0x0cd4  RasAgileVpn - ok
16:41:00.0634 0x0cd4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
16:41:00.0680 0x0cd4  RasAuto - ok
16:41:00.0712 0x0cd4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:41:00.0712 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: D9F91EAFEC2815365CBE6D167E4E332A, sha256: 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C
16:41:00.0727 0x0cd4  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
16:41:03.0114 0x0cd4  Detect skipped due to KSN trusted
16:41:03.0114 0x0cd4  Rasl2tp - ok
16:41:03.0192 0x0cd4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
16:41:03.0239 0x0cd4  RasMan - ok
16:41:03.0286 0x0cd4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:41:03.0286 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 0FE8B15916307A6AC12BFB6A63E45507, sha256: 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E
16:41:03.0301 0x0cd4  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
16:41:05.0688 0x0cd4  Detect skipped due to KSN trusted
16:41:05.0688 0x0cd4  RasPppoe - ok
16:41:05.0735 0x0cd4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:41:05.0735 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: 44101F495A83EA6401D886E7FD70096B, sha256: 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A
16:41:05.0750 0x0cd4  RasSstp - detected LockedFile.Multi.Generic ( 1 )
16:41:08.0137 0x0cd4  Detect skipped due to KSN trusted
16:41:08.0137 0x0cd4  RasSstp - ok
16:41:08.0200 0x0cd4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:41:08.0200 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: D528BC58A489409BA40334EBF96A311B, sha256: C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61
16:41:08.0231 0x0cd4  rdbss - detected LockedFile.Multi.Generic ( 1 )
16:41:10.0618 0x0cd4  Detect skipped due to KSN trusted
16:41:10.0618 0x0cd4  rdbss - ok
16:41:10.0680 0x0cd4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:41:10.0680 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 0D8F05481CB76E70E1DA06EE9F0DA9DF, sha256: 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB
16:41:10.0696 0x0cd4  rdpbus - detected LockedFile.Multi.Generic ( 1 )
16:41:13.0067 0x0cd4  Detect skipped due to KSN trusted
16:41:13.0067 0x0cd4  rdpbus - ok
16:41:13.0129 0x0cd4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:41:13.0129 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 23DAE03F29D253AE74C44F99E515F9A1, sha256: 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430
16:41:13.0160 0x0cd4  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
16:41:15.0532 0x0cd4  Detect skipped due to KSN trusted
16:41:15.0532 0x0cd4  RDPCDD - ok
16:41:15.0578 0x0cd4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:41:15.0578 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: 5A53CA1598DD4156D44196D200C94B8A, sha256: 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4
16:41:15.0610 0x0cd4  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
16:41:18.0168 0x0cd4  Detect skipped due to KSN trusted
16:41:18.0168 0x0cd4  RDPENCDD - ok
16:41:18.0262 0x0cd4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:41:18.0262 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 44B0A53CD4F27D50ED461DAE0C0B4E1F, sha256: CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91
16:41:18.0293 0x0cd4  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
16:41:20.0680 0x0cd4  Detect skipped due to KSN trusted
16:41:20.0680 0x0cd4  RDPREFMP - ok
16:41:20.0742 0x0cd4  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:41:20.0742 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: CD9214A6AE17D188D17C3CF8CB9CC693, sha256: 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60
16:41:20.0773 0x0cd4  RDPWD - detected LockedFile.Multi.Generic ( 1 )
16:41:23.0160 0x0cd4  Detect skipped due to KSN trusted
16:41:23.0160 0x0cd4  RDPWD - ok
16:41:23.0238 0x0cd4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:41:23.0238 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 518395321DC96FE2C9F0E96AC743B656, sha256: 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776
16:41:23.0285 0x0cd4  rdyboost - detected LockedFile.Multi.Generic ( 1 )
16:41:25.0672 0x0cd4  Detect skipped due to KSN trusted
16:41:25.0672 0x0cd4  rdyboost - ok
16:41:25.0718 0x0cd4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:41:25.0765 0x0cd4  RemoteAccess - ok
16:41:25.0812 0x0cd4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:41:25.0843 0x0cd4  RemoteRegistry - ok
16:41:25.0874 0x0cd4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:41:25.0906 0x0cd4  RpcEptMapper - ok
16:41:25.0937 0x0cd4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
16:41:25.0937 0x0cd4  RpcLocator - ok
16:41:25.0999 0x0cd4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
16:41:26.0046 0x0cd4  RpcSs - ok
16:41:26.0108 0x0cd4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:41:26.0108 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 032B0D36AD92B582D869879F5AF5B928, sha256: 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184
16:41:26.0140 0x0cd4  rspndr - detected LockedFile.Multi.Generic ( 1 )
16:41:28.0526 0x0cd4  Detect skipped due to KSN trusted
16:41:28.0526 0x0cd4  rspndr - ok
16:41:28.0573 0x0cd4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] SamSs           C:\Windows\system32\lsass.exe
16:41:28.0604 0x0cd4  SamSs - ok
16:41:28.0636 0x0cd4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:41:28.0636 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: 05D860DA1040F111503AC416CCEF2BCA, sha256: DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E
16:41:28.0651 0x0cd4  sbp2port - detected LockedFile.Multi.Generic ( 1 )
16:41:31.0038 0x0cd4  Detect skipped due to KSN trusted
16:41:31.0038 0x0cd4  sbp2port - ok
16:41:31.0116 0x0cd4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:41:31.0163 0x0cd4  SCardSvr - ok
16:41:31.0194 0x0cd4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:41:31.0194 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 0693B5EC673E34DC147E195779A4DCF6, sha256: AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670
16:41:31.0225 0x0cd4  scfilter - detected LockedFile.Multi.Generic ( 1 )
16:41:33.0596 0x0cd4  Detect skipped due to KSN trusted
16:41:33.0596 0x0cd4  scfilter - ok
16:41:33.0706 0x0cd4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
16:41:33.0737 0x0cd4  Schedule - ok
16:41:33.0799 0x0cd4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:41:33.0830 0x0cd4  SCPolicySvc - ok
16:41:33.0893 0x0cd4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:41:33.0924 0x0cd4  SDRSVC - ok
16:41:33.0955 0x0cd4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:41:33.0955 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 90A3935D05B494A5A39D37E71F09A677, sha256: F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952
16:41:33.0986 0x0cd4  secdrv - detected LockedFile.Multi.Generic ( 1 )
16:41:44.0002 0x0cd4  secdrv ( LockedFile.Multi.Generic ) - warning
16:41:44.0002 0x0cd4  Force sending object to P2P due to detect: secdrv
16:41:48.0557 0x0cd4  Object send P2P result: true
16:41:51.0396 0x0cd4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
16:41:51.0443 0x0cd4  seclogon - ok
16:41:51.0490 0x0cd4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
16:41:51.0521 0x0cd4  SENS - ok
16:41:51.0552 0x0cd4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:41:51.0568 0x0cd4  SensrSvc - ok
16:41:51.0583 0x0cd4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:41:51.0583 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: 9AD8B8B515E3DF6ACD4212EF465DE2D1, sha256: E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86
16:41:51.0614 0x0cd4  Serenum - detected LockedFile.Multi.Generic ( 1 )
16:41:53.0986 0x0cd4  Detect skipped due to KSN trusted
16:41:53.0986 0x0cd4  Serenum - ok
16:41:54.0032 0x0cd4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:41:54.0032 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: 5FB7FCEA0490D821F26F39CC5EA3D1E2, sha256: A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F
16:41:54.0032 0x0cd4  Serial - detected LockedFile.Multi.Generic ( 1 )
16:41:56.0419 0x0cd4  Detect skipped due to KSN trusted
16:41:56.0419 0x0cd4  Serial - ok
16:41:56.0497 0x0cd4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:41:56.0497 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 79BFFB520327FF916A582DFEA17AA813, sha256: 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C
16:41:56.0513 0x0cd4  sermouse - detected LockedFile.Multi.Generic ( 1 )
16:41:58.0884 0x0cd4  Detect skipped due to KSN trusted
16:41:58.0884 0x0cd4  sermouse - ok
16:41:59.0165 0x0cd4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:41:59.0212 0x0cd4  SessionEnv - ok
16:41:59.0258 0x0cd4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:41:59.0258 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: 9F976E1EB233DF46FCE808D9DEA3EB9C, sha256: 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75
16:41:59.0305 0x0cd4  sffdisk - detected LockedFile.Multi.Generic ( 1 )
16:42:01.0692 0x0cd4  Detect skipped due to KSN trusted
16:42:01.0692 0x0cd4  sffdisk - ok
16:42:01.0723 0x0cd4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:42:01.0723 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 932A68EE27833CFD57C1639D375F2731, sha256: 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3
16:42:01.0739 0x0cd4  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
16:42:04.0126 0x0cd4  Detect skipped due to KSN trusted
16:42:04.0126 0x0cd4  sffp_mmc - ok
16:42:04.0157 0x0cd4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:42:04.0157 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: 6D4CCAEDC018F1CF52866BBBAA235982, sha256: AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131
16:42:04.0157 0x0cd4  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
16:42:06.0544 0x0cd4  Detect skipped due to KSN trusted
16:42:06.0544 0x0cd4  sffp_sd - ok
16:42:06.0590 0x0cd4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:42:06.0590 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: DB96666CC8312EBC45032F30B007A547, sha256: C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7
16:42:06.0590 0x0cd4  sfloppy - detected LockedFile.Multi.Generic ( 1 )
16:42:08.0993 0x0cd4  Detect skipped due to KSN trusted
16:42:08.0993 0x0cd4  sfloppy - ok
16:42:09.0164 0x0cd4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:42:09.0227 0x0cd4  SharedAccess - ok
16:42:09.0289 0x0cd4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:42:09.0352 0x0cd4  ShellHWDetection - ok
16:42:09.0430 0x0cd4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:42:09.0430 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sisagp.sys. md5: 2565CAC0DC9FE0371BDCE60832582B2E, sha256: 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D
16:42:09.0445 0x0cd4  sisagp - detected LockedFile.Multi.Generic ( 1 )
16:42:11.0832 0x0cd4  Detect skipped due to KSN trusted
16:42:11.0832 0x0cd4  sisagp - ok
16:42:11.0879 0x0cd4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:42:11.0879 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: A9F0486851BECB6DDA1D89D381E71055, sha256: 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35
16:42:11.0926 0x0cd4  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
16:42:14.0297 0x0cd4  Detect skipped due to KSN trusted
16:42:14.0297 0x0cd4  SiSRaid2 - ok
16:42:14.0359 0x0cd4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:42:14.0359 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 3727097B55738E2F554972C3BE5BC1AA, sha256: 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566
16:42:14.0390 0x0cd4  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
16:42:16.0762 0x0cd4  Detect skipped due to KSN trusted
16:42:16.0762 0x0cd4  SiSRaid4 - ok
16:42:16.0808 0x0cd4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:42:16.0808 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 3E21C083B8A01CB70BA1F09303010FCE, sha256: 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197
16:42:16.0840 0x0cd4  Smb - detected LockedFile.Multi.Generic ( 1 )
16:42:19.0211 0x0cd4  Detect skipped due to KSN trusted
16:42:19.0211 0x0cd4  Smb - ok
16:42:19.0273 0x0cd4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:42:19.0304 0x0cd4  SNMPTRAP - ok
16:42:19.0351 0x0cd4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:42:19.0351 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: 95CF1AE7527FB70F7816563CBC09D942, sha256: CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65
16:42:19.0382 0x0cd4  spldr - detected LockedFile.Multi.Generic ( 1 )
16:42:21.0769 0x0cd4  Detect skipped due to KSN trusted
16:42:21.0769 0x0cd4  spldr - ok
16:42:21.0832 0x0cd4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
16:42:21.0863 0x0cd4  Spooler - ok
16:42:22.0050 0x0cd4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
16:42:22.0159 0x0cd4  sppsvc - ok
16:42:22.0222 0x0cd4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:42:22.0268 0x0cd4  sppuinotify - ok
16:42:22.0331 0x0cd4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:42:22.0331 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: E4C2764065D66EA1D2D3EBC28FE99C46, sha256: 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5
16:42:22.0362 0x0cd4  srv - detected LockedFile.Multi.Generic ( 1 )
16:42:24.0749 0x0cd4  Detect skipped due to KSN trusted
16:42:24.0749 0x0cd4  srv - ok
16:42:24.0827 0x0cd4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:42:24.0827 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: 03F0545BD8D4C77FA0AE1CEEDFCC71AB, sha256: 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0
16:42:24.0842 0x0cd4  srv2 - detected LockedFile.Multi.Generic ( 1 )
16:42:27.0214 0x0cd4  Detect skipped due to KSN trusted
16:42:27.0214 0x0cd4  srv2 - ok
16:42:27.0276 0x0cd4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:42:27.0276 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: BE6BD660CAA6F291AE06A718A4FA8ABC, sha256: CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59
16:42:27.0307 0x0cd4  srvnet - detected LockedFile.Multi.Generic ( 1 )
16:42:29.0694 0x0cd4  Detect skipped due to KSN trusted
16:42:29.0694 0x0cd4  srvnet - ok
16:42:29.0756 0x0cd4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:42:29.0803 0x0cd4  SSDPSRV - ok
16:42:29.0819 0x0cd4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:42:29.0850 0x0cd4  SstpSvc - ok
16:42:29.0959 0x0cd4  [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:42:29.0990 0x0cd4  Stereo Service - ok
16:42:30.0053 0x0cd4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:42:30.0053 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: DB32D325C192B801DF274BFD12A7E72B, sha256: F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA
16:42:30.0100 0x0cd4  stexstor - detected LockedFile.Multi.Generic ( 1 )
16:42:32.0486 0x0cd4  Detect skipped due to KSN trusted
16:42:32.0486 0x0cd4  stexstor - ok
16:42:32.0580 0x0cd4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:42:32.0627 0x0cd4  StiSvc - ok
16:42:32.0674 0x0cd4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:42:32.0674 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: E58C78A848ADD9610A4DB6D214AF5224, sha256: 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426
16:42:32.0689 0x0cd4  swenum - detected LockedFile.Multi.Generic ( 1 )
16:42:35.0076 0x0cd4  Detect skipped due to KSN trusted
16:42:35.0076 0x0cd4  swenum - ok
16:42:35.0138 0x0cd4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
16:42:35.0185 0x0cd4  swprv - ok
16:42:35.0310 0x0cd4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
16:42:35.0404 0x0cd4  SysMain - ok
16:42:35.0450 0x0cd4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
16:42:35.0466 0x0cd4  TabletInputService - ok
16:42:35.0528 0x0cd4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:42:35.0560 0x0cd4  TapiSrv - ok
16:42:35.0606 0x0cd4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
16:42:35.0653 0x0cd4  TBS - ok
16:42:35.0794 0x0cd4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:42:35.0794 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
16:42:35.0856 0x0cd4  Tcpip - detected LockedFile.Multi.Generic ( 1 )
16:42:38.0227 0x0cd4  Detect skipped due to KSN trusted
16:42:38.0227 0x0cd4  Tcpip - ok
16:42:38.0336 0x0cd4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:42:38.0336 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
16:42:38.0383 0x0cd4  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
16:42:38.0383 0x0cd4  Detect skipped due to KSN trusted
16:42:38.0383 0x0cd4  TCPIP6 - ok
16:42:38.0446 0x0cd4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:42:38.0446 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 3EEBD3BD93DA46A26E89893C7AB2FF3B, sha256: 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E
16:42:38.0446 0x0cd4  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
16:42:40.0832 0x0cd4  Detect skipped due to KSN trusted
16:42:40.0832 0x0cd4  tcpipreg - ok
16:42:40.0879 0x0cd4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:42:40.0879 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 1CB91B2BD8F6DD367DFC2EF26FD751B2, sha256: 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954
16:42:40.0910 0x0cd4  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
16:42:43.0297 0x0cd4  Detect skipped due to KSN trusted
16:42:43.0297 0x0cd4  TDPIPE - ok
16:42:43.0344 0x0cd4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:42:43.0344 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 2C2C5AFE7EE4F620D69C23C0617651A8, sha256: E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103
16:42:43.0360 0x0cd4  TDTCP - detected LockedFile.Multi.Generic ( 1 )
16:42:45.0731 0x0cd4  Detect skipped due to KSN trusted
16:42:45.0731 0x0cd4  TDTCP - ok
16:42:45.0778 0x0cd4  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:42:45.0778 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 7FE680A3DFA421C4A8E4879AE4C5AAB0, sha256: A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD
16:42:45.0809 0x0cd4  tdx - detected LockedFile.Multi.Generic ( 1 )
16:42:48.0180 0x0cd4  Detect skipped due to KSN trusted
16:42:48.0180 0x0cd4  tdx - ok
16:42:48.0242 0x0cd4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:42:48.0242 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 04DBF4B01EA4BF25A9A3E84AFFAC9B20, sha256: 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663
16:42:48.0274 0x0cd4  TermDD - detected LockedFile.Multi.Generic ( 1 )
16:42:58.0289 0x0cd4  Object is SCO, delete is not allowed
16:42:58.0289 0x0cd4  TermDD ( LockedFile.Multi.Generic ) - warning
16:43:04.0856 0x0cd4  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
16:43:04.0903 0x0cd4  TermService - ok
16:43:04.0950 0x0cd4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
16:43:04.0981 0x0cd4  Themes - ok
16:43:05.0012 0x0cd4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:43:05.0044 0x0cd4  THREADORDER - ok
16:43:05.0090 0x0cd4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
16:43:05.0122 0x0cd4  TrkWks - ok
16:43:05.0184 0x0cd4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:43:05.0231 0x0cd4  TrustedInstaller - ok
16:43:05.0278 0x0cd4  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:05.0278 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 6C5139E4283249518F7743D7043775B3, sha256: 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F
16:43:05.0309 0x0cd4  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
16:43:07.0680 0x0cd4  Detect skipped due to KSN trusted
16:43:07.0680 0x0cd4  tssecsrv - ok
16:43:07.0758 0x0cd4  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:43:07.0758 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: FD1D6C73E6333BE727CBCC6054247654, sha256: 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E
16:43:07.0805 0x0cd4  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
16:43:10.0192 0x0cd4  Detect skipped due to KSN trusted
16:43:10.0192 0x0cd4  TsUsbFlt - ok
16:43:10.0270 0x0cd4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:43:10.0270 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: B2FA25D9B17A68BB93D58B0556E8C90D, sha256: 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE
16:43:10.0285 0x0cd4  tunnel - detected LockedFile.Multi.Generic ( 1 )
16:43:12.0688 0x0cd4  Detect skipped due to KSN trusted
16:43:12.0688 0x0cd4  tunnel - ok
16:43:12.0734 0x0cd4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:43:12.0734 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: 750FBCB269F4D7DD2E420C56B795DB6D, sha256: E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7
16:43:12.0766 0x0cd4  uagp35 - detected LockedFile.Multi.Generic ( 1 )
16:43:16.0666 0x0cd4  Detect skipped due to KSN trusted
16:43:16.0666 0x0cd4  uagp35 - ok
16:43:16.0728 0x0cd4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:43:16.0728 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: EE43346C7E4B5E63E54F927BABBB32FF, sha256: BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9
16:43:16.0759 0x0cd4  udfs - detected LockedFile.Multi.Generic ( 1 )
16:43:19.0146 0x0cd4  Detect skipped due to KSN trusted
16:43:19.0146 0x0cd4  udfs - ok
16:43:19.0208 0x0cd4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:43:19.0224 0x0cd4  UI0Detect - ok
16:43:19.0271 0x0cd4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:43:19.0271 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 44E8048ACE47BEFBFDC2E9BE4CBC8880, sha256: 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C
16:43:19.0302 0x0cd4  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
16:43:21.0689 0x0cd4  Detect skipped due to KSN trusted
16:43:21.0689 0x0cd4  uliagpkx - ok
16:43:21.0751 0x0cd4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:43:21.0751 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: D295BED4B898F0FD999FCFA9B32B071B, sha256: D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2
16:43:21.0798 0x0cd4  umbus - detected LockedFile.Multi.Generic ( 1 )
16:43:24.0169 0x0cd4  Detect skipped due to KSN trusted
16:43:24.0169 0x0cd4  umbus - ok
16:43:24.0216 0x0cd4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:43:24.0216 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: 7550AD0C6998BA1CB4843E920EE0FEAC, sha256: 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D
16:43:24.0232 0x0cd4  UmPass - detected LockedFile.Multi.Generic ( 1 )
16:43:26.0634 0x0cd4  Detect skipped due to KSN trusted
16:43:26.0634 0x0cd4  UmPass - ok
16:43:26.0712 0x0cd4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
16:43:26.0759 0x0cd4  upnphost - ok
16:43:26.0790 0x0cd4  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:43:26.0790 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 0803FBA9FE829D61AE26EC0BCC910C46, sha256: 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B
16:43:26.0821 0x0cd4  usbccgp - detected LockedFile.Multi.Generic ( 1 )
16:43:29.0224 0x0cd4  Detect skipped due to KSN trusted
16:43:29.0224 0x0cd4  usbccgp - ok
16:43:29.0255 0x0cd4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:43:29.0255 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 2352AB5F9F8F097BF9D41D5A4718A041, sha256: 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C
16:43:29.0286 0x0cd4  usbcir - detected LockedFile.Multi.Generic ( 1 )
16:43:31.0673 0x0cd4  Detect skipped due to KSN trusted
16:43:31.0673 0x0cd4  usbcir - ok
16:43:31.0735 0x0cd4  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:43:31.0735 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: D40855F89B69305140BBD7E9A3BA2DA6, sha256: 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C
16:43:31.0766 0x0cd4  usbehci - detected LockedFile.Multi.Generic ( 1 )
16:43:34.0153 0x0cd4  Detect skipped due to KSN trusted
16:43:34.0153 0x0cd4  usbehci - ok
16:43:34.0247 0x0cd4  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:43:34.0247 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: EDF2DF71C4F1E13A6AC75F5224DE655A, sha256: 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C
16:43:34.0309 0x0cd4  usbhub - detected LockedFile.Multi.Generic ( 1 )
16:43:36.0712 0x0cd4  Detect skipped due to KSN trusted
16:43:36.0712 0x0cd4  usbhub - ok
16:43:36.0758 0x0cd4  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:43:36.0758 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9828C8D14CC2676421778F0DE638CF97, sha256: 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453
16:43:36.0774 0x0cd4  usbohci - detected LockedFile.Multi.Generic ( 1 )
16:43:39.0161 0x0cd4  Detect skipped due to KSN trusted
16:43:39.0161 0x0cd4  usbohci - ok
16:43:39.0223 0x0cd4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:43:39.0223 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 797D862FE0875E75C7CC4C1AD7B30252, sha256: 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069
16:43:39.0254 0x0cd4  usbprint - detected LockedFile.Multi.Generic ( 1 )
16:43:41.0641 0x0cd4  Detect skipped due to KSN trusted
16:43:41.0641 0x0cd4  usbprint - ok
16:43:41.0688 0x0cd4  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:43:41.0688 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: 576096CCBC07E7C4EA4F5E6686D6888F, sha256: 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED
16:43:41.0719 0x0cd4  usbscan - detected LockedFile.Multi.Generic ( 1 )
16:43:45.0619 0x0cd4  Detect skipped due to KSN trusted
16:43:45.0619 0x0cd4  usbscan - ok
16:43:45.0682 0x0cd4  [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
16:43:45.0682 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser.sys. md5: 007C0C8D5B01D82ACEB70431D15083F6, sha256: 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C
16:43:45.0713 0x0cd4  usbser - detected LockedFile.Multi.Generic ( 1 )
16:43:48.0100 0x0cd4  Detect skipped due to KSN trusted
16:43:48.0100 0x0cd4  usbser - ok
16:43:48.0131 0x0cd4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
16:43:48.0131 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\USBSTOR.SYS. md5: F991AB9CC6B908DB552166768176896A, sha256: AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026
16:43:48.0162 0x0cd4  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
16:43:50.0549 0x0cd4  Detect skipped due to KSN trusted
16:43:50.0549 0x0cd4  USBSTOR - ok
16:43:50.0596 0x0cd4  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:43:50.0596 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: 800AABFD625EEFF899F7E5496BDE37AB, sha256: 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2
16:43:50.0611 0x0cd4  usbuhci - detected LockedFile.Multi.Generic ( 1 )
16:43:52.0998 0x0cd4  Detect skipped due to KSN trusted
16:43:52.0998 0x0cd4  usbuhci - ok
16:43:53.0060 0x0cd4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
16:43:53.0107 0x0cd4  UxSms - ok
16:43:53.0138 0x0cd4  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] VaultSvc        C:\Windows\system32\lsass.exe
16:43:53.0154 0x0cd4  VaultSvc - ok
16:43:53.0185 0x0cd4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:43:53.0185 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: A059C4C3EDB09E07D21A8E5C0AABD3CB, sha256: BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07
16:43:53.0232 0x0cd4  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
16:43:55.0603 0x0cd4  Detect skipped due to KSN trusted
16:43:55.0603 0x0cd4  vdrvroot - ok
16:43:55.0681 0x0cd4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
16:43:55.0712 0x0cd4  vds - ok
16:43:55.0759 0x0cd4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:55.0759 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 17C408214EA61696CEC9C66E388B14F3, sha256: 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97
16:43:55.0790 0x0cd4  vga - detected LockedFile.Multi.Generic ( 1 )
16:43:58.0177 0x0cd4  Detect skipped due to KSN trusted
16:43:58.0177 0x0cd4  vga - ok
16:43:58.0224 0x0cd4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:43:58.0224 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 8E38096AD5C8570A6F1570A61E251561, sha256: 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39
16:43:58.0255 0x0cd4  VgaSave - detected LockedFile.Multi.Generic ( 1 )
16:44:00.0626 0x0cd4  Detect skipped due to KSN trusted
16:44:00.0626 0x0cd4  VgaSave - ok
16:44:00.0673 0x0cd4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:44:00.0673 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 5461686CCA2FDA57B024547733AB42E3, sha256: 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84
16:44:00.0720 0x0cd4  vhdmp - detected LockedFile.Multi.Generic ( 1 )
16:44:10.0735 0x0cd4  vhdmp ( LockedFile.Multi.Generic ) - warning
16:44:15.0244 0x0cd4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:44:15.0244 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaagp.sys. md5: C829317A37B4BEA8F39735D4B076E923, sha256: 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497
16:44:15.0275 0x0cd4  viaagp - detected LockedFile.Multi.Generic ( 1 )
16:44:17.0646 0x0cd4  Detect skipped due to KSN trusted
16:44:17.0646 0x0cd4  viaagp - ok
16:44:17.0708 0x0cd4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:44:17.0708 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viac7.sys. md5: E02F079A6AA107F06B16549C6E5C7B74, sha256: B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788
16:44:17.0724 0x0cd4  ViaC7 - detected LockedFile.Multi.Generic ( 1 )
16:44:20.0126 0x0cd4  Detect skipped due to KSN trusted
16:44:20.0126 0x0cd4  ViaC7 - ok
16:44:20.0204 0x0cd4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:44:20.0204 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E43574F6A56A0EE11809B48C09E4FD3C, sha256: 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9
16:44:20.0236 0x0cd4  viaide - detected LockedFile.Multi.Generic ( 1 )
16:44:22.0638 0x0cd4  Detect skipped due to KSN trusted
16:44:22.0638 0x0cd4  viaide - ok
16:44:22.0669 0x0cd4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:44:22.0669 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: 4C63E00F2F4B5F86AB48A58CD990F212, sha256: 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035
16:44:22.0685 0x0cd4  volmgr - detected LockedFile.Multi.Generic ( 1 )
16:44:26.0569 0x0cd4  Detect skipped due to KSN trusted
16:44:26.0569 0x0cd4  volmgr - ok
16:44:26.0632 0x0cd4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:44:26.0632 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: B5BB72067DDDDBBFB04B2F89FF8C3C87, sha256: 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC
16:44:26.0647 0x0cd4  volmgrx - detected LockedFile.Multi.Generic ( 1 )
16:44:29.0034 0x0cd4  Detect skipped due to KSN trusted
16:44:29.0034 0x0cd4  volmgrx - ok
16:44:29.0252 0x0cd4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:44:29.0252 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: F497F67932C6FA693D7DE2780631CFE7, sha256: DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6
16:44:29.0268 0x0cd4  volsnap - detected LockedFile.Multi.Generic ( 1 )
16:44:31.0670 0x0cd4  Detect skipped due to KSN trusted
16:44:31.0670 0x0cd4  volsnap - ok
16:44:31.0717 0x0cd4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:44:31.0717 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 9DFA0CC2F8855A04816729651175B631, sha256: 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3
16:44:31.0748 0x0cd4  vsmraid - detected LockedFile.Multi.Generic ( 1 )
16:44:34.0135 0x0cd4  Detect skipped due to KSN trusted
16:44:34.0135 0x0cd4  vsmraid - ok
16:44:34.0260 0x0cd4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
16:44:34.0338 0x0cd4  VSS - ok
16:44:34.0385 0x0cd4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:44:34.0385 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vwifibus.sys. md5: 90567B1E658001E79D7C8BBD3DDE5AA6, sha256: EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557
16:44:34.0385 0x0cd4  vwifibus - detected LockedFile.Multi.Generic ( 1 )
16:44:36.0787 0x0cd4  Detect skipped due to KSN trusted
16:44:36.0787 0x0cd4  vwifibus - ok
16:44:36.0850 0x0cd4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
16:44:36.0912 0x0cd4  W32Time - ok
16:44:36.0974 0x0cd4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:44:36.0974 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: DE3721E89C653AA281428C8A69745D90, sha256: 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516
16:44:36.0990 0x0cd4  WacomPen - detected LockedFile.Multi.Generic ( 1 )
16:44:39.0377 0x0cd4  Detect skipped due to KSN trusted
16:44:39.0377 0x0cd4  WacomPen - ok
16:44:39.0439 0x0cd4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:44:39.0439 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
16:44:39.0470 0x0cd4  WANARP - detected LockedFile.Multi.Generic ( 1 )
16:44:41.0857 0x0cd4  Detect skipped due to KSN trusted
16:44:41.0857 0x0cd4  WANARP - ok
16:44:41.0888 0x0cd4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:44:41.0888 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
16:44:41.0904 0x0cd4  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
16:44:41.0904 0x0cd4  Detect skipped due to KSN trusted
16:44:41.0904 0x0cd4  Wanarpv6 - ok
16:44:42.0029 0x0cd4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
16:44:42.0076 0x0cd4  wbengine - ok
16:44:42.0122 0x0cd4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:44:42.0154 0x0cd4  WbioSrvc - ok
16:44:42.0185 0x0cd4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:44:42.0216 0x0cd4  wcncsvc - ok
16:44:42.0247 0x0cd4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:44:42.0247 0x0cd4  WcsPlugInService - ok
16:44:42.0294 0x0cd4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:44:42.0294 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 1112A9BADACB47B7C0BB0392E3158DFF, sha256: 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4
16:44:42.0310 0x0cd4  Wd - detected LockedFile.Multi.Generic ( 1 )
16:44:44.0712 0x0cd4  Detect skipped due to KSN trusted
16:44:44.0712 0x0cd4  Wd - ok
16:44:44.0806 0x0cd4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:44:44.0806 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 25944D2CC49E0A6C581D02A74B7D6645, sha256: AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE
16:44:44.0837 0x0cd4  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
16:44:47.0224 0x0cd4  Detect skipped due to KSN trusted
16:44:47.0224 0x0cd4  Wdf01000 - ok
16:44:47.0255 0x0cd4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:44:47.0302 0x0cd4  WdiServiceHost - ok
16:44:47.0317 0x0cd4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:44:47.0317 0x0cd4  WdiSystemHost - ok
16:44:47.0380 0x0cd4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
16:44:47.0411 0x0cd4  WebClient - ok
16:44:47.0458 0x0cd4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:44:47.0504 0x0cd4  Wecsvc - ok
16:44:47.0536 0x0cd4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:44:47.0551 0x0cd4  wercplsupport - ok
16:44:47.0598 0x0cd4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
16:44:47.0645 0x0cd4  WerSvc - ok
16:44:47.0692 0x0cd4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:44:47.0692 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8B9A943F3B53861F2BFAF6C186168F79, sha256: 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713
16:44:47.0707 0x0cd4  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
16:44:50.0110 0x0cd4  Detect skipped due to KSN trusted
16:44:50.0110 0x0cd4  WfpLwf - ok
16:44:50.0250 0x0cd4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:44:50.0250 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 5CF95B35E59E2A38023836FFF31BE64C, sha256: CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D
16:44:50.0281 0x0cd4  WIMMount - detected LockedFile.Multi.Generic ( 1 )
16:44:52.0668 0x0cd4  Detect skipped due to KSN trusted
16:44:52.0668 0x0cd4  WIMMount - ok
16:44:52.0777 0x0cd4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:44:52.0808 0x0cd4  WinDefend - ok
16:44:52.0871 0x0cd4  WinHttpAutoProxySvc - ok
16:44:52.0949 0x0cd4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:44:52.0980 0x0cd4  Winmgmt - ok
16:44:53.0105 0x0cd4  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:44:53.0152 0x0cd4  WinRM - ok
16:44:53.0245 0x0cd4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:44:53.0245 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: A67E5F9A400F3BD1BE3D80613B45F708, sha256: E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367
16:44:53.0276 0x0cd4  WinUsb - detected LockedFile.Multi.Generic ( 1 )
16:44:55.0663 0x0cd4  Detect skipped due to KSN trusted
16:44:55.0663 0x0cd4  WinUsb - ok
16:44:55.0772 0x0cd4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:44:55.0819 0x0cd4  Wlansvc - ok
16:44:55.0866 0x0cd4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:44:55.0866 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: 0217679B8FCA58714C3BF2726D2CA84E, sha256: 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A
16:44:55.0882 0x0cd4  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
16:45:01.0700 0x0cd4  Detect skipped due to KSN trusted
16:45:01.0700 0x0cd4  WmiAcpi - ok
16:45:01.0763 0x0cd4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:45:01.0778 0x0cd4  wmiApSrv - ok
16:45:01.0919 0x0cd4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:45:01.0966 0x0cd4  WMPNetworkSvc - ok
16:45:02.0012 0x0cd4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:45:02.0044 0x0cd4  WPCSvc - ok
16:45:02.0075 0x0cd4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:45:02.0106 0x0cd4  WPDBusEnum - ok
16:45:02.0153 0x0cd4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:45:02.0153 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6DB3276587B853BF886B69528FDB048C, sha256: 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C
16:45:02.0168 0x0cd4  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
16:45:04.0633 0x0cd4  Detect skipped due to KSN trusted
16:45:04.0633 0x0cd4  ws2ifsl - ok
16:45:04.0680 0x0cd4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:45:04.0711 0x0cd4  wscsvc - ok
16:45:04.0727 0x0cd4  WSearch - ok
16:45:04.0898 0x0cd4  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
16:45:04.0945 0x0cd4  wuauserv - ok
16:45:05.0008 0x0cd4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:45:05.0008 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 06E6F32C8D0A3F66D956F57B43A2E070, sha256: 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943
16:45:05.0039 0x0cd4  WudfPf - detected LockedFile.Multi.Generic ( 1 )
16:45:07.0441 0x0cd4  Detect skipped due to KSN trusted
16:45:07.0441 0x0cd4  WudfPf - ok
16:45:07.0488 0x0cd4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:45:07.0488 0x0cd4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 867C301E8B790040AE9CF6486E8041DF, sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
16:45:07.0519 0x0cd4  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
16:45:09.0922 0x0cd4  Detect skipped due to KSN trusted
16:45:09.0922 0x0cd4  WUDFRd - ok
16:45:09.0984 0x0cd4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:45:10.0000 0x0cd4  wudfsvc - ok
16:45:10.0046 0x0cd4  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:45:10.0062 0x0cd4  WwanSvc - ok
16:45:10.0109 0x0cd4  ================ Scan global ===============================
16:45:10.0171 0x0cd4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
16:45:10.0202 0x0cd4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:45:10.0218 0x0cd4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:45:10.0265 0x0cd4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
16:45:10.0296 0x0cd4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
16:45:10.0296 0x0cd4  [ Global ] - ok
16:45:10.0296 0x0cd4  ================ Scan MBR ==================================
16:45:10.0312 0x0cd4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:45:10.0514 0x0cd4  \Device\Harddisk0\DR0 - ok
16:45:10.0514 0x0cd4  ================ Scan VBR ==================================
16:45:10.0514 0x0cd4  [ FA6446873707FE19EAA751E6F3BFA568 ] \Device\Harddisk0\DR0\Partition1
16:45:10.0514 0x0cd4  \Device\Harddisk0\DR0\Partition1 - ok
16:45:10.0546 0x0cd4  [ 086FB0FB9F4BA3DD31E6CF289DC97C22 ] \Device\Harddisk0\DR0\Partition2
16:45:10.0546 0x0cd4  \Device\Harddisk0\DR0\Partition2 - ok
16:45:10.0546 0x0cd4  ================ Scan generic autorun ======================
16:45:10.0592 0x0cd4  [ C26DC901D106AB96F405A35069B8E8EB, F245F715BFFCC5C535AA43ED630CE146794BCA56D9EBA46E6778450D06232731 ] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
16:45:10.0624 0x0cd4  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
16:45:20.0639 0x0cd4  AVMWlanClient ( UnsignedFile.Multi.Generic ) - warning
16:45:27.0238 0x0cd4  [ A9F3C6135C9756E21A331F20437BC83E, 2576B4DD5D8374FF3042704DC885B4674ABF3E239BD7697785680C1D705901BA ] C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
16:45:27.0269 0x0cd4  G Data ASM - ok
16:45:27.0347 0x0cd4  [ E66532FD491AD5604C36916715FBA092, 43FA8EF2025E7F1281CA024CB2EB2A433310E1515DCA9359035B3FB4BAE1FA8C ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
16:45:27.0362 0x0cd4  Adobe Reader Speed Launcher - ok
16:45:27.0472 0x0cd4  [ 3CB07566302BCEEB898DE270A0BEC175, B234D1044D8702A0929BB48F729EB5078B44AA7CD574B6482633B51289E70200 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:45:27.0534 0x0cd4  Adobe ARM - ok
16:45:27.0596 0x0cd4  [ 13E7CFE8E269ED15E7FC9C3EBBCB7E2B, 3B64263BA305F094B09B1961621C50CA6F9771F80CAC9F916B18BB0C7753A662 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:45:27.0628 0x0cd4  SunJavaUpdateSched - ok
16:45:27.0862 0x0cd4  [ 2A06A880B6AECB9B1F384B60F35D5831, A5FF754AFBC6F818F470F50253A9E88BA24C5AA3E056D28AAF32ABBF1202C81B ] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
16:45:28.0080 0x0cd4  GDFirewallTray - ok
16:45:28.0189 0x0cd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:45:28.0298 0x0cd4  Sidebar - ok
16:45:28.0330 0x0cd4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:45:28.0345 0x0cd4  mctadmin - ok
16:45:28.0423 0x0cd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:45:28.0486 0x0cd4  Sidebar - ok
16:45:28.0486 0x0cd4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:45:28.0517 0x0cd4  mctadmin - ok
16:45:28.0844 0x0cd4  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
16:45:29.0094 0x0cd4  Akamai NetSession Interface - ok
16:45:29.0188 0x0cd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:45:29.0219 0x0cd4  Sidebar - ok
16:45:29.0234 0x0cd4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:45:29.0250 0x0cd4  mctadmin - ok
16:45:29.0250 0x0cd4  Waiting for KSN requests completion. In queue: 12
16:45:30.0264 0x0cd4  Waiting for KSN requests completion. In queue: 12
16:45:31.0278 0x0cd4  Waiting for KSN requests completion. In queue: 12
16:45:32.0292 0x0cd4  AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41010 ( enabled : outofdate )
16:45:32.0292 0x0cd4  FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
16:45:34.0710 0x0cd4  ============================================================
16:45:34.0710 0x0cd4  Scan finished
16:45:34.0710 0x0cd4  ============================================================
16:45:34.0710 0x06a0  Detected object count: 7
16:45:34.0710 0x06a0  Actual detected object count: 7
16:46:05.0380 0x06a0  C:\Windows\System32\Drivers\98730404f2d3d842.sys - copied to quarantine
16:46:05.0426 0x06a0  HKLM\SYSTEM\ControlSet001\services\98730404f2d3d842 - will be deleted on reboot
16:46:05.0473 0x06a0  HKLM\SYSTEM\ControlSet002\services\98730404f2d3d842 - will be deleted on reboot
16:46:05.0801 0x06a0  C:\Windows\System32\Drivers\98730404f2d3d842.sys - will be deleted on reboot
16:46:05.0801 0x06a0  98730404f2d3d842 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
16:46:05.0801 0x06a0  NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
16:46:05.0801 0x06a0  NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip 
16:46:05.0801 0x06a0  pcw ( LockedFile.Multi.Generic ) - skipped by user
16:46:05.0801 0x06a0  pcw ( LockedFile.Multi.Generic ) - User select action: Skip 
16:46:05.0816 0x06a0  secdrv ( LockedFile.Multi.Generic ) - skipped by user
16:46:05.0816 0x06a0  secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
16:46:05.0816 0x06a0  TermDD ( LockedFile.Multi.Generic ) - skipped by user
16:46:05.0816 0x06a0  TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 
16:46:05.0816 0x06a0  vhdmp ( LockedFile.Multi.Generic ) - skipped by user
16:46:05.0816 0x06a0  vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
16:46:05.0816 0x06a0  AVMWlanClient ( UnsignedFile.Multi.Generic ) - skipped by user
16:46:05.0816 0x06a0  AVMWlanClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:46:06.0487 0x06a0  KLMD registered as C:\Windows\system32\drivers\30577659.sys
16:46:11.0573 0x05e4  Deinitialize success

deeprybka · 01.04.2015, 17:49

OK.

Schritt 1

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Schritt 2

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Steffen 70 · 02.04.2015, 16:39

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Steffen at 2015-04-02 17:30:48
Running from C:\Users\Steffen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity CBE (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1und1 Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
1und1 Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 141 - Abelssoft)
Autodesk Design Review 2013 (HKLM\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Dassault Systemes Software VC10 Prerequisites x86 (HKLM\...\{B7066BF6-394F-4DA6-B21E-06DF44684816}) (Version: 10.1.1 - Dassault Systemes)
Dassault Systemes Software VC9 Prerequisites x86 (HKLM\...\{50BFDB3B-9CA8-477E-82FE-D3CD5F58F8C4}) (Version: 9.1.2 - Dassault Systemes)
DesignCAD Light 16.3 (HKLM\...\{B4E6AB20-5DBF-42C3-B67D-5E22C5F51D29}) (Version: 16.3 - IMSI)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
eDrawings 2014 (HKLM\...\{81A2E9BB-F9EF-4CF3-84C3-A75E1CE542B6}) (Version: 14.0.5006 - Dassault Systèmes SolidWorks Corp)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Unternehmer 12.0.0.5880u) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
G Data InternetSecurity CBE (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
J2SE Runtime Environment 5.0 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenSSL 1.0.0l Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
Solid Edge 2D Drafting ST6 (HKLM\...\{4DDED18B-9C9C-434B-95FE-CFA9C9EE626F}) (Version: 106.00.02005 - Siemens)
SolidView Lite 2014 (HKLM\...\{7F5CB40E-C3BF-4AAE-A05C-88EC949B9C25}) (Version: 14.0.0131 - Solid Concepts Inc)
STP Viewer 2.3 (HKLM\...\{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1) (Version:  - IdeaMK)
Windows-Treiberpaket - 3D Robotics (usbser) Ports  (07/31/2013 2.0.0.3) (HKLM\...\3C34FF4EF99EAC8D565419CDF431F96703771360) (Version: 07/31/2013 2.0.0.3 - 3D Robotics)
Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2012 5.1.2600.0) (HKLM\...\4414E25DD1DDB3A149E9A6222CA82E070C630A02) (Version: 11/15/2012 5.1.2600.0 - Arduino LLC (www.arduino.cc))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{EEFDB0DA-DD97-4F5D-8268-E4C2F6826CE7}\localserver32 -> C:\Program Files\Solid Edge 2D Drafting ST6\Program\PLMVis\Products\JT2Go\VisView.exe (Siemens)
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3764681053-1311214435-963443542-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}\InprocServer32 -> No File Path

==================== Restore Points  =========================

27-01-2015 16:53:05 Windows Update
03-02-2015 13:13:15 Windows Update
08-02-2015 11:11:28 Windows Update
11-02-2015 17:51:12 Windows Update
12-02-2015 16:36:54 Windows Update
17-02-2015 11:09:06 Windows Update
21-02-2015 15:51:46 Windows Update
25-02-2015 18:39:25 Windows Update
09-03-2015 16:52:35 Geplanter Prüfpunkt
01-04-2015 17:00:24 Windows Update
01-04-2015 18:50:43 Windows Update
02-04-2015 16:56:28 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2013-10-31 11:02 - 00000893 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B441022-AB98-44B1-AF2C-31FC0BC1A1DB} - System32\Tasks\AntiBrowserSpy - BrowserMask => C:\Program Files\AntiBrowserSpy\BrowserMask.exe [2014-01-13] ()
Task: {3A10ACAD-BD9D-48BD-A32E-580D563C4DBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {45B0C38E-87F4-4BE0-A9F2-E5F916340473} - System32\Tasks\{1F61290C-8E0C-4416-AEE5-1CEBB920A1AD} => pcalua.exe -a C:\PROGRA~1\bhv\DRAFTB~1.0\UNWISE32.EXE -c /Z /R C:\PROGRA~1\bhv\DRAFTB~1.0\INSTALL.LOG "DraftBoard Pocket 4.0"
Task: {52994C93-3B9F-45C4-94D6-E7EA53191B89} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {65D81529-5BD3-4B57-A165-FC90F36CD01F} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {696703F2-9B2C-4E51-B104-D6097FCD4AD9} - System32\Tasks\AntiBrowserSpy - SocialBlock - IE => C:\Program Files\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe [2014-01-13] ()
Task: {7C37AA85-98F3-40D9-BE59-EF4EBA7E8931} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {B2901578-B14F-404F-A90F-EF3F8A679913} - System32\Tasks\{2750B4D7-494F-428C-8A3C-19B2D344C44C} => C:\Program Files\bhv\DraftBoard Pocket 4.0\DraftBoard.exe [2005-02-28] (Concepts Technology Co., Ltd)
Task: {B8B6A3AE-A707-4734-9541-96D566563C6D} - System32\Tasks\AntiBrowserSpy - SocialBlock - IEProxyCheck => C:\Program Files\AntiBrowserSpy\SocialBlock_ProxyCheck.exe [2014-01-13] ()
Task: {D804DEA6-8DFD-469A-B001-AE7A11787A7C} - System32\Tasks\{B7C30487-AE42-4463-809F-B00DA8DA5F58} => pcalua.exe -a D:\FSetup.exe -d D:\
Task: {FAF08DF0-926A-4597-8AD2-128B0AF1BBF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-01] (Adobe Systems Incorporated)
Task: {FCAC9E6F-8017-474A-8237-B4A9CCA74AB7} - System32\Tasks\{E5549D03-68E0-4D25-A30A-ED02F2D126BD} => pcalua.exe -a "C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNCKPWEY\SE2DDraftV106GERMAN.exe" -d C:\Users\Steffen\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-18 17:17 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-04-15 15:48 - 2001-10-28 16:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-03-27 18:38 - 2014-01-13 11:15 - 00823424 _____ () C:\Program Files\AntiBrowserSpy\BrowserMask.exe
2015-03-27 18:38 - 2014-01-13 11:15 - 00778240 _____ () C:\Program Files\AntiBrowserSpy\SocialBlock_ProxyCheck.exe
2015-03-27 18:38 - 2014-01-13 11:08 - 01136640 _____ () C:\Program Files\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\$NtUninstallKB27797$:SummaryInformation
AlternateDataStreams: C:\Users\Steffen\Downloads\Datenblatt für SMC 4100-T2 Schrittmotorcontroller.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steffen\Documents\Angebot.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Angebot.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Centerplatte bemaßt.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Centerplatte bemaßt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\depot.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\depot.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15277481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16069185.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15277481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16069185.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3764681053-1311214435-963443542-500 - Administrator - Disabled)
Gast (S-1-5-21-3764681053-1311214435-963443542-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3764681053-1311214435-963443542-1002 - Limited - Enabled)
Steffen (S-1-5-21-3764681053-1311214435-963443542-1000 - Administrator - Enabled) => C:\Users\Steffen
UpdatusUser (S-1-5-21-3764681053-1311214435-963443542-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 04:56:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0e36d2c2-61d9-4a81-97bd-cbf094e4e4cb}

Error: (04/01/2015 04:22:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (04/01/2015 04:20:20 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (04/01/2015 04:20:13 PM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 00:34:35 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (03/31/2015 00:32:52 PM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 00:32:45 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 11:23:17 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 11:23:00 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 10:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EModelViewer.exe, Version: 14.0.0.5006, Zeitstempel: 0x523b68b4
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.332, Zeitstempel: 0x4e1a9f56
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x3cd8
Startzeit der fehlerhaften Anwendung: 0xEModelViewer.exe0
Pfad der fehlerhaften Anwendung: EModelViewer.exe1
Pfad des fehlerhaften Moduls: EModelViewer.exe2
Berichtskennung: EModelViewer.exe3


System errors:
=============
Error: (04/02/2015 05:02:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/02/2015 05:02:11 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/02/2015 04:23:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/02/2015 04:23:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/01/2015 05:19:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 05:19:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 05:19:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 05:19:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 04:50:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/01/2015 04:50:49 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (04/02/2015 04:56:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0e36d2c2-61d9-4a81-97bd-cbf094e4e4cb}

Error: (04/01/2015 04:22:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7601.17514

Error: (04/01/2015 04:20:20 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (04/01/2015 04:20:13 PM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 00:34:35 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7601.17514

Error: (03/31/2015 00:32:52 PM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 00:32:45 PM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 11:23:17 AM) (Source: AVKWCtl) (EventID: 0) (User: )
Description: Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31

Error: (03/31/2015 11:23:00 AM) (Source: GDFwSvc) (EventID: 0) (User: )
Description: Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 31

Error: (03/31/2015 10:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EModelViewer.exe14.0.0.5006523b68b4MSVCR100.dll10.0.40219.3324e1a9f56400000150008d6fd3cd801d06b8ed8e77198C:\Program Files\Common Files\eDrawings2014\EModelViewer.exeC:\Windows\system32\MSVCR100.dll9ba24d98-d782-11e4-a0da-00040ec9f7d9


CodeIntegrity Errors:
===================================
  Date: 2012-05-06 17:37:55.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 17:37:55.475
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 17:37:55.412
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 17:37:55.350
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 17:37:55.287
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 17:37:55.225
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 17:37:55.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 18:32:59.885
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 18:32:59.807
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-06 18:32:59.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wintrust.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 7550 Dual-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 3327.24 MB
Available physical RAM: 2298.55 MB
Total Pagefile: 6652.78 MB
Available Pagefile: 4903.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:188.21 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 79E5775B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Steffen (administrator) on STEFFEN-PC on 02-04-2015 17:29:54
Running from C:\Users\Steffen\Downloads
Loaded Profiles: Steffen (Available profiles: Steffen & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
() C:\Program Files\AntiBrowserSpy\BrowserMask.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\AntiBrowserSpy\SocialBlock_ProxyCheck.exe
() C:\Program Files\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Akamai Technologies, Inc.) C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [323584 2006-04-20] (AVM Berlin GmbH)
HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Steffen\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: {27a82824-2466-11df-ad1a-003067031c7a} - G:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\MountPoints2: {e245abf6-f955-11e3-ab17-003067031c7a} - F:\pushinst.exe
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3764681053-1311214435-963443542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {15A29993-9DCD-469B-8AB5-678C5F72FF3E} URL = 
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=de_DE
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {81CE708B-5104-4C62-B333-94B417473B29} URL = hxxp://go.mail.com/br/ie9_search_web/?su={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-23] (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-23] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll [2012-11-23] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-11-23] (Sun Microsystems, Inc.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3764681053-1311214435-963443542-1000: @autodesk.com/DWF -> C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll [2011-01-24] (Autodesk)

Chrome: 
=======
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-04]
CHR Extension: (Google Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-04]
CHR Extension: (avast! WebRep) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-03-04]
CHR Extension: (Gmail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2015-03-27] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2015-03-27] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2015-03-27] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-03-27] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-04-01] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2015-03-27] (G Data Software AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 16:32 - 2015-04-02 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-02 16:30 - 2015-04-02 17:29 - 00000000 ____D () C:\Users\Steffen\Desktop\mbar
2015-04-02 16:28 - 2015-04-02 16:30 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Steffen\Downloads\mbar-1.09.1.1004.exe
2015-04-01 18:54 - 2015-04-01 18:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-01 18:25 - 2015-04-01 18:25 - 00001164 _____ () C:\Users\Steffen\Desktop\tdsskiller - Verknüpfung.lnk
2015-04-01 17:08 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-01 17:08 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-01 17:08 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-01 17:07 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-01 17:07 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-01 17:07 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-01 17:07 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-01 17:07 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-01 17:07 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-01 17:07 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-01 17:07 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-01 17:07 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-01 17:07 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-01 17:07 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-01 17:07 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-01 17:07 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-01 17:07 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-01 17:07 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-01 17:07 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-01 17:07 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-01 17:07 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-01 17:07 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-01 17:07 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-01 17:07 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-01 17:07 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-01 17:07 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-01 17:07 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-01 17:07 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-01 17:07 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-01 17:07 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-01 17:07 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-01 17:07 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-01 17:07 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-01 17:07 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-01 17:06 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-01 17:06 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-01 17:06 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-01 17:06 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-01 17:06 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-01 17:06 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-01 17:06 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-01 17:06 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-01 17:06 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-01 17:06 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-01 17:05 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-01 17:05 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-01 17:05 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-01 17:05 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-01 17:05 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-01 17:05 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-01 17:04 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-01 17:04 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-01 17:04 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-01 17:04 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-01 17:04 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-01 17:04 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-01 17:04 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-01 17:04 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-01 17:04 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-01 17:04 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-01 17:04 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-01 17:04 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-01 17:04 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-01 17:04 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-01 17:04 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-01 17:04 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-01 17:04 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-01 17:04 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-01 17:04 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-01 17:04 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-01 17:04 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-01 17:04 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-01 17:04 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-01 17:04 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-01 17:04 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-01 17:03 - 2015-04-01 17:03 - 00015192 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-04-01 17:02 - 2015-04-01 17:02 - 00029528 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-04-01 16:55 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-04-01 16:55 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-04-01 16:55 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-04-01 16:46 - 2015-04-01 16:46 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-01 16:31 - 2015-04-01 16:31 - 00048445 _____ () C:\Users\Steffen\Downloads\Shortcut.txt
2015-03-31 12:29 - 2015-03-31 12:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Downloads\tdsskiller (1).exe
2015-03-31 12:26 - 2015-03-31 12:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Downloads\tdsskiller.exe
2015-03-31 12:24 - 2015-03-31 12:24 - 00443784 _____ () C:\Users\Steffen\Downloads\Allin1Convert.exe
2015-03-30 13:28 - 2015-04-01 16:31 - 00026359 _____ () C:\Users\Steffen\Downloads\Addition.txt
2015-03-30 13:27 - 2015-03-30 13:27 - 00001106 _____ () C:\Users\Steffen\Desktop\FRST - Verknüpfung.lnk
2015-03-30 13:26 - 2015-04-02 17:30 - 00012050 _____ () C:\Users\Steffen\Downloads\FRST.txt
2015-03-30 13:26 - 2015-04-02 17:29 - 00000000 ____D () C:\FRST
2015-03-30 13:26 - 2015-03-30 13:26 - 01135104 _____ (Farbar) C:\Users\Steffen\Downloads\FRST.exe
2015-03-27 23:42 - 2015-03-27 23:45 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2015-03-27 23:41 - 2015-03-27 23:41 - 00000000 ____D () C:\ProgramData\Brother
2015-03-27 22:11 - 2015-03-27 22:11 - 311218386 _____ () C:\Windows\MEMORY.DMP
2015-03-27 22:11 - 2015-03-27 22:11 - 00143800 _____ () C:\Windows\Minidump\032715-18798-01.dmp
2015-03-27 21:00 - 2015-04-02 17:02 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-27 21:00 - 2015-04-02 17:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 21:00 - 2015-03-27 21:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-27 21:00 - 2015-03-27 21:00 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-27 21:00 - 2015-03-27 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-27 21:00 - 2015-03-27 21:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-27 21:00 - 2015-03-17 07:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-27 21:00 - 2015-03-17 07:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-27 20:57 - 2015-03-27 21:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-03-27 20:47 - 2015-04-02 16:59 - 00014522 _____ () C:\Windows\PFRO.log
2015-03-27 20:47 - 2015-04-02 16:59 - 00001064 _____ () C:\Windows\setupact.log
2015-03-27 20:47 - 2015-03-27 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-27 20:03 - 2015-04-02 17:03 - 01052213 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 20:00 - 2015-03-27 20:00 - 00003520 _____ () C:\Users\Steffen\Documents\cc_20150327_190017.reg
2015-03-27 19:36 - 2015-03-27 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity CBE
2015-03-27 19:28 - 2015-03-27 19:28 - 00002008 _____ () C:\Users\Public\Desktop\G Data InternetSecurity CBE.lnk
2015-03-27 19:25 - 2015-03-27 19:25 - 00056832 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-03-27 19:22 - 2015-03-27 19:22 - 00053248 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00101504 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00050176 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-03-27 19:21 - 2015-03-27 19:21 - 00044544 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-03-27 19:19 - 2015-03-27 19:19 - 00000000 ____D () C:\Program Files\Common Files\G Data
2015-03-27 18:38 - 2015-03-27 18:38 - 00001037 _____ () C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2015-03-27 18:38 - 2015-03-27 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2015-03-19 13:43 - 2015-03-19 13:43 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00002171 _____ () C:\Users\Public\Desktop\SolidView Lite 2014.lnk
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\ProgramData\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid Concepts Inc
2015-03-19 13:42 - 2015-03-19 13:42 - 00000000 ____D () C:\Program Files\Solid Concepts Inc
2015-03-19 12:55 - 2015-03-19 13:41 - 163663800 _____ (Solid Concepts Inc) C:\Users\Steffen\Downloads\svlite_2014v0_x86.exe
2015-03-09 17:44 - 2015-03-09 17:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-09 17:35 - 2015-03-09 17:35 - 00057337 _____ () C:\Users\Steffen\Downloads\Drehteile (2).zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 17:07 - 2010-02-28 14:47 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 17:07 - 2009-07-14 06:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 17:07 - 2009-07-14 06:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 16:59 - 2012-11-18 17:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-02 16:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 16:56 - 2009-07-14 04:37 - 00000000 _SHDC () C:\Windows\$NtUninstallKB27797$
2015-04-02 16:21 - 2009-07-14 06:33 - 00457344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-01 18:59 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\tracing
2015-04-01 18:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-01 18:54 - 2010-03-08 18:14 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-01 17:29 - 2014-06-20 18:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Adobe
2015-04-01 17:27 - 2012-07-27 16:04 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-01 17:27 - 2011-06-08 12:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-01 16:50 - 2014-05-08 19:09 - 00000000 ____D () C:\ProgramData\G Data
2015-03-31 10:48 - 2013-07-20 09:16 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2015-03-28 16:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-27 23:45 - 2013-03-08 13:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-27 23:45 - 2010-08-07 16:25 - 00000000 ____D () C:\Program Files\Brother
2015-03-27 23:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2015-03-27 22:33 - 2014-07-22 18:17 - 00000000 ____D () C:\Users\Steffen\Downloads\Neuer Ordner
2015-03-27 22:18 - 2010-11-07 13:25 - 00498176 ___SH () C:\Users\Steffen\Documents\Thumbs.db
2015-03-27 22:11 - 2010-04-07 12:10 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 21:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Web
2015-03-27 19:55 - 2012-09-03 08:32 - 00000000 ____D () C:\Program Files\AntiBrowserSpy
2015-03-27 19:21 - 2014-05-08 20:11 - 00001558 _____ () C:\Users\Steffen\AppData\Roaming\gdscan.log
2015-03-27 19:19 - 2014-05-08 20:10 - 00000000 ____D () C:\Program Files\G Data
2015-03-27 18:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\spool
2015-03-27 18:34 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\winevt
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\SMI
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\MUI
2015-03-27 18:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\com
2015-03-27 18:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-27 18:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 22:23 - 2012-12-17 18:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 17:48 - 2015-01-20 13:28 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird.bak
2015-03-09 16:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2012-05-23 17:35 - 2012-09-03 09:24 - 0000048 _____ () C:\Users\Steffen\AppData\Roaming\AcroIEHelpe.txt
2012-08-26 13:44 - 2012-09-03 10:06 - 0000017 _____ () C:\Users\Steffen\AppData\Roaming\blckdom.res
2014-05-08 20:11 - 2014-05-08 20:11 - 0000000 _____ () C:\Users\Steffen\AppData\Roaming\gdfw.log
2014-05-08 20:11 - 2015-03-27 19:21 - 0001558 _____ () C:\Users\Steffen\AppData\Roaming\gdscan.log
2012-05-23 17:35 - 2012-05-23 17:35 - 0000264 _____ () C:\Users\Steffen\AppData\Roaming\srvblck5.tmp
2014-10-20 17:22 - 2014-10-20 17:22 - 0004096 ____H () C:\Users\Steffen\AppData\Local\keyfile3.drm
2014-05-08 19:55 - 2014-09-13 15:31 - 0007597 _____ () C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
2012-09-03 08:55 - 2012-09-03 08:55 - 0017408 _____ () C:\Users\Steffen\AppData\Local\WebpageIcons.db
2012-08-11 11:10 - 2012-08-11 11:38 - 4503728 ____T () C:\ProgramData\00etadpu.pad
2013-12-19 17:18 - 2013-12-19 17:20 - 95025368 ____T () C:\ProgramData\8odwoemq.fee
2013-12-19 17:18 - 2013-12-19 17:18 - 0000000 _____ () C:\ProgramData\8odwoemq.odd
2013-10-29 12:00 - 2013-10-29 12:02 - 95025368 ____T () C:\ProgramData\8zwwlhrq.bxx
2013-10-29 12:00 - 2013-10-29 12:00 - 0000000 _____ () C:\ProgramData\8zwwlhrq.fvv
2013-10-30 13:48 - 2013-10-30 13:49 - 95025368 ____T () C:\ProgramData\9oj69hf.bxx
2013-10-30 13:48 - 2013-10-30 13:48 - 0000000 _____ () C:\ProgramData\9oj69hf.fvv
2012-06-15 10:17 - 2012-06-15 10:17 - 4503728 ____T () C:\ProgramData\c_0_lpt.pad
2012-08-20 12:29 - 2012-08-20 12:30 - 4503728 ____T () C:\ProgramData\ism_0_llatsni.pad
2013-10-28 13:51 - 2013-10-28 13:53 - 95025368 ____T () C:\ProgramData\lzjb8av.bxx
2013-10-28 13:51 - 2013-10-28 13:51 - 0000000 _____ () C:\ProgramData\lzjb8av.fvv
2012-09-03 08:22 - 2012-09-03 08:23 - 4503728 ____T () C:\ProgramData\nud0repor.pad
2012-08-06 11:13 - 2012-08-06 11:14 - 4503728 ____T () C:\ProgramData\rat_0ybba.pad
2012-01-03 18:00 - 2012-01-03 18:04 - 0000440 ____H () C:\ProgramData\UeBUrRTJiwSDHt
2012-07-24 17:39 - 2012-07-24 17:40 - 4503728 ____T () C:\ProgramData\z7_0ytr.pad
2012-01-03 18:09 - 2012-01-03 18:09 - 0000296 _____ () C:\ProgramData\~UeBUrRTJiwSDHt
2012-01-03 18:09 - 2012-01-03 18:09 - 0000200 _____ () C:\ProgramData\~UeBUrRTJiwSDHtr

ZeroAccess:
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\@
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\00000004.@
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\1afb2d56
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}\L\55490ac4

Files to move or delete:
====================
C:\ProgramData\00etadpu.pad
C:\ProgramData\8odwoemq.fee
C:\ProgramData\8odwoemq.odd
C:\ProgramData\8zwwlhrq.bxx
C:\ProgramData\8zwwlhrq.fvv
C:\ProgramData\9oj69hf.bxx
C:\ProgramData\9oj69hf.fvv
C:\ProgramData\c_0_lpt.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\lzjb8av.bxx
C:\ProgramData\lzjb8av.fvv
C:\ProgramData\nud0repor.pad
C:\ProgramData\rat_0ybba.pad
C:\ProgramData\z7_0ytr.pad


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 11:19

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.02.04
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Steffen :: STEFFEN-PC [administrator]

02.04.2015 17:03:20
mbar-log-2015-04-02 (17-03-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 342600
Time elapsed: 24 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

deeprybka · 02.04.2015, 18:45

Hi,
sieht schon besser aus, gell?

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
HKU\S-1-5-21-3764681053-1311214435-963443542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {15A29993-9DCD-469B-8AB5-678C5F72FF3E} URL = 
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=de_DE
SearchScopes: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\S-1-5-21-3764681053-1311214435-963443542-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Users\Steffen\AppData\Local\{b3143e40-0149-157c-ba8a-29adcc6cabbe}
C:\ProgramData\00etadpu.pad
C:\ProgramData\8odwoemq.fee
C:\ProgramData\8odwoemq.odd
C:\ProgramData\8zwwlhrq.bxx
C:\ProgramData\8zwwlhrq.fvv
C:\ProgramData\9oj69hf.bxx
C:\ProgramData\9oj69hf.fvv
C:\ProgramData\c_0_lpt.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\lzjb8av.bxx
C:\ProgramData\lzjb8av.fvv
C:\ProgramData\nud0repor.pad
C:\ProgramData\rat_0ybba.pad
C:\ProgramData\z7_0ytr.pad
AlternateDataStreams: C:\Windows\$NtUninstallKB27797$:SummaryInformation
AlternateDataStreams: C:\Users\Steffen\Downloads\Datenblatt für SMC 4100-T2 Schrittmotorcontroller.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steffen\Documents\Angebot.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Angebot.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Centerplatte bemaßt.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Centerplatte bemaßt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\depot.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\depot.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Grundsteuer2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Rente3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Rente3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Steffen\Documents\Vertrag Sandra1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 4

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

31.03.2015, 11:54	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	G data blockiert , keine Systemwiederherstellung möglich , Taskmanager funktioniert nicht Als zip anhängen oder Postings splitten. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

G data blockiert , keine Systemwiederherstellung möglich , Taskmanager funktioniert nicht

Plagegeister aller Art und deren Bekämpfung: G data blockiert , keine Systemwiederherstellung möglich , Taskmanager funktioniert nicht