Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Groupon Email

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2013, 13:17   #1
Kim1988
 
Groupon Email - Standard

Groupon Email



Hallo,

ich habe folgendes Problem;

Leider habe ich den Anhang einer gefälschten Groupon Rechnung geöffnet Ich weiß man sollte nie solche Anhänge öffnen gerade wenn sie wie bei mir auch noch im Spam Ordner sind.
Naja nun ist es passiert...Weiß jetzt leider nicht wie ich mich verhalten soll,habe mein Antivieren Programm mehrmals durchlaufen lassen,aber es findet nichts.Soweit läuft mein Notebook ( Sony Vaio VGN N31S/W) auch ohne Auffälligkeiten.Manchmal hängt sich mein Notebook zwar auf aber das Problem hatte ich auch schon vorher.

Wie ich in diversen Foren lesen konnte wäre es wohl das beste das Notebook neu zu formatieren,habe nur leider keine Recovery-CD. Bringt denke ich nichts diese jetzt zu erstellen....Sony möchte 60€ für eine solche Cd,was ich sehr unverschähmt finde,nur mal am Rande.
Gibt es denn jetzt eine Möglichkeit das ganze ohne Cd zu machen? Wenn ja,wie? Ich bin jetzt auch kein Experte und kenne mich mit "solchen" Sachen nicht wirklich aus

Woran würde ich erkennen das ich mir den Trojaner überhaupt eingefangen habe?

Bin für jede Hilfe dankbar=)

Alt 08.03.2013, 15:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Email - Standard

Groupon Email



Hallo Kim und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 08.03.2013, 18:25   #3
Kim1988
 
Groupon Email - Standard

Groupon Email



Hallo,danke schonmal für die Hilfe=)

Also ich habe jetzt genau das gemacht,wie du es oben beschrieben hast.

Nach dem Scan öffnete sich der Editor mit irgendwelchen Dateien o.Ä. Sind das die Logfiles? Ist eine laaange Liste.

Ich kopiere einfach mal alles was im Editor steht in den Thread,hoffe das ist ok so.
Sorry falls ich etwas unverständlich schreibe,aber hab nicht so die Ahnung=))

Also hier dann das was nach dem Scan im Editor erschien:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.03.2013 17:57:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dirk\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,45 Mb Total Physical Memory | 210,25 Mb Available Physical Memory | 20,75% Memory free
2,24 Gb Paging File | 1,01 Gb Available in Paging File | 45,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,85 Gb Total Space | 35,67 Gb Free Space | 42,55% Space Free | Partition Type: NTFS
 
Computer Name: KIM | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1708E1AF-939F-4EC0-83D5-7F39E7B7EE59}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{29DB5AB5-670E-44DF-8725-5907A143EE87}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{45965F10-961E-41D5-8DEE-CA343BA4C24D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5F90FF52-38AC-426F-A05E-1B08B9A7A865}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{77051FC2-219D-4B36-B2BB-6CA2A1AA56D2}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{7C9DDA84-39BD-489E-8948-69D834B8E77B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A65CA1E7-FE6C-4CFB-9D51-CCCB7C044A83}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{D4399B49-FFF1-4DFF-AD16-1779541E8742}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{D84F9B45-DA15-4151-85B2-E649328EA555}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DBFC3EE1-2263-4D48-B5ED-B20C722F02C1}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{0A97C4F6-CDF7-41C0-95F1-07539F0DCE11}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | 
"TCP Query User{74D628BF-3AF5-4B0A-A358-3C188789B088}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BEFFA63D-A125-42CB-8167-CE0E91FE1771}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{DAD96FD6-CBB6-4DCA-9AB2-FF98A17B330F}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{14A75411-BEEB-455B-B833-CD2A770B1E0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{488D551D-D2FA-462C-8FAC-06925F941D1E}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{E0983026-D74D-4FAD-AA89-B752352506CB}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | 
"UDP Query User{FDDD45BF-262A-4B66-B27F-DE94A77AAC5A}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0AAE6279-45D3-4E87-A8C5-0E6F29BC2C32}" = VAIO Content Importer  VAIO Content Exporter
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = 
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{6473B3D0-B05C-4D2F-A7EC-BECB512FCB14}" = EmptyInstaller2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"qmiwo" = Favorit
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.03.2013 20:41:21 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error - 07.03.2013 20:41:36 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.03.2013 20:41:36 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32152
 
Error - 07.03.2013 20:41:37 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32152
 
Error - 08.03.2013 08:24:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.03.2013 08:24:08 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585
 
Error - 08.03.2013 08:24:08 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585
 
Error - 08.03.2013 12:32:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.03.2013 12:32:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14895022
 
Error - 08.03.2013 12:32:07 | Computer Name = Kim | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14895022
 
[ OSession Events ]
Error - 14.11.2011 06:22:47 | Computer Name = Kim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.01.2012 06:02:19 | Computer Name = Kim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.03.2013 19:50:56 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 06.03.2013 06:46:31 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 06.03.2013 13:12:14 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 06.03.2013 15:39:37 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 07.03.2013 05:40:25 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 07.03.2013 08:09:07 | Computer Name = Kim | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 08.03.2013 07:42:21 | Computer Name = Kim | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.03.2013 um 12:40:22 unerwartet heruntergefahren.
 
Error - 08.03.2013 07:43:41 | Computer Name = Kim | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.03.2013 08:00:24 | Computer Name = Kim | Source = DCOM | ID = 10010
Description = 
 
Error - 08.03.2013 12:32:26 | Computer Name = Kim | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4351&SUBSYS_8212104D&REV_16\4&dbe6b62&0&00E0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >
         
--- --- ---


Ich sehe grad das sich noch ein Editor Fenster geöffnet hat,das meintest du wahrscheinlich mich 2 Logfiles...

Hier noch das 2.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.03.2013 17:57:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dirk\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,45 Mb Total Physical Memory | 210,25 Mb Available Physical Memory | 20,75% Memory free
2,24 Gb Paging File | 1,01 Gb Available in Paging File | 45,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,85 Gb Total Space | 35,67 Gb Free Space | 42,55% Space Free | Partition Type: NTFS
 
Computer Name: KIM | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dirk\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Windows\System32\hccutils.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe ()
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}
IE - HKLM\..\SearchScopes\{47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=05f47d86-239e-4a66-928f-80b6a9c940e8&apn_sauid=9F85E6BD-1958-400F-966F-8F5A8C8AF79D
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{9F2360B4-CD6B-4DB5-BA2E-03753F97F4BA}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{B1472057-0DB3-440B-9B9E-1C205D913293}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{C60E9CA9-DC95-4911-840D-D3049A6DE62B}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{D579859A-5EFF-412D-BDAC-C090F7664935}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{DAFB0E34-2AC5-4BE6-AB6D-17E7D26265D7}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\SearchScopes\{E6539B18-4B8F-470D-ADE7-4B28112F5FAB}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-845676866-838732798-2609836163-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "WEB.DE Suche"
FF - prefs.js..browser.search.order.2: "amazon.de"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 01:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 01:07:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 01:08:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 01:07:52 | 000,000,000 | ---D | M]
 
[2009.03.04 20:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions
[2009.03.04 20:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013.02.23 22:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\oywb3tlb.default\extensions
[2013.01.30 20:39:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\oywb3tlb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.12.11 16:36:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2010.02.16 17:44:01 | 000,005,591 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\1und1-suche.xml
[2010.02.16 17:43:58 | 000,001,371 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\amazonde.xml
[2012.07.30 12:52:07 | 000,002,324 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\askcom.xml
[2010.02.16 17:43:58 | 000,010,605 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\gmx-suche.xml
[2013.03.03 15:06:29 | 000,000,944 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\icqplugin.xml
[2009.03.12 15:37:38 | 000,001,632 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\live-search.xml
[2011.04.05 20:57:08 | 000,001,420 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\preisvergleich.xml
[2009.07.18 22:44:07 | 000,003,915 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\sweetim.xml
[2010.02.16 17:43:58 | 000,005,588 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\oywb3tlb.default\searchplugins\webde-suche.xml
[2013.03.08 01:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.03.08 01:07:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.03.08 01:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.08 01:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.08 01:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2009.09.01 23:21:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.03.08 01:08:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-845676866-838732798-2609836163-1003..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-845676866-838732798-2609836163-1003..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O7 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-845676866-838732798-2609836163-1003\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75150A78-C350-47D0-A029-3EEC5D8DD586}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.08 17:53:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2013.03.08 01:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.27 13:08:23 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Documents\Meine Scans
[2013.02.23 22:31:03 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Printer Info Cache
[2013.02.23 22:31:02 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Image Zone Express
[2013.02.23 21:58:06 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.23 21:57:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.23 21:57:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.23 21:57:32 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.23 19:43:04 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\Meine Scans
[2013.02.23 19:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013.02.23 19:14:30 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\HP
[2013.02.23 19:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013.02.23 19:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.02.23 19:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2013.02.23 19:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2013.02.23 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2013.02.23 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.02.23 18:52:37 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013.02.23 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.02.23 18:42:55 | 000,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiav1.dll
[2013.02.23 18:42:55 | 000,573,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl1.dll
[2013.02.23 18:42:55 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll
[2013.02.23 18:42:55 | 000,258,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2013.02.21 16:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.21 16:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.21 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.21 16:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.14 15:36:40 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 15:35:09 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.02.14 15:35:09 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 15:35:09 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.02.14 15:35:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.02.14 15:35:08 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 15:35:08 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 15:35:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 15:35:07 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 15:35:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.02.14 15:35:02 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.14 15:34:46 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.14 15:34:45 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.08 16:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.08 18:00:18 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job
[2013.03.08 17:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.08 17:53:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2013.03.08 17:39:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.08 17:32:48 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.08 17:32:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 17:32:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 17:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.08 12:42:14 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.07 01:03:57 | 000,001,652 | ---- | M] () -- C:\Users\Dirk\Desktop\Disk Cleanup.lnk
[2013.02.27 11:57:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 11:57:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.26 18:11:21 | 000,014,220 | ---- | M] () -- C:\Users\Dirk\Documents\Absageschreiben Kindergeldkasse.odt
[2013.02.24 13:22:37 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.23 21:57:15 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.23 21:57:12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.23 21:57:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.23 21:57:11 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.02.23 21:57:11 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.23 21:57:11 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.23 19:25:48 | 000,000,000 | ---- | M] () -- C:\Windows\hpqEmlSz.INI
[2013.02.23 19:16:31 | 000,164,310 | ---- | M] () -- C:\Windows\hpoins19.dat
[2013.02.23 19:13:13 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2013.02.23 19:12:13 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2013.02.23 19:07:47 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.02.23 19:05:46 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.02.21 16:54:08 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.14 16:15:02 | 000,322,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.14 15:53:21 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.14 15:53:21 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.14 15:53:21 | 000,150,754 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.14 15:53:21 | 000,122,560 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.03.07 01:03:57 | 000,001,652 | ---- | C] () -- C:\Users\Dirk\Desktop\Disk Cleanup.lnk
[2013.02.23 19:25:48 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2013.02.23 19:13:13 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2013.02.23 19:12:36 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2013.02.23 19:12:13 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2013.02.23 19:07:47 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.02.23 19:05:46 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.02.23 18:43:30 | 000,164,310 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013.02.23 18:42:50 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013.02.21 16:54:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009.06.09 00:33:36 | 000,322,036 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo_nav.dat
[2009.06.09 00:33:06 | 000,002,986 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo.dat
[2009.06.09 00:33:06 | 000,000,332 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo_navps.dat
[2009.06.09 00:33:06 | 000,000,087 | ---- | C] () -- C:\Users\Dirk\AppData\Local\qmiwo.bat
[2009.04.15 18:55:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.01.30 13:36:10 | 000,000,680 | ---- | C] () -- C:\Users\Dirk\AppData\Local\d3d9caps.dat
[2008.04.24 09:04:07 | 000,178,579 | ---- | C] () -- C:\Users\Dirk\AppData\Roaming\UserTile.png
[2008.03.16 22:10:55 | 000,010,240 | ---- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---
__________________

Alt 08.03.2013, 19:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Email - Standard

Groupon Email



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2013, 19:58   #5
Kim1988
 
Groupon Email - Standard

Groupon Email



Also GMER ist 2 mal abgestürzt

Wollte jetzt Malwarebytes Laden aber weiß nicht so richtig was in der Anleitung mit entpacken gemeint ist. Wie mache ich das?

Also wenn ich auf Update klicke bekomm ich die Meldung failed: Host Not found


Geändert von Kim1988 (08.03.2013 um 20:07 Uhr) Grund: Hab das entpacken hinbekommen mache jetzt weiter und poste dann...

Alt 08.03.2013, 20:20   #6
Kim1988
 
Groupon Email - Standard

Groupon Email



Hab im Anhang mal ein Foto gemacht. Ist glaub ich praktischer
Miniaturansicht angehängter Grafiken
Groupon Email-image.jpg  

Alt 08.03.2013, 20:43   #7
Kim1988
 
Groupon Email - Rotes Gesicht

Groupon Email



Ich war nicht mit dem Internet verbunden jetzt funktioniert es

Alt 08.03.2013, 21:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Email - Standard

Groupon Email



Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2013, 21:29   #9
Kim1988
 
Groupon Email - Standard

Groupon Email



Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.08.15

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Dirk :: KIM [administrator]

08.03.2013 20:54:43
mbar-log-2013-03-08 (20-54-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27610
Time elapsed: 11 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Delete on reboot.
HKLM\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Dirk\Downloads\flash_player_updater.exe (Malware.Packer.SGX2) -> Delete on reboot.

(end)

Sorry hatte vergessen als Code Tag. Hier nochmal richtig:


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.08.15

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Dirk :: KIM [administrator]

08.03.2013 20:54:43
mbar-log-2013-03-08 (20-54-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27610
Time elapsed: 11 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Delete on reboot.
HKLM\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Dirk\Downloads\flash_player_updater.exe (Malware.Packer.SGX2) -> Delete on reboot.

(end)
         

Alt 08.03.2013, 23:42   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Email - Standard

Groupon Email



Probier bitte nochmal GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.03.2013, 02:40   #11
Kim1988
 
Groupon Email - Standard

Groupon Email



Hat funktioniert. Hier die Logfile



Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-09 02:36:56
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 TOSHIBA_MK1034GSX rev.AH201A 93,16GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Dirk\AppData\Local\Temp\pxldqpow.sys


---- System - GMER 2.1 ----

SSDT    88208C5E                                       ZwCreateSection
SSDT    88208C68                                       ZwRequestWaitReplyPort
SSDT    88208C63                                       ZwSetContextThread
SSDT    88208C6D                                       ZwSetSecurityObject
SSDT    88208C72                                       ZwSystemDebugControl
SSDT    88208BFF                                       ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!KeSetEvent + 215                  81EB08D8 4 Bytes  [5E, 8C, 20, 88]
.text   ntkrnlpa.exe!KeSetEvent + 539                  81EB0BFC 4 Bytes  [68, 8C, 20, 88]
.text   ntkrnlpa.exe!KeSetEvent + 56D                  81EB0C30 4 Bytes  [63, 8C, 20, 88]
.text   ntkrnlpa.exe!KeSetEvent + 5D1                  81EB0C94 4 Bytes  [6D, 8C, 20, 88]
.text   ntkrnlpa.exe!KeSetEvent + 619                  81EB0CDC 4 Bytes  [72, 8C, 20, 88]
.text   ...                                            

---- Devices - GMER 2.1 ----

Device  \Driver\ti21sony \Device\Dev_ffffffff856c6c60  8489B0DC
Device  \Driver\atapi \Device\Dev_ffffffff8430fb98     84953140
Device  \Driver\ti21sony \Device\Dev_ffffffff8562e968  8489B0DC

---- Modules - GMER 2.1 ----

Module  (noname) (*** hidden *** )                     84869000-84935000 (835584 bytes)    
Module  (noname) (*** hidden *** )                     8493D000-8495B000 (122880 bytes)    
Module  (noname) (*** hidden *** )                     84935000-8493D000 (32768 bytes)     

---- EOF - GMER 2.1 ----
         

Alt 10.03.2013, 15:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Email - Standard

Groupon Email



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.03.2013, 17:59   #13
Kim1988
 
Groupon Email - Standard

Groupon Email



Das sind die Logfiles aswMBR.exe

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 17:27:47
-----------------------------
17:27:47.874    OS Version: Windows 6.0.6002 Service Pack 2
17:27:47.874    Number of processors: 2 586 0xF02
17:27:47.874    ComputerName: KIM  UserName: 
17:28:09.995    Initialize success
17:30:55.654    AVAST engine defs: 13031000
17:31:19.678    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
17:31:19.694    Disk 0 Vendor: TOSHIBA_MK1034GSX AH201A Size: 95396MB BusType: 3
17:31:19.694    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000005e
17:31:19.694    Disk 1 Vendor: (  Size: 95396MB BusType: 0
17:31:19.694    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000005f
17:31:19.694    Disk 2 Vendor: (  Size: 95396MB BusType: 0
17:31:19.756    Disk 0 MBR read successfully
17:31:19.756    Disk 0 MBR scan
17:31:19.865    Disk 0 Windows VISTA default MBR code
17:31:19.881    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9536 MB offset 2048
17:31:19.912    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        85858 MB offset 19531776
17:31:19.959    Disk 0 scanning sectors +195369520
17:31:20.193    Disk 0 scanning C:\Windows\system32\drivers
17:31:58.429    Service scanning
17:32:49.971    Modules scanning
17:33:52.527    Disk 0 trace - called modules:
17:33:52.621    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys 
17:33:52.621    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84973ac8]
17:33:52.621    3 CLASSPNP.SYS[863ac8b3] -> nt!IofCallDriver -> [0x8430d328]
17:33:52.636    5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8430fb98]
17:33:53.011    AVAST engine scan C:\Windows
17:34:20.857    AVAST engine scan C:\Windows\system32
17:39:15.400    AVAST engine scan C:\Windows\system32\drivers
17:39:55.196    AVAST engine scan C:\Users\Dirk
17:48:37.464    AVAST engine scan C:\ProgramData
17:53:30.901    Scan finished successfully
17:56:40.847    Disk 0 MBR has been saved successfully to "C:\Users\Dirk\Desktop\MBR.dat"
17:56:40.847    The log file has been saved successfully to "C:\Users\Dirk\Desktop\aswMBR.txt"
         
Der Scan von TDSSKiller ist fertig. Ich weiß jetzt aber nicht wie ich die logfiles speichern soll...
Es wurden 153 threats gefunden,hinter jedem steht skip. Und ganz unten continue,wie speicher ich das jetzt?

Die Logfiles habe ich jetzt gefunden=) Aber ich kann sie nicht in einem Posten,da sie zu lang sind,sagt Trojaner Board.

Ich poste sie jetzt aufgeteilt.

Hier der erste Abschnitt:

Code:
ATTFilter
18:05:11.0878 0888  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:05:12.0206 0888  ============================================================
18:05:12.0206 0888  Current date / time: 2013/03/10 18:05:12.0206
18:05:12.0206 0888  SystemInfo:
18:05:12.0206 0888  
18:05:12.0206 0888  OS Version: 6.0.6002 ServicePack: 2.0
18:05:12.0206 0888  Product type: Workstation
18:05:12.0206 0888  ComputerName: KIM
18:05:12.0206 0888  UserName: Dirk
18:05:12.0206 0888  Windows directory: C:\Windows
18:05:12.0206 0888  System windows directory: C:\Windows
18:05:12.0206 0888  Processor architecture: Intel x86
18:05:12.0206 0888  Number of processors: 2
18:05:12.0206 0888  Page size: 0x1000
18:05:12.0206 0888  Boot type: Normal boot
18:05:12.0206 0888  ============================================================
18:05:13.0984 0888  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:05:14.0015 0888  ============================================================
18:05:14.0015 0888  \Device\Harddisk0\DR0:
18:05:14.0047 0888  MBR partitions:
18:05:14.0047 0888  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A0800, BlocksNum 0xA7B1230
18:05:14.0047 0888  ============================================================
18:05:14.0125 0888  C: <-> \Device\Harddisk0\DR0\Partition1
18:05:14.0187 0888  ============================================================
18:05:14.0187 0888  Initialize success
18:05:14.0187 0888  ============================================================
18:05:44.0014 5312  ============================================================
18:05:44.0014 5312  Scan started
18:05:44.0014 5312  Mode: Manual; SigCheck; TDLFS; 
18:05:44.0014 5312  ============================================================
18:05:44.0498 5312  ================ Scan system memory ========================
18:05:44.0498 5312  System memory - ok
18:05:44.0498 5312  ================ Scan services =============================
18:05:44.0638 5312  [ 1C46DB7455C8BAA1CDA105BE636EA2BD ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:05:44.0669 5312  Suspicious file (Forged): C:\Windows\system32\drivers\acpi.sys. Real md5: 1C46DB7455C8BAA1CDA105BE636EA2BD, Fake md5: 82B296AE1892FE3DBEE00C9CF92F8AC7
18:05:44.0669 5312  ACPI ( ForgedFile.Multi.Generic ) - warning
18:05:44.0669 5312  ACPI - detected ForgedFile.Multi.Generic (1)
18:05:44.0794 5312  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:05:44.0950 5312  AdobeARMservice - ok
18:05:45.0028 5312  [ DBBDE6BC8995ABC5DBBD3C8874A6AA4C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:45.0028 5312  Suspicious file (Forged): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: DBBDE6BC8995ABC5DBBD3C8874A6AA4C, Fake md5: 9942DC4CC265CDA00486504444EF521D
18:05:45.0028 5312  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - warning
18:05:45.0028 5312  AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic (1)
18:05:45.0059 5312  [ 180296C9364B330492245C6A906DFD21 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:05:45.0075 5312  Suspicious file (Forged): C:\Windows\system32\drivers\adp94xx.sys. Real md5: 180296C9364B330492245C6A906DFD21, Fake md5: 2EDC5BBAC6C651ECE337BDE8ED97C9FB
18:05:45.0091 5312  adp94xx ( ForgedFile.Multi.Generic ) - warning
18:05:45.0091 5312  adp94xx - detected ForgedFile.Multi.Generic (1)
18:05:45.0091 5312  [ F583BF71EEBE44D9D68EE1E2C95FA182 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:05:45.0122 5312  Suspicious file (Forged): C:\Windows\system32\drivers\adpahci.sys. Real md5: F583BF71EEBE44D9D68EE1E2C95FA182, Fake md5: B84088CA3CDCA97DA44A984C6CE1CCAD
18:05:45.0122 5312  adpahci ( ForgedFile.Multi.Generic ) - warning
18:05:45.0122 5312  adpahci - detected ForgedFile.Multi.Generic (1)
18:05:45.0137 5312  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:05:45.0153 5312  adpu160m - ok
18:05:45.0169 5312  [ 6B6E34A9C063B2F426C4C635B6A224BE ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:05:45.0184 5312  Suspicious file (Forged): C:\Windows\system32\drivers\adpu320.sys. Real md5: 6B6E34A9C063B2F426C4C635B6A224BE, Fake md5: 9AE713F8E30EFC2ABCCD84904333DF4D
18:05:45.0184 5312  adpu320 ( ForgedFile.Multi.Generic ) - warning
18:05:45.0184 5312  adpu320 - detected ForgedFile.Multi.Generic (1)
18:05:45.0231 5312  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:05:45.0590 5312  AeLookupSvc - ok
18:05:45.0637 5312  [ C9C34C252C2DE3DCAB88D01562FDB965 ] AFD             C:\Windows\system32\drivers\afd.sys
18:05:45.0668 5312  Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: C9C34C252C2DE3DCAB88D01562FDB965, Fake md5: 3911B972B55FEA0478476B2E777B29FA
18:05:45.0668 5312  AFD ( ForgedFile.Multi.Generic ) - warning
18:05:45.0668 5312  AFD - detected ForgedFile.Multi.Generic (1)
18:05:45.0715 5312  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:05:45.0730 5312  agp440 - ok
18:05:45.0777 5312  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:05:45.0793 5312  aic78xx - ok
18:05:45.0824 5312  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
18:05:45.0980 5312  ALG - ok
18:05:45.0995 5312  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:05:46.0011 5312  aliide - ok
18:05:46.0058 5312  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:05:46.0073 5312  amdagp - ok
18:05:46.0089 5312  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
18:05:46.0105 5312  amdide - ok
18:05:46.0136 5312  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:05:46.0432 5312  AmdK7 - ok
18:05:46.0463 5312  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:05:46.0557 5312  AmdK8 - ok
18:05:46.0666 5312  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:05:46.0713 5312  AntiVirSchedulerService - ok
18:05:46.0744 5312  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:05:46.0760 5312  AntiVirService - ok
18:05:46.0807 5312  [ 370197CD43319BA40CCE4FC6DDF047B7 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
18:05:46.0822 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\Apfiltr.sys. Real md5: 370197CD43319BA40CCE4FC6DDF047B7, Fake md5: 7C2F57BCE81FA74933F0E1C84A97C9DB
18:05:46.0822 5312  ApfiltrService ( ForgedFile.Multi.Generic ) - warning
18:05:46.0822 5312  ApfiltrService - detected ForgedFile.Multi.Generic (1)
18:05:46.0869 5312  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
18:05:46.0947 5312  Appinfo - ok
18:05:47.0243 5312  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:05:47.0259 5312  Apple Mobile Device - ok
18:05:47.0306 5312  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
18:05:47.0321 5312  arc - ok
18:05:47.0353 5312  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:05:47.0368 5312  arcsas - ok
18:05:47.0415 5312  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:47.0493 5312  AsyncMac - ok
18:05:47.0540 5312  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:05:47.0555 5312  atapi - ok
18:05:47.0602 5312  [ 13673718FB38F2049FFA8E23CB5B9D82 ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:05:47.0649 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\athr.sys. Real md5: 13673718FB38F2049FFA8E23CB5B9D82, Fake md5: 7FA516FC81DD5931F389B56279A27A3E
18:05:47.0649 5312  athr ( ForgedFile.Multi.Generic ) - warning
18:05:47.0649 5312  athr - detected ForgedFile.Multi.Generic (1)
18:05:47.0696 5312  [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:47.0711 5312  Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:05:47.0711 5312  AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - warning
18:05:47.0711 5312  AudioEndpointBuilder - detected ForgedFile.Multi.Generic (1)
18:05:47.0727 5312  [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:05:47.0727 5312  Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:05:47.0727 5312  Audiosrv ( ForgedFile.Multi.Generic ) - warning
18:05:47.0727 5312  Audiosrv - detected ForgedFile.Multi.Generic (1)
18:05:47.0774 5312  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:05:47.0821 5312  avgntflt - ok
18:05:47.0836 5312  [ 56E83EEDA5468D29B74B14F4CCCC27F2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:05:47.0867 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\avipbb.sys. Real md5: 56E83EEDA5468D29B74B14F4CCCC27F2, Fake md5: 37B854C7D1F477E66C5B49C7700C47CC
18:05:47.0867 5312  avipbb ( ForgedFile.Multi.Generic ) - warning
18:05:47.0867 5312  avipbb - detected ForgedFile.Multi.Generic (1)
18:05:47.0899 5312  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:05:47.0914 5312  avkmgr - ok
18:05:47.0977 5312  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:05:48.0055 5312  Beep - ok
18:05:48.0101 5312  [ 4F99C5E39834F98AD426DCE8F4FD50EA ] BFE             C:\Windows\System32\bfe.dll
18:05:48.0117 5312  Suspicious file (Forged): C:\Windows\System32\bfe.dll. Real md5: 4F99C5E39834F98AD426DCE8F4FD50EA, Fake md5: C789AF0F724FDA5852FB9A7D3A432381
18:05:48.0117 5312  BFE ( ForgedFile.Multi.Generic ) - warning
18:05:48.0117 5312  BFE - detected ForgedFile.Multi.Generic (1)
18:05:48.0164 5312  [ 2C17A8F1C97593B30DA4771F66B9D9FA ] BITS            C:\Windows\System32\qmgr.dll
18:05:48.0211 5312  Suspicious file (Forged): C:\Windows\System32\qmgr.dll. Real md5: 2C17A8F1C97593B30DA4771F66B9D9FA, Fake md5: 93952506C6D67330367F7E7934B6A02F
18:05:48.0226 5312  BITS ( ForgedFile.Multi.Generic ) - warning
18:05:48.0226 5312  BITS - detected ForgedFile.Multi.Generic (1)
18:05:48.0226 5312  blbdrive - ok
18:05:48.0304 5312  [ 55F1E1F0CCF431207DCBCFE3668E5187 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:05:48.0351 5312  Suspicious file (Forged): C:\Program Files\Bonjour\mDNSResponder.exe. Real md5: 55F1E1F0CCF431207DCBCFE3668E5187, Fake md5: DB5BEA73EDAF19AC68B2C0FAD0F92B1A
18:05:48.0351 5312  Bonjour Service ( ForgedFile.Multi.Generic ) - warning
18:05:48.0351 5312  Bonjour Service - detected ForgedFile.Multi.Generic (1)
18:05:48.0382 5312  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:05:48.0460 5312  bowser - ok
18:05:48.0507 5312  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:05:48.0538 5312  BrFiltLo - ok
18:05:48.0569 5312  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:05:48.0632 5312  BrFiltUp - ok
18:05:48.0679 5312  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
18:05:48.0741 5312  Browser - ok
18:05:48.0772 5312  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:05:48.0835 5312  Brserid - ok
18:05:48.0881 5312  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:05:48.0944 5312  BrSerWdm - ok
18:05:48.0959 5312  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:05:49.0037 5312  BrUsbMdm - ok
18:05:49.0115 5312  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:05:49.0193 5312  BrUsbSer - ok
18:05:49.0225 5312  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:05:49.0271 5312  BTHMODEM - ok
18:05:49.0365 5312  [ 088C0978203D59425A12B2A53FCCD02B ] camfilt2        C:\Windows\system32\DRIVERS\camfilt2.sys
18:05:49.0427 5312  camfilt2 - ok
18:05:49.0459 5312  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:05:49.0552 5312  cdfs - ok
18:05:49.0615 5312  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:05:49.0677 5312  cdrom - ok
18:05:49.0739 5312  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:05:49.0786 5312  CertPropSvc - ok
18:05:49.0802 5312  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:05:49.0895 5312  circlass - ok
18:05:49.0927 5312  [ B3C3AFFC37D0BCDA8084B0427DEB9201 ] CLFS            C:\Windows\system32\CLFS.sys
18:05:49.0958 5312  Suspicious file (Forged): C:\Windows\system32\CLFS.sys. Real md5: B3C3AFFC37D0BCDA8084B0427DEB9201, Fake md5: D7659D3B5B92C31E84E53C1431F35132
18:05:49.0958 5312  CLFS ( ForgedFile.Multi.Generic ) - warning
18:05:49.0958 5312  CLFS - detected ForgedFile.Multi.Generic (1)
18:05:50.0473 5312  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:50.0551 5312  clr_optimization_v2.0.50727_32 - ok
18:05:51.0331 5312  [ B89B6C8262ACA6654AF4C5C96B00EAD4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:51.0440 5312  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe. Real md5: B89B6C8262ACA6654AF4C5C96B00EAD4, Fake md5: C5A75EB48E2344ABDC162BDA79E16841
18:05:51.0440 5312  clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - warning
18:05:51.0440 5312  clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.Generic (1)
18:05:51.0487 5312  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:05:51.0549 5312  CmBatt - ok
18:05:51.0580 5312  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:05:51.0611 5312  cmdide - ok
18:05:51.0643 5312  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:05:51.0674 5312  Compbatt - ok
18:05:51.0674 5312  COMSysApp - ok
18:05:51.0689 5312  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:05:51.0705 5312  crcdisk - ok
18:05:51.0736 5312  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:05:51.0830 5312  Crusoe - ok
18:05:51.0861 5312  [ FD4F06A4D4B35CD18DBE7AE5932BD2BC ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:05:51.0892 5312  Suspicious file (Forged): C:\Windows\system32\cryptsvc.dll. Real md5: FD4F06A4D4B35CD18DBE7AE5932BD2BC, Fake md5: F1E8C34892336D33EDDCDFE44E474F64
18:05:51.0892 5312  CryptSvc ( ForgedFile.Multi.Generic ) - warning
18:05:51.0892 5312  CryptSvc - detected ForgedFile.Multi.Generic (1)
18:05:51.0923 5312  [ 6621476E1926167313D0FE6E95E98E7F ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:05:51.0970 5312  Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:05:51.0970 5312  DcomLaunch ( ForgedFile.Multi.Generic ) - warning
18:05:51.0970 5312  DcomLaunch - detected ForgedFile.Multi.Generic (1)
18:05:52.0001 5312  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:05:52.0079 5312  DfsC - ok
18:05:52.0126 5312  [ E64B47ECCBA21C3EB9167C21EF8DFCD6 ] DFSR            C:\Windows\system32\DFSR.exe
18:05:52.0235 5312  Suspicious file (Forged): C:\Windows\system32\DFSR.exe. Real md5: E64B47ECCBA21C3EB9167C21EF8DFCD6, Fake md5: 2CC3DCFB533A1035B13DCAB6160AB38B
18:05:52.0251 5312  DFSR ( ForgedFile.Multi.Generic ) - warning
18:05:52.0251 5312  DFSR - detected ForgedFile.Multi.Generic (1)
18:05:52.0313 5312  [ BEE7BF9A9BC8EECF0DAB06823333EB71 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:05:52.0329 5312  Suspicious file (Forged): C:\Windows\System32\dhcpcsvc.dll. Real md5: BEE7BF9A9BC8EECF0DAB06823333EB71, Fake md5: 9028559C132146FB75EB7ACF384B086A
18:05:52.0329 5312  Dhcp ( ForgedFile.Multi.Generic ) - warning
18:05:52.0329 5312  Dhcp - detected ForgedFile.Multi.Generic (1)
18:05:52.0391 5312  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
18:05:52.0423 5312  disk - ok
18:05:52.0454 5312  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
18:05:52.0469 5312  DMICall - ok
18:05:52.0501 5312  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:05:52.0563 5312  Dnscache - ok
18:05:52.0579 5312  [ 5602860034ED703E783E0AD7DDA6F685 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:05:52.0610 5312  Suspicious file (Forged): C:\Windows\System32\dot3svc.dll. Real md5: 5602860034ED703E783E0AD7DDA6F685, Fake md5: 324FD74686B1EF5E7C19A8AF49E748F6
18:05:52.0610 5312  dot3svc ( ForgedFile.Multi.Generic ) - warning
18:05:52.0610 5312  dot3svc - detected ForgedFile.Multi.Generic (1)
18:05:52.0641 5312  [ 310D59BD6E8CDC0F2000AF2010679936 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
18:05:52.0672 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\Dot4.sys. Real md5: 310D59BD6E8CDC0F2000AF2010679936, Fake md5: 4F59C172C094E1A1D46463A8DC061CBD
18:05:52.0672 5312  Dot4 ( ForgedFile.Multi.Generic ) - warning
18:05:52.0672 5312  Dot4 - detected ForgedFile.Multi.Generic (1)
18:05:52.0719 5312  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:05:52.0766 5312  Dot4Print - ok
18:05:52.0797 5312  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
18:05:52.0859 5312  dot4usb - ok
18:05:52.0891 5312  [ D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE ] DPS             C:\Windows\system32\dps.dll
18:05:52.0922 5312  Suspicious file (Forged): C:\Windows\system32\dps.dll. Real md5: D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, Fake md5: A622E888F8AA2F6B49E9BC466F0E5DEF
18:05:52.0922 5312  DPS ( ForgedFile.Multi.Generic ) - warning
18:05:52.0922 5312  DPS - detected ForgedFile.Multi.Generic (1)
18:05:52.0969 5312  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:05:53.0015 5312  drmkaud - ok
18:05:53.0031 5312  [ BF43DE3D7B7AD1DB3D14B6F6B0168FF4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:05:53.0093 5312  Suspicious file (Forged): C:\Windows\System32\drivers\dxgkrnl.sys. Real md5: BF43DE3D7B7AD1DB3D14B6F6B0168FF4, Fake md5: C68AC676B0EF30CFBB1080ADCE49EB1F
18:05:53.0093 5312  DXGKrnl ( ForgedFile.Multi.Generic ) - warning
18:05:53.0093 5312  DXGKrnl - detected ForgedFile.Multi.Generic (1)
18:05:53.0125 5312  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:05:53.0187 5312  E1G60 - ok
18:05:53.0327 5312  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
18:05:53.0390 5312  EapHost - ok
18:05:53.0421 5312  [ EB7BB3F702D7B9FA17F02902A26D3102 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:05:53.0452 5312  Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: EB7BB3F702D7B9FA17F02902A26D3102, Fake md5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371
18:05:53.0452 5312  Ecache ( ForgedFile.Multi.Generic ) - warning
18:05:53.0452 5312  Ecache - detected ForgedFile.Multi.Generic (1)
18:05:53.0483 5312  [ A663C89B95F6C823BE98E1A0C23149A1 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:05:53.0515 5312  Suspicious file (Forged): C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys. Real md5: A663C89B95F6C823BE98E1A0C23149A1, Fake md5: E89CC1363CB7F5320AE3B41C1333D0C3
18:05:53.0515 5312  eeCtrl ( ForgedFile.Multi.Generic ) - warning
18:05:53.0515 5312  eeCtrl - detected ForgedFile.Multi.Generic (1)
18:05:53.0561 5312  [ 8BC25F382CE1C37F3462184FD1D8030C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:05:53.0608 5312  Suspicious file (Forged): C:\Windows\ehome\ehRecvr.exe. Real md5: 8BC25F382CE1C37F3462184FD1D8030C, Fake md5: 9BE3744D295A7701EB425332014F0797
18:05:53.0608 5312  ehRecvr ( ForgedFile.Multi.Generic ) - warning
18:05:53.0608 5312  ehRecvr - detected ForgedFile.Multi.Generic (1)
18:05:53.0624 5312  [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] ehSched         C:\Windows\ehome\ehsched.exe
18:05:53.0639 5312  Suspicious file (Forged): C:\Windows\ehome\ehsched.exe. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: AD1870C8E5D6DD340C829E6074BF3C3F
18:05:53.0639 5312  ehSched ( ForgedFile.Multi.Generic ) - warning
18:05:53.0639 5312  ehSched - detected ForgedFile.Multi.Generic (1)
18:05:53.0655 5312  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
18:05:53.0702 5312  ehstart - ok
18:05:53.0733 5312  [ A673FE699A92D5D8543D5169B998866B ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:05:53.0764 5312  Suspicious file (Forged): C:\Windows\system32\drivers\elxstor.sys. Real md5: A673FE699A92D5D8543D5169B998866B, Fake md5: E8F3F21A71720C84BCF423B80028359F
18:05:53.0764 5312  elxstor ( ForgedFile.Multi.Generic ) - warning
18:05:53.0764 5312  elxstor - detected ForgedFile.Multi.Generic (1)
18:05:53.0795 5312  [ 05724A298F2FCAF5F4711D153600379A ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:05:53.0842 5312  Suspicious file (Forged): C:\Windows\system32\emdmgmt.dll. Real md5: 05724A298F2FCAF5F4711D153600379A, Fake md5: 4E6B23DFC917EA39306B529B773950F4
18:05:53.0842 5312  EMDMgmt ( ForgedFile.Multi.Generic ) - warning
18:05:53.0842 5312  EMDMgmt - detected ForgedFile.Multi.Generic (1)
18:05:53.0873 5312  [ 4A37B2EBCE76601F28E88E24E62AE715 ] EventSystem     C:\Windows\system32\es.dll
18:05:53.0905 5312  Suspicious file (Forged): C:\Windows\system32\es.dll. Real md5: 4A37B2EBCE76601F28E88E24E62AE715, Fake md5: 67058C46504BC12D821F38CF99B7B28F
18:05:53.0905 5312  EventSystem ( ForgedFile.Multi.Generic ) - warning
18:05:53.0905 5312  EventSystem - detected ForgedFile.Multi.Generic (1)
18:05:53.0951 5312  [ DD5448BF498735A4AF29D9B7A08BAA98 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:05:53.0967 5312  Suspicious file (Forged): C:\Windows\system32\drivers\exfat.sys. Real md5: DD5448BF498735A4AF29D9B7A08BAA98, Fake md5: 22B408651F9123527BCEE54B4F6C5CAE
18:05:53.0967 5312  exfat ( ForgedFile.Multi.Generic ) - warning
18:05:53.0967 5312  exfat - detected ForgedFile.Multi.Generic (1)
18:05:53.0998 5312  [ 31478AB932E13E1C1D7B15EA886D4753 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:05:54.0014 5312  Suspicious file (Forged): C:\Windows\system32\drivers\fastfat.sys. Real md5: 31478AB932E13E1C1D7B15EA886D4753, Fake md5: 1E9B9A70D332103C52995E957DC09EF8
18:05:54.0014 5312  fastfat ( ForgedFile.Multi.Generic ) - warning
18:05:54.0014 5312  fastfat - detected ForgedFile.Multi.Generic (1)
18:05:54.0061 5312  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:05:54.0123 5312  fdc - ok
18:05:54.0170 5312  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:05:54.0263 5312  fdPHost - ok
18:05:54.0295 5312  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:05:54.0373 5312  FDResPub - ok
18:05:54.0435 5312  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:05:54.0482 5312  FileInfo - ok
18:05:54.0513 5312  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:05:54.0560 5312  Filetrace - ok
18:05:54.0607 5312  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:05:54.0700 5312  flpydisk - ok
18:05:54.0716 5312  [ 2538353A92BCA8ABF5E0765C025845A0 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:05:54.0747 5312  Suspicious file (Forged): C:\Windows\system32\drivers\fltmgr.sys. Real md5: 2538353A92BCA8ABF5E0765C025845A0, Fake md5: 01334F9EA68E6877C4EF05D3EA8ABB05
18:05:54.0747 5312  FltMgr ( ForgedFile.Multi.Generic ) - warning
18:05:54.0747 5312  FltMgr - detected ForgedFile.Multi.Generic (1)
18:05:54.0794 5312  [ 6F9F3DBF97422A2B4F71F15602830D65 ] FontCache       C:\Windows\system32\FntCache.dll
18:05:54.0841 5312  Suspicious file (Forged): C:\Windows\system32\FntCache.dll. Real md5: 6F9F3DBF97422A2B4F71F15602830D65, Fake md5: 8CE364388C8ECA59B14B539179276D44
18:05:54.0856 5312  FontCache ( ForgedFile.Multi.Generic ) - warning
18:05:54.0856 5312  FontCache - detected ForgedFile.Multi.Generic (1)
18:05:54.0934 5312  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:05:54.0965 5312  FontCache3.0.0.0 - ok
18:05:54.0997 5312  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:05:55.0153 5312  Fs_Rec - ok
18:05:55.0199 5312  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:05:55.0215 5312  gagp30kx - ok
18:05:55.0246 5312  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:05:55.0262 5312  GEARAspiWDM - ok
18:05:55.0293 5312  [ 709215724B53CA227C140AD2E45F321E ] gpsvc           C:\Windows\System32\gpsvc.dll
18:05:55.0324 5312  Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Real md5: 709215724B53CA227C140AD2E45F321E, Fake md5: CD5D0AEEE35DFD4E986A5AA1500A6E66
18:05:55.0324 5312  gpsvc ( ForgedFile.Multi.Generic ) - warning
18:05:55.0324 5312  gpsvc - detected ForgedFile.Multi.Generic (1)
18:05:55.0433 5312  [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:05:55.0465 5312  Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:05:55.0465 5312  gupdate ( ForgedFile.Multi.Generic ) - warning
18:05:55.0465 5312  gupdate - detected ForgedFile.Multi.Generic (1)
18:05:55.0480 5312  [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:05:55.0480 5312  Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:05:55.0480 5312  gupdatem ( ForgedFile.Multi.Generic ) - warning
18:05:55.0480 5312  gupdatem - detected ForgedFile.Multi.Generic (1)
18:05:55.0511 5312  [ 6C484169033372E257F146D913D603B7 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:55.0527 5312  Suspicious file (Forged): C:\Windows\system32\drivers\HdAudio.sys. Real md5: 6C484169033372E257F146D913D603B7, Fake md5: CB04C744BE0A61B1D648FAED182C3B59
18:05:55.0527 5312  HdAudAddService ( ForgedFile.Multi.Generic ) - warning
18:05:55.0527 5312  HdAudAddService - detected ForgedFile.Multi.Generic (1)
18:05:55.0558 5312  [ 7B0576051613B2B104C13014FE46280B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:05:55.0589 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HDAudBus.sys. Real md5: 7B0576051613B2B104C13014FE46280B, Fake md5: 062452B7FFD68C8C042A6261FE8DFF4A
18:05:55.0589 5312  HDAudBus ( ForgedFile.Multi.Generic ) - warning
18:05:55.0589 5312  HDAudBus - detected ForgedFile.Multi.Generic (1)
18:05:55.0605 5312  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:05:55.0855 5312  HidBth - ok
18:05:55.0901 5312  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:05:55.0995 5312  HidIr - ok
18:05:56.0042 5312  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
18:05:56.0104 5312  hidserv - ok
18:05:56.0151 5312  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:05:56.0276 5312  HidUsb - ok
18:05:56.0307 5312  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:05:56.0432 5312  hkmsvc - ok
18:05:56.0463 5312  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:05:56.0479 5312  HpCISSs - ok
18:05:56.0666 5312  [ 3E02DA96A403154487761734F342C2C9 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:05:56.0697 5312  Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: FCB563B0A23643E5F80B6FF1E60F610F
18:05:56.0713 5312  hpqcxs08 ( ForgedFile.Multi.Generic ) - warning
18:05:56.0713 5312  hpqcxs08 - detected ForgedFile.Multi.Generic (1)
18:05:56.0728 5312  [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:05:56.0728 5312  Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: 25E443E27165C652723A92D9BDFD4649
18:05:56.0728 5312  hpqddsvc ( ForgedFile.Multi.Generic ) - warning
18:05:56.0728 5312  hpqddsvc - detected ForgedFile.Multi.Generic (1)
18:05:56.0775 5312  [ C55ECAF5DAD25B1ACD51B5087DEBE629 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:05:56.0822 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_DPV.sys. Real md5: C55ECAF5DAD25B1ACD51B5087DEBE629, Fake md5: 53229DCF431D76434816CD29251168A0
18:05:56.0822 5312  HSF_DPV ( ForgedFile.Multi.Generic ) - warning
18:05:56.0822 5312  HSF_DPV - detected ForgedFile.Multi.Generic (1)
18:05:56.0822 5312  [ BDBCD7E0ED72601DD45C5773EBE77624 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:05:56.0853 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSXHWAZL.sys. Real md5: BDBCD7E0ED72601DD45C5773EBE77624, Fake md5: 31F949D452201F2F0AF0C88D7DB512CD
18:05:56.0853 5312  HSXHWAZL ( ForgedFile.Multi.Generic ) - warning
18:05:56.0853 5312  HSXHWAZL - detected ForgedFile.Multi.Generic (1)
18:05:56.0869 5312  [ 5D2F2BE05E2B89926F215648CB978659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:05:56.0900 5312  Suspicious file (Forged): C:\Windows\system32\drivers\HTTP.sys. Real md5: 5D2F2BE05E2B89926F215648CB978659, Fake md5: F870AA3E254628EBEAFE754108D664DE
18:05:56.0900 5312  HTTP ( ForgedFile.Multi.Generic ) - warning
18:05:56.0900 5312  HTTP - detected ForgedFile.Multi.Generic (1)
18:05:56.0947 5312  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:05:56.0962 5312  i2omp - ok
18:05:57.0025 5312  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:05:57.0181 5312  i8042prt - ok
18:05:57.0212 5312  [ 9DCF37FC5B8F3792267FDE48E9F4C977 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:05:57.0227 5312  Suspicious file (Forged): C:\Windows\system32\drivers\iastorv.sys. Real md5: 9DCF37FC5B8F3792267FDE48E9F4C977, Fake md5: C957BF4B5D80B46C5017BF0101E6C906
18:05:57.0227 5312  iaStorV ( ForgedFile.Multi.Generic ) - warning
18:05:57.0227 5312  iaStorV - detected ForgedFile.Multi.Generic (1)
18:05:57.0290 5312  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:05:57.0337 5312  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:05:57.0337 5312  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:05:57.0383 5312  [ 0CCB927A147D18781E9D1DB3C285B8D9 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:05:57.0446 5312  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 0CCB927A147D18781E9D1DB3C285B8D9, Fake md5: 98477B08E61945F974ED9FDC4CB6BDAB
18:05:57.0446 5312  idsvc ( ForgedFile.Multi.Generic ) - warning
18:05:57.0446 5312  idsvc - detected ForgedFile.Multi.Generic (1)
18:05:57.0477 5312  [ 3BE04D53EBE12B6027374781F8189DB9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:05:57.0539 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\igdkmd32.sys. Real md5: 3BE04D53EBE12B6027374781F8189DB9, Fake md5: A4FBA5B34E69E46315A7C5223A470A17
18:05:57.0555 5312  igfx ( ForgedFile.Multi.Generic ) - warning
18:05:57.0555 5312  igfx - detected ForgedFile.Multi.Generic (1)
18:05:57.0571 5312  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:05:57.0586 5312  iirsp - ok
18:05:57.0617 5312  [ 756645FB1BF7F3A406DD9A4C13CC73C0 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:05:57.0649 5312  Suspicious file (Forged): C:\Windows\System32\ikeext.dll. Real md5: 756645FB1BF7F3A406DD9A4C13CC73C0, Fake md5: 9908D8A397B76CD8D31D0D383C5773C9
18:05:57.0649 5312  IKEEXT ( ForgedFile.Multi.Generic ) - warning
18:05:57.0649 5312  IKEEXT - detected ForgedFile.Multi.Generic (1)
18:05:57.0711 5312  [ 568E6FAAF0C70FE1305DFD9A1788EE8E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:05:57.0773 5312  Suspicious file (Forged): C:\Windows\system32\drivers\RTKVHDA.sys. Real md5: 568E6FAAF0C70FE1305DFD9A1788EE8E, Fake md5: C61B3B87F3856CEF0C9F204028C6860D
18:05:57.0789 5312  IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
18:05:57.0789 5312  IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
18:05:57.0805 5312  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:05:57.0820 5312  intelide - ok
18:05:57.0883 5312  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:05:58.0023 5312  intelppm - ok
18:05:58.0070 5312  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:05:58.0117 5312  IPBusEnum - ok
18:05:58.0148 5312  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:58.0226 5312  IpFilterDriver - ok
18:05:58.0257 5312  [ E4EFE9F0DD1EDCD7769C9423596DABCC ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:05:58.0288 5312  Suspicious file (Forged): C:\Windows\System32\iphlpsvc.dll. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, Fake md5: 1998BD97F950680BB55F55A7244679C2
18:05:58.0288 5312  iphlpsvc ( ForgedFile.Multi.Generic ) - warning
18:05:58.0288 5312  iphlpsvc - detected ForgedFile.Multi.Generic (1)
18:05:58.0288 5312  IpInIp - ok
18:05:58.0335 5312  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:05:58.0585 5312  IPMIDRV - ok
18:05:58.0647 5312  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:05:58.0787 5312  IPNAT - ok
18:05:58.0834 5312  [ B2179A1F99818EFF32BB644A54FB35B7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:05:58.0865 5312  Suspicious file (Forged): C:\Program Files\iPod\bin\iPodService.exe. Real md5: B2179A1F99818EFF32BB644A54FB35B7, Fake md5: E46B17060D3962A384AE484094614788
18:05:58.0881 5312  iPod Service ( ForgedFile.Multi.Generic ) - warning
18:05:58.0881 5312  iPod Service - detected ForgedFile.Multi.Generic (1)
18:05:58.0912 5312  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:05:59.0053 5312  IRENUM - ok
18:05:59.0084 5312  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:05:59.0099 5312  isapnp - ok
18:05:59.0131 5312  [ AB9208FAF0F529FC3EED3B7761029859 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:05:59.0162 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\msiscsi.sys. Real md5: AB9208FAF0F529FC3EED3B7761029859, Fake md5: 232FA340531D940AAC623B121A595034
18:05:59.0162 5312  iScsiPrt ( ForgedFile.Multi.Generic ) - warning
18:05:59.0162 5312  iScsiPrt - detected ForgedFile.Multi.Generic (1)
18:05:59.0177 5312  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:05:59.0193 5312  iteatapi - ok
18:05:59.0209 5312  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:05:59.0224 5312  iteraid - ok
18:05:59.0255 5312  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:05:59.0271 5312  kbdclass - ok
18:05:59.0302 5312  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:05:59.0552 5312  kbdhid - ok
18:05:59.0599 5312  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
18:05:59.0677 5312  KeyIso - ok
18:05:59.0692 5312  [ 0A433A51020CD61594EE0AB8435B2176 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:05:59.0755 5312  Suspicious file (Forged): C:\Windows\system32\Drivers\ksecdd.sys. Real md5: 0A433A51020CD61594EE0AB8435B2176, Fake md5: 4A1445EFA932A3BAF5BDB02D7131EE20
18:05:59.0755 5312  KSecDD ( ForgedFile.Multi.Generic ) - warning
18:05:59.0755 5312  KSecDD - detected ForgedFile.Multi.Generic (1)
18:05:59.0770 5312  [ C6DCDF88AE75644704F35CAF5337C0B6 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:05:59.0801 5312  Suspicious file (Forged): C:\Windows\system32\msdtckrm.dll. Real md5: C6DCDF88AE75644704F35CAF5337C0B6, Fake md5: 8078F8F8F7A79E2E6B494523A828C585
18:05:59.0801 5312  KtmRm ( ForgedFile.Multi.Generic ) - warning
18:05:59.0801 5312  KtmRm - detected ForgedFile.Multi.Generic (1)
18:05:59.0864 5312  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:05:59.0926 5312  LanmanServer - ok
18:05:59.0942 5312  [ A3D96945791156D3AAF9CF34FEEFA21C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:59.0973 5312  Suspicious file (Forged): C:\Windows\System32\wkssvc.dll. Real md5: A3D96945791156D3AAF9CF34FEEFA21C, Fake md5: 1DB69705B695B987082C8BAEC0C6B34F
18:05:59.0973 5312  LanmanWorkstation ( ForgedFile.Multi.Generic ) - warning
18:05:59.0973 5312  LanmanWorkstation - detected ForgedFile.Multi.Generic (1)
18:06:00.0020 5312  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:06:00.0160 5312  lltdio - ok
18:06:00.0176 5312  [ B98524C2784030C4ECFE3DEA47002A80 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:06:00.0238 5312  Suspicious file (Forged): C:\Windows\System32\lltdsvc.dll. Real md5: B98524C2784030C4ECFE3DEA47002A80, Fake md5: 2D5A428872F1442631D0959A34ABFF63
18:06:00.0238 5312  lltdsvc ( ForgedFile.Multi.Generic ) - warning
18:06:00.0238 5312  lltdsvc - detected ForgedFile.Multi.Generic (1)
18:06:00.0269 5312  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:06:00.0519 5312  lmhosts - ok
18:06:00.0566 5312  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:06:00.0581 5312  LSI_FC - ok
18:06:00.0613 5312  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:06:00.0628 5312  LSI_SAS - ok
18:06:00.0644 5312  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:06:00.0659 5312  LSI_SCSI - ok
18:06:00.0691 5312  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
18:06:00.0847 5312  luafv - ok
18:06:00.0878 5312  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:06:00.0956 5312  Mcx2Svc - ok
18:06:00.0987 5312  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:06:01.0034 5312  mdmxsdk - ok
18:06:01.0065 5312  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
18:06:01.0081 5312  megasas - ok
18:06:01.0096 5312  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
18:06:01.0127 5312  MMCSS - ok
18:06:01.0174 5312  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
18:06:01.0221 5312  Modem - ok
18:06:01.0268 5312  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:06:01.0330 5312  monitor - ok
18:06:01.0393 5312  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:06:01.0408 5312  mouclass - ok
18:06:01.0439 5312  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:06:01.0471 5312  mouhid - ok
18:06:01.0502 5312  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:06:01.0517 5312  MountMgr - ok
18:06:01.0595 5312  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:06:01.0611 5312  MozillaMaintenance - ok
18:06:01.0658 5312  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:06:01.0673 5312  mpio - ok
18:06:01.0705 5312  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:06:01.0845 5312  mpsdrv - ok
18:06:01.0861 5312  [ C46DF109D49B7827F326885D1367C964 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:06:01.0892 5312  Suspicious file (Forged): C:\Windows\system32\mpssvc.dll. Real md5: C46DF109D49B7827F326885D1367C964, Fake md5: 5DE62C6E9108F14F6794060A9BDECAEC
18:06:01.0892 5312  MpsSvc ( ForgedFile.Multi.Generic ) - warning
18:06:01.0892 5312  MpsSvc - detected ForgedFile.Multi.Generic (1)
18:06:01.0907 5312  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:06:01.0923 5312  Mraid35x - ok
18:06:01.0970 5312  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:06:02.0048 5312  MRxDAV - ok
18:06:02.0079 5312  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:02.0141 5312  mrxsmb - ok
18:06:02.0173 5312  [ B094DB2537AAEDACCB66B3707A5BB91C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:02.0188 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\mrxsmb10.sys. Real md5: B094DB2537AAEDACCB66B3707A5BB91C, Fake md5: 4FCCB34D793B116423209C0F8B7A3B03
18:06:02.0188 5312  mrxsmb10 ( ForgedFile.Multi.Generic ) - warning
18:06:02.0188 5312  mrxsmb10 - detected ForgedFile.Multi.Generic (1)
18:06:02.0204 5312  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:02.0251 5312  mrxsmb20 - ok
18:06:02.0282 5312  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:06:02.0313 5312  msahci - ok
18:06:02.0453 5312  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
18:06:02.0485 5312  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:06:02.0485 5312  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:06:02.0500 5312  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:06:02.0516 5312  msdsm - ok
18:06:02.0578 5312  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
18:06:02.0719 5312  MSDTC - ok
18:06:02.0781 5312  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:06:02.0828 5312  Msfs - ok
18:06:02.0875 5312  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:06:02.0890 5312  msisadrv - ok
18:06:02.0937 5312  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:06:02.0999 5312  MSiSCSI - ok
18:06:03.0015 5312  msiserver - ok
18:06:03.0062 5312  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:06:03.0093 5312  MSKSSRV - ok
18:06:03.0155 5312  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:03.0218 5312  MSPCLOCK - ok
18:06:03.0249 5312  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:06:03.0296 5312  MSPQM - ok
18:06:03.0311 5312  [ 22CDB67DE48B43458FEAF4025CFF9E6A ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:06:03.0343 5312  Suspicious file (Forged): C:\Windows\system32\drivers\MsRPC.sys. Real md5: 22CDB67DE48B43458FEAF4025CFF9E6A, Fake md5: B49456D70555DE905C311BCDA6EC6ADB
18:06:03.0343 5312  MsRPC ( ForgedFile.Multi.Generic ) - warning
18:06:03.0343 5312  MsRPC - detected ForgedFile.Multi.Generic (1)
18:06:03.0374 5312  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:06:03.0389 5312  mssmbios - ok
18:06:03.0452 5312  MSSQL$VAIO_VEDB - ok
18:06:03.0514 5312  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:06:03.0545 5312  MSSQLServerADHelper - ok
18:06:03.0577 5312  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:06:03.0686 5312  MSTEE - ok
18:06:03.0733 5312  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
18:06:03.0764 5312  Mup - ok
18:06:03.0779 5312  [ BF16B6BE3E81BF3A03898E51FE2BA197 ] napagent        C:\Windows\system32\qagentRT.dll
18:06:03.0811 5312  Suspicious file (Forged): C:\Windows\system32\qagentRT.dll. Real md5: BF16B6BE3E81BF3A03898E51FE2BA197, Fake md5: E4EAF0C5C1B41B5C83386CF212CA9584
18:06:03.0811 5312  napagent ( ForgedFile.Multi.Generic ) - warning
18:06:03.0811 5312  napagent - detected ForgedFile.Multi.Generic (1)
18:06:03.0842 5312  [ 0745D9564DDCAC4884B38533C5A9D100 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:06:03.0873 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\nwifi.sys. Real md5: 0745D9564DDCAC4884B38533C5A9D100, Fake md5: 85C44FDFF9CF7E72A40DCB7EC06A4416
18:06:03.0873 5312  NativeWifiP ( ForgedFile.Multi.Generic ) - warning
18:06:03.0873 5312  NativeWifiP - detected ForgedFile.Multi.Generic (1)
18:06:03.0904 5312  [ 1E55E310420D50A24403B5FC3902668F ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:06:03.0935 5312  Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 1E55E310420D50A24403B5FC3902668F, Fake md5: 1357274D1883F68300AEADD15D7BBB42
18:06:03.0935 5312  NDIS ( ForgedFile.Multi.Generic ) - warning
18:06:03.0935 5312  NDIS - detected ForgedFile.Multi.Generic (1)
18:06:03.0998 5312  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:04.0107 5312  NdisTapi - ok
18:06:04.0138 5312  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:04.0263 5312  Ndisuio - ok
18:06:04.0310 5312  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:04.0341 5312  NdisWan - ok
18:06:04.0372 5312  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:06:04.0435 5312  NDProxy - ok
18:06:04.0481 5312  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:06:04.0497 5312  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:06:04.0497 5312  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:06:04.0528 5312  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:06:04.0575 5312  NetBIOS - ok
18:06:04.0606 5312  [ 78E78900E441476A988389AE05503FD9 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:06:04.0622 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 78E78900E441476A988389AE05503FD9, Fake md5: ECD64230A59CBD93C85F1CD1CAB9F3F6
18:06:04.0622 5312  netbt ( ForgedFile.Multi.Generic ) - warning
18:06:04.0622 5312  netbt - detected ForgedFile.Multi.Generic (1)
18:06:04.0653 5312  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
18:06:04.0684 5312  Netlogon - ok
18:06:04.0700 5312  [ 3DCB0CE00A2ADEE38D7B96AFC169C680 ] Netman          C:\Windows\System32\netman.dll
18:06:04.0731 5312  Suspicious file (Forged): C:\Windows\System32\netman.dll. Real md5: 3DCB0CE00A2ADEE38D7B96AFC169C680, Fake md5: C8052711DAECC48B982434C5116CA401
18:06:04.0731 5312  Netman ( ForgedFile.Multi.Generic ) - warning
18:06:04.0731 5312  Netman - detected ForgedFile.Multi.Generic (1)
18:06:04.0762 5312  [ 625E3E643559D386D809FC1F29B94496 ] netprofm        C:\Windows\System32\netprofm.dll
18:06:04.0793 5312  Suspicious file (Forged): C:\Windows\System32\netprofm.dll. Real md5: 625E3E643559D386D809FC1F29B94496, Fake md5: 2EF3BBE22E5A5ACD1428EE387A0D0172
18:06:04.0793 5312  netprofm ( ForgedFile.Multi.Generic ) - warning
18:06:04.0793 5312  netprofm - detected ForgedFile.Multi.Generic (1)
18:06:04.0825 5312  [ BC27D9CA87FCCDA85C061271B6A57D02 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:06:04.0840 5312  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe. Real md5: BC27D9CA87FCCDA85C061271B6A57D02, Fake md5: D6C4E4A39A36029AC0813D476FBD0248
18:06:04.0840 5312  NetTcpPortSharing ( ForgedFile.Multi.Generic ) - warning
18:06:04.0840 5312  NetTcpPortSharing - detected ForgedFile.Multi.Generic (1)
18:06:04.0871 5312  [ 7499E08715BE018B7F4CCBDD4861A2F0 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
18:06:04.0949 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\NETw3v32.sys. Real md5: 7499E08715BE018B7F4CCBDD4861A2F0, Fake md5: ACC6170D80C69E50145B370023B64ED3
18:06:04.0965 5312  NETw3v32 ( ForgedFile.Multi.Generic ) - warning
18:06:04.0965 5312  NETw3v32 - detected ForgedFile.Multi.Generic (1)
18:06:04.0996 5312  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:06:05.0012 5312  nfrd960 - ok
18:06:05.0027 5312  [ 1E517742239024F78839DAEE35CB395B ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:06:05.0043 5312  Suspicious file (Forged): C:\Windows\System32\nlasvc.dll. Real md5: 1E517742239024F78839DAEE35CB395B, Fake md5: 2997B15415F9BBE05B5A4C1C85E0C6A2
18:06:05.0043 5312  NlaSvc ( ForgedFile.Multi.Generic ) - warning
18:06:05.0043 5312  NlaSvc - detected ForgedFile.Multi.Generic (1)
18:06:05.0074 5312  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:06:05.0199 5312  Npfs - ok
18:06:05.0230 5312  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
18:06:05.0355 5312  nsi - ok
18:06:05.0386 5312  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:06:05.0449 5312  nsiproxy - ok
18:06:05.0495 5312  [ 943AC7EF323DCA9CE13C2EF3BE9A8715 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:06:05.0542 5312  Suspicious file (Forged): C:\Windows\system32\drivers\Ntfs.sys. Real md5: 943AC7EF323DCA9CE13C2EF3BE9A8715, Fake md5: 6A4A98CEE84CF9E99564510DDA4BAA47
18:06:05.0542 5312  Ntfs ( ForgedFile.Multi.Generic ) - warning
18:06:05.0542 5312  Ntfs - detected ForgedFile.Multi.Generic (1)
18:06:05.0589 5312  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:06:05.0854 5312  ntrigdigi - ok
18:06:05.0885 5312  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
18:06:06.0041 5312  Null - ok
18:06:06.0088 5312  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:06:06.0104 5312  nvraid - ok
18:06:06.0119 5312  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:06:06.0135 5312  nvstor - ok
18:06:06.0151 5312  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:06:06.0166 5312  nv_agp - ok
18:06:06.0182 5312  NwlnkFlt - ok
18:06:06.0182 5312  NwlnkFwd - ok
18:06:06.0275 5312  [ 087DFF37488245EC9717B29C4E818056 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:06:06.0322 5312  Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE. Real md5: 087DFF37488245EC9717B29C4E818056, Fake md5: 785F487A64950F3CB8E9F16253BA3B7B
18:06:06.0322 5312  odserv ( ForgedFile.Multi.Generic ) - warning
18:06:06.0322 5312  odserv - detected ForgedFile.Multi.Generic (1)
18:06:06.0369 5312  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:06:06.0478 5312  ohci1394 - ok
18:06:06.0525 5312  [ 23345305EDC5827EDE315B8491292308 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:06:06.0541 5312  Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE. Real md5: 23345305EDC5827EDE315B8491292308, Fake md5: 5A432A042DAE460ABE7199B758E8606C
18:06:06.0541 5312  ose ( ForgedFile.Multi.Generic ) - warning
18:06:06.0541 5312  ose - detected ForgedFile.Multi.Generic (1)
18:06:06.0572 5312  [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:06:06.0619 5312  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:06.0619 5312  p2pimsvc ( ForgedFile.Multi.Generic ) - warning
18:06:06.0619 5312  p2pimsvc - detected ForgedFile.Multi.Generic (1)
18:06:06.0634 5312  [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:06:06.0634 5312  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:06.0634 5312  p2psvc ( ForgedFile.Multi.Generic ) - warning
18:06:06.0634 5312  p2psvc - detected ForgedFile.Multi.Generic (1)
18:06:06.0665 5312  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
18:06:06.0712 5312  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:06:06.0712 5312  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:06:06.0743 5312  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
18:06:06.0977 5312  Parport - ok
18:06:07.0040 5312  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:06:07.0055 5312  partmgr - ok
18:06:07.0087 5312  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:06:07.0165 5312  Parvdm - ok
18:06:07.0211 5312  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:06:07.0289 5312  PcaSvc - ok
18:06:07.0305 5312  [ F408E154834EE6CB75FA90E27C4BE3FB ] pci             C:\Windows\system32\drivers\pci.sys
18:06:07.0336 5312  Suspicious file (Forged): C:\Windows\system32\drivers\pci.sys. Real md5: F408E154834EE6CB75FA90E27C4BE3FB, Fake md5: 941DC1D19E7E8620F40BBC206981EFDB
18:06:07.0336 5312  pci ( ForgedFile.Multi.Generic ) - warning
18:06:07.0336 5312  pci - detected ForgedFile.Multi.Generic (1)
18:06:07.0352 5312  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
18:06:07.0367 5312  pciide - ok
18:06:07.0399 5312  [ 7511D48D729354CE8FCD4FAC7E06C8BA ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:06:07.0414 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\pcmcia.sys. Real md5: 7511D48D729354CE8FCD4FAC7E06C8BA, Fake md5: 3BB2244F343B610C29C98035504C9B75
18:06:07.0414 5312  pcmcia ( ForgedFile.Multi.Generic ) - warning
18:06:07.0414 5312  pcmcia - detected ForgedFile.Multi.Generic (1)
18:06:07.0445 5312  [ 1BD9BE9899B531181E5E4634768C97D1 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:06:07.0492 5312  Suspicious file (Forged): C:\Windows\system32\drivers\peauth.sys. Real md5: 1BD9BE9899B531181E5E4634768C97D1, Fake md5: 6349F6ED9C623B44B52EA3C63C831A92
18:06:07.0492 5312  PEAUTH ( ForgedFile.Multi.Generic ) - warning
18:06:07.0492 5312  PEAUTH - detected ForgedFile.Multi.Generic (1)
18:06:07.0539 5312  [ 0BBDA46E800FA755DBF6637A974CAE08 ] pla             C:\Windows\system32\pla.dll
18:06:07.0617 5312  Suspicious file (Forged): C:\Windows\system32\pla.dll. Real md5: 0BBDA46E800FA755DBF6637A974CAE08, Fake md5: B1689DF169143F57053F795390C99DB3
18:06:07.0617 5312  pla ( ForgedFile.Multi.Generic ) - warning
18:06:07.0617 5312  pla - detected ForgedFile.Multi.Generic (1)
18:06:07.0648 5312  [ 63369EA0128CAEB9771F59C9F056A4E4 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:06:07.0679 5312  Suspicious file (Forged): C:\Windows\system32\umpnpmgr.dll. Real md5: 63369EA0128CAEB9771F59C9F056A4E4, Fake md5: C5E7F8A996EC0A82D508FD9064A5569E
18:06:07.0679 5312  PlugPlay ( ForgedFile.Multi.Generic ) - warning
18:06:07.0679 5312  PlugPlay - detected ForgedFile.Multi.Generic (1)
18:06:07.0711 5312  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:06:07.0742 5312  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:06:07.0742 5312  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:06:07.0757 5312  [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:06:07.0789 5312  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:07.0789 5312  PNRPAutoReg ( ForgedFile.Multi.Generic ) - warning
18:06:07.0789 5312  PNRPAutoReg - detected ForgedFile.Multi.Generic (1)
18:06:07.0804 5312  [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:06:07.0804 5312  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:06:07.0820 5312  PNRPsvc ( ForgedFile.Multi.Generic ) - warning
18:06:07.0820 5312  PNRPsvc - detected ForgedFile.Multi.Generic (1)
18:06:07.0820 5312  [ 004ED2668CD0E02186B518A76BFA7305 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:06:07.0835 5312  Suspicious file (Forged): C:\Windows\System32\ipsecsvc.dll. Real md5: 004ED2668CD0E02186B518A76BFA7305, Fake md5: D0494460421A03CD5225CCA0059AA146
18:06:07.0851 5312  PolicyAgent ( ForgedFile.Multi.Generic ) - warning
18:06:07.0851 5312  PolicyAgent - detected ForgedFile.Multi.Generic (1)
18:06:07.0882 5312  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:06:08.0007 5312  PptpMiniport - ok
18:06:08.0054 5312  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
18:06:08.0288 5312  Processor - ok
18:06:08.0303 5312  [ D94085B36C265D5E7F49C6B6E817C992 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:06:08.0350 5312  Suspicious file (Forged): C:\Windows\system32\profsvc.dll. Real md5: D94085B36C265D5E7F49C6B6E817C992, Fake md5: 0508FAA222D28835310B7BFCA7A77346
18:06:08.0350 5312  ProfSvc ( ForgedFile.Multi.Generic ) - warning
18:06:08.0350 5312  ProfSvc - detected ForgedFile.Multi.Generic (1)
18:06:08.0366 5312  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:06:08.0397 5312  ProtectedStorage - ok
18:06:08.0444 5312  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:06:08.0569 5312  PSched - ok
18:06:08.0600 5312  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
18:06:08.0615 5312  PxHelp20 - ok
18:06:08.0647 5312  [ 5AF2613C3656B3CC9BF2395F60E05566 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:06:08.0693 5312  Suspicious file (Forged): C:\Windows\system32\drivers\ql2300.sys. Real md5: 5AF2613C3656B3CC9BF2395F60E05566, Fake md5: CCDAC889326317792480C0A67156A1EC
18:06:08.0693 5312  ql2300 ( ForgedFile.Multi.Generic ) - warning
18:06:08.0693 5312  ql2300 - detected ForgedFile.Multi.Generic (1)
18:06:08.0725 5312  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:06:08.0740 5312  ql40xx - ok
18:06:08.0756 5312  [ 5F04EBF515737B3A3A3E13EAE4FD6339 ] QWAVE           C:\Windows\system32\qwave.dll
18:06:08.0787 5312  Suspicious file (Forged): C:\Windows\system32\qwave.dll. Real md5: 5F04EBF515737B3A3A3E13EAE4FD6339, Fake md5: E9ECAE663F47E6CB43962D18AB18890F
18:06:08.0787 5312  QWAVE ( ForgedFile.Multi.Generic ) - warning
18:06:08.0787 5312  QWAVE - detected ForgedFile.Multi.Generic (1)
18:06:08.0818 5312  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:06:08.0865 5312  QWAVEdrv - ok
18:06:08.0912 5312  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:06:09.0052 5312  RasAcd - ok
18:06:09.0083 5312  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
18:06:09.0146 5312  RasAuto - ok
18:06:09.0193 5312  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:09.0239 5312  Rasl2tp - ok
18:06:09.0271 5312  [ EC87A838931D4D5D2E94A04644788A55 ] RasMan          C:\Windows\System32\rasmans.dll
18:06:09.0286 5312  Suspicious file (Forged): C:\Windows\System32\rasmans.dll. Real md5: EC87A838931D4D5D2E94A04644788A55, Fake md5: 75D47445D70CA6F9F894B032FBC64FCF
18:06:09.0286 5312  RasMan ( ForgedFile.Multi.Generic ) - warning
18:06:09.0286 5312  RasMan - detected ForgedFile.Multi.Generic (1)
18:06:09.0317 5312  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:09.0442 5312  RasPppoe - ok
18:06:09.0473 5312  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:06:09.0583 5312  RasSstp - ok
18:06:09.0614 5312  [ 3E02DA96A403154487761734F342C2C9 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:06:09.0661 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\rdbss.sys. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: B14C9D5B9ADD2F84F70570BBBFAA7935
18:06:09.0661 5312  rdbss ( ForgedFile.Multi.Generic ) - warning
18:06:09.0661 5312  rdbss - detected ForgedFile.Multi.Generic (1)
18:06:09.0692 5312  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:09.0832 5312  RDPCDD - ok
18:06:09.0863 5312  [ 689CB8A9930F9D6F3838F751619FA22F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:06:09.0879 5312  Suspicious file (Forged): C:\Windows\system32\drivers\rdpdr.sys. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: E8BD98D46F2ED77132BA927FCCB47D8B
18:06:09.0895 5312  rdpdr ( ForgedFile.Multi.Generic ) - warning
18:06:09.0895 5312  rdpdr - detected ForgedFile.Multi.Generic (1)
18:06:09.0910 5312  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:06:09.0988 5312  RDPENCDD - ok
18:06:10.0019 5312  [ 5C8871B41E0604F375A577760391CB24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:06:10.0051 5312  Suspicious file (Forged): C:\Windows\system32\drivers\RDPWD.sys. Real md5: 5C8871B41E0604F375A577760391CB24, Fake md5: C127EBD5AFAB31524662C48DFCEB773A
18:06:10.0051 5312  RDPWD ( ForgedFile.Multi.Generic ) - warning
18:06:10.0051 5312  RDPWD - detected ForgedFile.Multi.Generic (1)
18:06:10.0113 5312  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:06:10.0238 5312  RemoteAccess - ok
18:06:10.0285 5312  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:06:10.0409 5312  RemoteRegistry - ok
18:06:10.0456 5312  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
18:06:10.0519 5312  RpcLocator - ok
18:06:10.0534 5312  [ 6621476E1926167313D0FE6E95E98E7F ] RpcSs           C:\Windows\system32\rpcss.dll
18:06:10.0565 5312  Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:06:10.0565 5312  RpcSs ( ForgedFile.Multi.Generic ) - warning
18:06:10.0565 5312  RpcSs - detected ForgedFile.Multi.Generic (1)
18:06:10.0612 5312  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:06:10.0753 5312  rspndr - ok
18:06:10.0768 5312  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
18:06:10.0784 5312  SamSs - ok
18:06:10.0815 5312  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:06:10.0846 5312  sbp2port - ok
18:06:10.0893 5312  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:06:11.0018 5312  SCardSvr - ok
18:06:11.0033 5312  [ 6A325B709D328A46B39F3C8EB55347AF ] Schedule        C:\Windows\system32\schedsvc.dll
18:06:11.0080 5312  Suspicious file (Forged): C:\Windows\system32\schedsvc.dll. Real md5: 6A325B709D328A46B39F3C8EB55347AF, Fake md5: 1A58069DB21D05EB2AB58EE5753EBE8D
18:06:11.0080 5312  Schedule ( ForgedFile.Multi.Generic ) - warning
18:06:11.0080 5312  Schedule - detected ForgedFile.Multi.Generic (1)
18:06:11.0127 5312  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:06:11.0174 5312  SCPolicySvc - ok
18:06:11.0205 5312  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:06:11.0299 5312  SDRSVC - ok
18:06:11.0423 5312  [ AC20213C4C2A97DDF091B8FA7C0D5185 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:06:11.0455 5312  Suspicious file (Forged): C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe. Real md5: AC20213C4C2A97DDF091B8FA7C0D5185, Fake md5: 271077B91D7AD1B616F8AFDFE8E3F981
18:06:11.0455 5312  SeaPort ( ForgedFile.Multi.Generic ) - warning
18:06:11.0455 5312  SeaPort - detected ForgedFile.Multi.Generic (1)
18:06:11.0470 5312  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:06:11.0720 5312  secdrv - ok
18:06:11.0751 5312  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
18:06:11.0876 5312  seclogon - ok
18:06:11.0923 5312  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
18:06:11.0969 5312  SENS - ok
18:06:12.0016 5312  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:06:12.0079 5312  Serenum - ok
18:06:12.0110 5312  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
18:06:12.0188 5312  Serial - ok
18:06:12.0235 5312  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:06:12.0266 5312  sermouse - ok
18:06:12.0266 5312  ServiceLayer - ok
18:06:12.0344 5312  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:06:12.0469 5312  SessionEnv - ok
18:06:12.0500 5312  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:06:12.0734 5312  sffdisk - ok
18:06:12.0765 5312  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:06:12.0843 5312  sffp_mmc - ok
18:06:12.0890 5312  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:06:12.0968 5312  sffp_sd - ok
18:06:12.0983 5312  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:06:13.0046 5312  sfloppy - ok
18:06:13.0061 5312  [ BE808F75A548431F70DD63967B466661 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:06:13.0093 5312  Suspicious file (Forged): C:\Windows\System32\ipnathlp.dll. Real md5: BE808F75A548431F70DD63967B466661, Fake md5: E1499BD0FF76B1B2FBBF1AF339D91165
18:06:13.0093 5312  SharedAccess ( ForgedFile.Multi.Generic ) - warning
18:06:13.0093 5312  SharedAccess - detected ForgedFile.Multi.Generic (1)
18:06:13.0124 5312  [ F2F577D6BBA24BD4F1882E289203F358 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:06:13.0139 5312  Suspicious file (Forged): C:\Windows\System32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:06:13.0155 5312  ShellHWDetection ( ForgedFile.Multi.Generic ) - warning
18:06:13.0155 5312  ShellHWDetection - detected ForgedFile.Multi.Generic (1)
18:06:13.0171 5312  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:06:13.0186 5312  sisagp - ok
18:06:13.0202 5312  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:06:13.0217 5312  SiSRaid2 - ok
18:06:13.0249 5312  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:06:13.0264 5312  SiSRaid4 - ok
18:06:13.0311 5312  [ 26C1DCA2184E7E9911D714A55D349CE6 ] slsvc           C:\Windows\system32\SLsvc.exe
18:06:13.0436 5312  Suspicious file (Forged): C:\Windows\system32\SLsvc.exe. Real md5: 26C1DCA2184E7E9911D714A55D349CE6, Fake md5: 862BB4CBC05D80C5B45BE430E5EF872F
18:06:13.0451 5312  slsvc ( ForgedFile.Multi.Generic ) - warning
18:06:13.0451 5312  slsvc - detected ForgedFile.Multi.Generic (1)
18:06:13.0498 5312  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:06:13.0623 5312  SLUINotify - ok
18:06:13.0654 5312  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:06:13.0701 5312  Smb - ok
18:06:13.0732 5312  [ DB31D8989B3450569C29780E7FA98C48 ] SNC             C:\Windows\system32\Drivers\SonyNC.sys
18:06:13.0795 5312  SNC - ok
18:06:13.0826 5312  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:06:13.0857 5312  SNMPTRAP - ok
18:06:13.0935 5312  [ 8C565651AF9023F2D0616D80BB28D253 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
18:06:14.0341 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\snpstd3.sys. Real md5: 8C565651AF9023F2D0616D80BB28D253, Fake md5: 9CD6FFC9F5B999EB5DF69B9177D9848F
18:06:14.0372 5312  SNPSTD3 ( ForgedFile.Multi.Generic ) - warning
18:06:14.0372 5312  SNPSTD3 - detected ForgedFile.Multi.Generic (1)
18:06:14.0450 5312  [ 86DA2BEFB800D726FEA98A539606553C ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
18:06:14.0481 5312  SonicStage Back-End Service - ok
18:06:14.0512 5312  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
18:06:14.0528 5312  spldr - ok
18:06:14.0543 5312  [ 05DBBD20D38DEC7598E4AE3E255200AD ] Spooler         C:\Windows\System32\spoolsv.exe
18:06:14.0575 5312  Suspicious file (Forged): C:\Windows\System32\spoolsv.exe. Real md5: 05DBBD20D38DEC7598E4AE3E255200AD, Fake md5: 8554097E5136C3BF9F69FE578A1B35F4
18:06:14.0575 5312  Spooler ( ForgedFile.Multi.Generic ) - warning
18:06:14.0575 5312  Spooler - detected ForgedFile.Multi.Generic (1)
18:06:14.0606 5312  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
18:06:14.0606 5312  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:06:14.0606 5312  SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:06:14.0637 5312  [ 0E4F0E65B32CB4132B39A439951342A3 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:06:14.0653 5312  Suspicious file (Forged): C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe. Real md5: 0E4F0E65B32CB4132B39A439951342A3, Fake md5: 86EBD8B1F23E743AAD21F4D5B4D40985
18:06:14.0653 5312  SQLBrowser ( ForgedFile.Multi.Generic ) - warning
18:06:14.0653 5312  SQLBrowser - detected ForgedFile.Multi.Generic (1)
18:06:14.0699 5312  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:06:14.0715 5312  SQLWriter - ok
18:06:14.0731 5312  [ 397039AF02D50D15C70B74088EB8A1CB ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:06:14.0777 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv.sys. Real md5: 397039AF02D50D15C70B74088EB8A1CB, Fake md5: 41987F9FC0E61ADF54F581E15029AD91
18:06:14.0777 5312  srv ( ForgedFile.Multi.Generic ) - warning
18:06:14.0777 5312  srv - detected ForgedFile.Multi.Generic (1)
18:06:14.0809 5312  [ 1AA21A40A1067F5BF80513656735A2BF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:06:14.0824 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv2.sys. Real md5: 1AA21A40A1067F5BF80513656735A2BF, Fake md5: FF33AFF99564B1AA534F58868CBE41EF
18:06:14.0824 5312  srv2 ( ForgedFile.Multi.Generic ) - warning
18:06:14.0824 5312  srv2 - detected ForgedFile.Multi.Generic (1)
18:06:14.0840 5312  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:06:14.0902 5312  srvnet - ok
18:06:14.0933 5312  [ 3DABE639076AEA4BE21608FEBC95C1B5 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:06:14.0965 5312  Suspicious file (Forged): C:\Windows\System32\ssdpsrv.dll. Real md5: 3DABE639076AEA4BE21608FEBC95C1B5, Fake md5: 03D50B37234967433A5EA5BA72BC0B62
18:06:14.0965 5312  SSDPSRV ( ForgedFile.Multi.Generic ) - warning
18:06:14.0965 5312  SSDPSRV - detected ForgedFile.Multi.Generic (1)
18:06:15.0011 5312  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:06:15.0027 5312  ssmdrv - ok
18:06:15.0043 5312  [ 6EB13F919D22D5056B4FB66AA3BB497A ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
18:06:15.0058 5312  SSScsiSV - ok
18:06:15.0105 5312  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:06:15.0167 5312  SstpSvc - ok
18:06:15.0214 5312  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
         

Alt 10.03.2013, 18:44   #14
Kim1988
 
Groupon Email - Standard

Groupon Email



Das ist der 2. Teil:

Code:
ATTFilter
18:06:15.0230 5312  StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:06:15.0230 5312  StarOpen - detected UnsignedFile.Multi.Generic (1)
18:06:15.0261 5312  [ A89777E9809EC6EA3190114E59C67BCB ] stisvc          C:\Windows\System32\wiaservc.dll
18:06:15.0308 5312  Suspicious file (Forged): C:\Windows\System32\wiaservc.dll. Real md5: A89777E9809EC6EA3190114E59C67BCB, Fake md5: 5DE7D67E49B88F5F07F3E53C4B92A352
18:06:15.0308 5312  stisvc ( ForgedFile.Multi.Generic ) - warning
18:06:15.0308 5312  stisvc - detected ForgedFile.Multi.Generic (1)
18:06:15.0339 5312  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:06:15.0355 5312  swenum - ok
18:06:15.0386 5312  [ 6A66D33C6A7B55416D843AEE2FF2BF93 ] swprv           C:\Windows\System32\swprv.dll
18:06:15.0417 5312  Suspicious file (Forged): C:\Windows\System32\swprv.dll. Real md5: 6A66D33C6A7B55416D843AEE2FF2BF93, Fake md5: F21FD248040681CCA1FB6C9A03AAA93D
18:06:15.0417 5312  swprv ( ForgedFile.Multi.Generic ) - warning
18:06:15.0417 5312  swprv - detected ForgedFile.Multi.Generic (1)
18:06:15.0448 5312  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:06:15.0464 5312  Symc8xx - ok
18:06:15.0479 5312  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:06:15.0495 5312  Sym_hi - ok
18:06:15.0495 5312  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:06:15.0511 5312  Sym_u3 - ok
18:06:15.0542 5312  [ E3477C4F58312892158CE5963AE18CBA ] SysMain         C:\Windows\system32\sysmain.dll
18:06:15.0573 5312  Suspicious file (Forged): C:\Windows\system32\sysmain.dll. Real md5: E3477C4F58312892158CE5963AE18CBA, Fake md5: 9A51B04E9886AA4EE90093586B0BA88D
18:06:15.0573 5312  SysMain ( ForgedFile.Multi.Generic ) - warning
18:06:15.0573 5312  SysMain - detected ForgedFile.Multi.Generic (1)
18:06:15.0604 5312  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:06:15.0667 5312  TabletInputService - ok
18:06:15.0698 5312  [ 689CB8A9930F9D6F3838F751619FA22F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:06:15.0713 5312  Suspicious file (Forged): C:\Windows\System32\tapisrv.dll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: D7673E4B38CE21EE54C59EEEB65E2483
18:06:15.0713 5312  TapiSrv ( ForgedFile.Multi.Generic ) - warning
18:06:15.0713 5312  TapiSrv - detected ForgedFile.Multi.Generic (1)
18:06:15.0745 5312  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
18:06:15.0885 5312  TBS - ok
18:06:15.0901 5312  [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:06:15.0947 5312  Suspicious file (Forged): C:\Windows\system32\drivers\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:06:15.0947 5312  Tcpip ( ForgedFile.Multi.Generic ) - warning
18:06:15.0947 5312  Tcpip - detected ForgedFile.Multi.Generic (1)
18:06:15.0979 5312  [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:06:15.0979 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:06:15.0994 5312  Tcpip6 ( ForgedFile.Multi.Generic ) - warning
18:06:15.0994 5312  Tcpip6 - detected ForgedFile.Multi.Generic (1)
18:06:16.0041 5312  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:06:16.0150 5312  tcpipreg - ok
18:06:16.0181 5312  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:06:16.0353 5312  TDPIPE - ok
18:06:16.0384 5312  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:06:16.0415 5312  TDTCP - ok
18:06:16.0462 5312  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:06:16.0587 5312  tdx - ok
18:06:16.0603 5312  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:06:16.0618 5312  TermDD - ok
18:06:16.0634 5312  [ 147C8282353639F295A50038CC8033C2 ] TermService     C:\Windows\System32\termsrv.dll
18:06:16.0649 5312  Suspicious file (Forged): C:\Windows\System32\termsrv.dll. Real md5: 147C8282353639F295A50038CC8033C2, Fake md5: BB95DA09BEF6E7A131BFF3BA5032090D
18:06:16.0665 5312  TermService ( ForgedFile.Multi.Generic ) - warning
18:06:16.0665 5312  TermService - detected ForgedFile.Multi.Generic (1)
18:06:16.0665 5312  [ F2F577D6BBA24BD4F1882E289203F358 ] Themes          C:\Windows\system32\shsvcs.dll
18:06:16.0696 5312  Suspicious file (Forged): C:\Windows\system32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:06:16.0696 5312  Themes ( ForgedFile.Multi.Generic ) - warning
18:06:16.0696 5312  Themes - detected ForgedFile.Multi.Generic (1)
18:06:16.0712 5312  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:06:16.0821 5312  THREADORDER - ok
18:06:16.0837 5312  [ A52733D3CD7D1DC595E8830569F9DE5E ] ti21sony        C:\Windows\system32\drivers\ti21sony.sys
18:06:16.0883 5312  Suspicious file (Forged): C:\Windows\system32\drivers\ti21sony.sys. Real md5: A52733D3CD7D1DC595E8830569F9DE5E, Fake md5: 909CD987B54A8179C9AEE874D754721A
18:06:16.0883 5312  ti21sony ( ForgedFile.Multi.Generic ) - warning
18:06:16.0883 5312  ti21sony - detected ForgedFile.Multi.Generic (1)
18:06:16.0915 5312  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
18:06:17.0055 5312  TrkWks - ok
18:06:17.0133 5312  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:06:17.0242 5312  TrustedInstaller - ok
18:06:17.0289 5312  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:17.0336 5312  tssecsrv - ok
18:06:17.0398 5312  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:06:17.0476 5312  tunmp - ok
18:06:17.0507 5312  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:06:17.0523 5312  tunnel - ok
18:06:17.0554 5312  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:06:17.0585 5312  uagp35 - ok
18:06:17.0601 5312  [ 5542930F3F6E98007EE9B6DF0ADA3300 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:06:17.0632 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\udfs.sys. Real md5: 5542930F3F6E98007EE9B6DF0ADA3300, Fake md5: D9728AF68C4C7693CB100B8441CBDEC6
18:06:17.0632 5312  udfs ( ForgedFile.Multi.Generic ) - warning
18:06:17.0632 5312  udfs - detected ForgedFile.Multi.Generic (1)
18:06:17.0663 5312  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:06:17.0804 5312  UI0Detect - ok
18:06:17.0835 5312  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:06:17.0866 5312  uliagpkx - ok
18:06:17.0866 5312  [ 68871CA1E5BE5A6D5A2C2252D1FD2E52 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:06:17.0897 5312  Suspicious file (Forged): C:\Windows\system32\drivers\uliahci.sys. Real md5: 68871CA1E5BE5A6D5A2C2252D1FD2E52, Fake md5: 3CD4EA35A6221B85DCC25DAA46313F8D
18:06:17.0897 5312  uliahci ( ForgedFile.Multi.Generic ) - warning
18:06:17.0897 5312  uliahci - detected ForgedFile.Multi.Generic (1)
18:06:17.0929 5312  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:06:17.0944 5312  UlSata - ok
18:06:17.0960 5312  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:06:17.0975 5312  ulsata2 - ok
18:06:18.0007 5312  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:06:18.0131 5312  umbus - ok
18:06:18.0147 5312  [ FB00CD74A5F35E89A7FBDD3C1D05375A ] upnphost        C:\Windows\System32\upnphost.dll
18:06:18.0163 5312  Suspicious file (Forged): C:\Windows\System32\upnphost.dll. Real md5: FB00CD74A5F35E89A7FBDD3C1D05375A, Fake md5: 68308183F4AE0BE7BF8ECD07CB297999
18:06:18.0163 5312  upnphost ( ForgedFile.Multi.Generic ) - warning
18:06:18.0163 5312  upnphost - detected ForgedFile.Multi.Generic (1)
18:06:18.0194 5312  upperdev - ok
18:06:18.0241 5312  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:06:18.0272 5312  USBAAPL - ok
18:06:18.0319 5312  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:06:18.0443 5312  usbaudio - ok
18:06:18.0490 5312  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:18.0521 5312  usbccgp - ok
18:06:18.0553 5312  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:06:18.0833 5312  usbcir - ok
18:06:18.0880 5312  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:06:18.0927 5312  usbehci - ok
18:06:18.0927 5312  [ 6C73AB814C9C7902C1F03C63EE3600A5 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:06:18.0958 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbhub.sys. Real md5: 6C73AB814C9C7902C1F03C63EE3600A5, Fake md5: 4673BBCB006AF60E7ABDDBE7A130BA42
18:06:18.0958 5312  usbhub ( ForgedFile.Multi.Generic ) - warning
18:06:18.0958 5312  usbhub - detected ForgedFile.Multi.Generic (1)
18:06:18.0974 5312  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:06:19.0208 5312  usbohci - ok
18:06:19.0255 5312  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:06:19.0379 5312  usbprint - ok
18:06:19.0411 5312  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:06:19.0520 5312  usbscan - ok
18:06:19.0567 5312  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:19.0598 5312  USBSTOR - ok
18:06:19.0629 5312  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:06:19.0676 5312  usbuhci - ok
18:06:19.0723 5312  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
18:06:19.0769 5312  UxSms - ok
18:06:19.0832 5312  [ 4E9C6BF8D0655BB7538088DC6F2306D9 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:06:19.0847 5312  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:06:19.0847 5312  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:06:19.0894 5312  [ 83928CD1291215AEDEDC2534CA4775D4 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
18:06:19.0910 5312  Suspicious file (Forged): C:\Program Files\sony\VAIO Event Service\VESMgr.exe. Real md5: 83928CD1291215AEDEDC2534CA4775D4, Fake md5: 8A9F18ADAD471402236CA931553BF79B
18:06:19.0925 5312  VAIO Event Service ( ForgedFile.Multi.Generic ) - warning
18:06:19.0925 5312  VAIO Event Service - detected ForgedFile.Multi.Generic (1)
18:06:19.0972 5312  [ 00BC8160BE04FE47673D00165EA8B157 ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
18:06:20.0066 5312  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe. Real md5: 00BC8160BE04FE47673D00165EA8B157, Fake md5: 88DC6B884824A578B0E1E9C3790C105B
18:06:20.0081 5312  VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - warning
18:06:20.0081 5312  VAIOMediaPlatform-IntegratedServer-AppServer - detected ForgedFile.Multi.Generic (1)
18:06:20.0097 5312  [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:06:20.0128 5312  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:06:20.0128 5312  VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0128 5312  VAIOMediaPlatform-IntegratedServer-HTTP - detected ForgedFile.Multi.Generic (1)
18:06:20.0159 5312  [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:06:20.0206 5312  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:06:20.0206 5312  VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0206 5312  VAIOMediaPlatform-IntegratedServer-UPnP - detected ForgedFile.Multi.Generic (1)
18:06:20.0237 5312  [ A751E17CD529631B38B0909D446C2151 ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
18:06:20.0284 5312  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe. Real md5: A751E17CD529631B38B0909D446C2151, Fake md5: 52D4F568FE7D05AE5026B8717EEB59EB
18:06:20.0284 5312  VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - warning
18:06:20.0284 5312  VAIOMediaPlatform-UCLS-AppServer - detected ForgedFile.Multi.Generic (1)
18:06:20.0284 5312  [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:06:20.0300 5312  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:06:20.0300 5312  VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0300 5312  VAIOMediaPlatform-UCLS-HTTP - detected ForgedFile.Multi.Generic (1)
18:06:20.0315 5312  [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:06:20.0315 5312  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:06:20.0315 5312  VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - warning
18:06:20.0315 5312  VAIOMediaPlatform-UCLS-UPnP - detected ForgedFile.Multi.Generic (1)
18:06:20.0331 5312  Vcsw - ok
18:06:20.0347 5312  [ 4E418BB00EC74CA23F2CD4285DA2B270 ] vds             C:\Windows\System32\vds.exe
18:06:20.0393 5312  Suspicious file (Forged): C:\Windows\System32\vds.exe. Real md5: 4E418BB00EC74CA23F2CD4285DA2B270, Fake md5: CD88D1B7776DC17A119049742EC07EB4
18:06:20.0393 5312  vds ( ForgedFile.Multi.Generic ) - warning
18:06:20.0393 5312  vds - detected ForgedFile.Multi.Generic (1)
18:06:20.0425 5312  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:20.0674 5312  vga - ok
18:06:20.0737 5312  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:06:20.0877 5312  VgaSave - ok
18:06:20.0908 5312  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:06:20.0924 5312  viaagp - ok
18:06:20.0939 5312  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:06:21.0017 5312  ViaC7 - ok
18:06:21.0033 5312  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
18:06:21.0064 5312  viaide - ok
18:06:21.0080 5312  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:06:21.0095 5312  volmgr - ok
18:06:21.0127 5312  [ 211CB019691759FD10FE37E808E9B0A4 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:06:21.0158 5312  Suspicious file (Forged): C:\Windows\system32\drivers\volmgrx.sys. Real md5: 211CB019691759FD10FE37E808E9B0A4, Fake md5: 23E41B834759917BFD6B9A0D625D0C28
18:06:21.0158 5312  volmgrx ( ForgedFile.Multi.Generic ) - warning
18:06:21.0158 5312  volmgrx - detected ForgedFile.Multi.Generic (1)
18:06:21.0173 5312  [ 7D825B6B001A6BB172AB034144480A99 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:06:21.0205 5312  Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 7D825B6B001A6BB172AB034144480A99, Fake md5: 786DB5771F05EF300390399F626BF30A
18:06:21.0205 5312  volsnap ( ForgedFile.Multi.Generic ) - warning
18:06:21.0205 5312  volsnap - detected ForgedFile.Multi.Generic (1)
18:06:21.0220 5312  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:06:21.0236 5312  vsmraid - ok
18:06:21.0267 5312  [ 0C9CD2B425AC2CBE1D403A8F136A926B ] VSS             C:\Windows\system32\vssvc.exe
18:06:21.0329 5312  Suspicious file (Forged): C:\Windows\system32\vssvc.exe. Real md5: 0C9CD2B425AC2CBE1D403A8F136A926B, Fake md5: DB3D19F850C6EB32BDCB9BC0836ACDDB
18:06:21.0329 5312  VSS ( ForgedFile.Multi.Generic ) - warning
18:06:21.0329 5312  VSS - detected ForgedFile.Multi.Generic (1)
18:06:21.0361 5312  [ 72389E9E2971CD7227DD5AA2543D6C73 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:06:21.0376 5312  Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe. Real md5: 72389E9E2971CD7227DD5AA2543D6C73, Fake md5: 5FEB20D9ED9A2BD4F234222B0A3BB855
18:06:21.0376 5312  VzCdbSvc ( ForgedFile.Multi.Generic ) - warning
18:06:21.0376 5312  VzCdbSvc - detected ForgedFile.Multi.Generic (1)
18:06:21.0376 5312  [ A1A0E1292171BC39DA88FA48EB208023 ] VzFw            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:06:21.0392 5312  Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe. Real md5: A1A0E1292171BC39DA88FA48EB208023, Fake md5: 3757DFD3C07896EF660D4060366E7B4E
18:06:21.0392 5312  VzFw ( ForgedFile.Multi.Generic ) - warning
18:06:21.0392 5312  VzFw - detected ForgedFile.Multi.Generic (1)
18:06:21.0423 5312  [ 4F61A26D5D0A96E6D46B0617192010E3 ] W32Time         C:\Windows\system32\w32time.dll
18:06:21.0454 5312  Suspicious file (Forged): C:\Windows\system32\w32time.dll. Real md5: 4F61A26D5D0A96E6D46B0617192010E3, Fake md5: 96EA68B9EB310A69C25EBB0282B2B9DE
18:06:21.0454 5312  W32Time ( ForgedFile.Multi.Generic ) - warning
18:06:21.0454 5312  W32Time - detected ForgedFile.Multi.Generic (1)
18:06:21.0501 5312  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:06:21.0751 5312  WacomPen - ok
18:06:21.0782 5312  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:06:21.0891 5312  Wanarp - ok
18:06:21.0907 5312  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:06:21.0922 5312  Wanarpv6 - ok
18:06:21.0953 5312  [ 0183D84E9A99DB28B40E94117A3B7E6D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:06:21.0985 5312  Suspicious file (Forged): C:\Windows\System32\wcncsvc.dll. Real md5: 0183D84E9A99DB28B40E94117A3B7E6D, Fake md5: A3CD60FD826381B49F03832590E069AF
18:06:21.0985 5312  wcncsvc ( ForgedFile.Multi.Generic ) - warning
18:06:21.0985 5312  wcncsvc - detected ForgedFile.Multi.Generic (1)
18:06:22.0031 5312  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:06:22.0078 5312  WcsPlugInService - ok
18:06:22.0109 5312  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
18:06:22.0156 5312  Wd - ok
18:06:22.0172 5312  [ 899BFAC7D63DDE7F811570826DC8972A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:06:22.0203 5312  Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 899BFAC7D63DDE7F811570826DC8972A, Fake md5: A840213F1ACDCC175B4D1D5AAEAC0D7A
18:06:22.0219 5312  Wdf01000 ( ForgedFile.Multi.Generic ) - warning
18:06:22.0219 5312  Wdf01000 - detected ForgedFile.Multi.Generic (1)
18:06:22.0265 5312  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:06:22.0390 5312  WdiServiceHost - ok
18:06:22.0406 5312  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:06:22.0468 5312  WdiSystemHost - ok
18:06:22.0499 5312  [ 53297B80FCB36799AFD2E7707CF15101 ] WebClient       C:\Windows\System32\webclnt.dll
18:06:22.0515 5312  Suspicious file (Forged): C:\Windows\System32\webclnt.dll. Real md5: 53297B80FCB36799AFD2E7707CF15101, Fake md5: 04C37D8107320312FBAE09926103D5E2
18:06:22.0531 5312  WebClient ( ForgedFile.Multi.Generic ) - warning
18:06:22.0531 5312  WebClient - detected ForgedFile.Multi.Generic (1)
18:06:22.0546 5312  [ 2EED3BF66F3B7A8D7A8F04E295502CBE ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:06:22.0562 5312  Suspicious file (Forged): C:\Windows\system32\wecsvc.dll. Real md5: 2EED3BF66F3B7A8D7A8F04E295502CBE, Fake md5: AE3736E7E8892241C23E4EBBB7453B60
18:06:22.0562 5312  Wecsvc ( ForgedFile.Multi.Generic ) - warning
18:06:22.0562 5312  Wecsvc - detected ForgedFile.Multi.Generic (1)
18:06:22.0593 5312  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:06:22.0718 5312  wercplsupport - ok
18:06:22.0749 5312  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:06:22.0811 5312  WerSvc - ok
18:06:22.0827 5312  [ CA07CF5D723A0935217BAB6085DF5F29 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:06:22.0874 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_CNXT.sys. Real md5: CA07CF5D723A0935217BAB6085DF5F29, Fake md5: 6D2350BB6E77E800FC4BE4E5B7A2E89A
18:06:22.0874 5312  winachsf ( ForgedFile.Multi.Generic ) - warning
18:06:22.0874 5312  winachsf - detected ForgedFile.Multi.Generic (1)
18:06:22.0921 5312  [ 4CA8E488299BAF19CE350E16BA5ACC0D ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:06:22.0952 5312  Suspicious file (Forged): C:\Program Files\Windows Defender\mpsvc.dll. Real md5: 4CA8E488299BAF19CE350E16BA5ACC0D, Fake md5: 4575AA12561C5648483403541D0D7F2B
18:06:22.0952 5312  WinDefend ( ForgedFile.Multi.Generic ) - warning
18:06:22.0952 5312  WinDefend - detected ForgedFile.Multi.Generic (1)
18:06:22.0967 5312  WinHttpAutoProxySvc - ok
18:06:22.0999 5312  [ 5A7FC383C3355595A83FCE4F23FA792C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:06:23.0014 5312  Suspicious file (Forged): C:\Windows\system32\wbem\WMIsvc.dll. Real md5: 5A7FC383C3355595A83FCE4F23FA792C, Fake md5: 6B2A1D0E80110E3D04E6863C6E62FD8A
18:06:23.0014 5312  Winmgmt ( ForgedFile.Multi.Generic ) - warning
18:06:23.0014 5312  Winmgmt - detected ForgedFile.Multi.Generic (1)
18:06:23.0045 5312  [ 449CBE07A71B499191C227506456C7C8 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:06:23.0092 5312  Suspicious file (Forged): C:\Windows\system32\WsmSvc.dll. Real md5: 449CBE07A71B499191C227506456C7C8, Fake md5: 7CFE68BDC065E55AA5E8421607037511
18:06:23.0108 5312  WinRM ( ForgedFile.Multi.Generic ) - warning
18:06:23.0108 5312  WinRM - detected ForgedFile.Multi.Generic (1)
18:06:23.0139 5312  [ D20CE70213434432BED5CDC45AFA74A1 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:06:23.0170 5312  Suspicious file (Forged): C:\Windows\System32\wlansvc.dll. Real md5: D20CE70213434432BED5CDC45AFA74A1, Fake md5: C008405E4FEEB069E30DA1D823910234
18:06:23.0170 5312  Wlansvc ( ForgedFile.Multi.Generic ) - warning
18:06:23.0170 5312  Wlansvc - detected ForgedFile.Multi.Generic (1)
18:06:23.0201 5312  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:06:23.0451 5312  WmiAcpi - ok
18:06:23.0498 5312  [ 8A976E019FB3D9F72D7C1EC0D4FB7579 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:06:23.0529 5312  Suspicious file (Forged): C:\Windows\system32\wbem\WmiApSrv.exe. Real md5: 8A976E019FB3D9F72D7C1EC0D4FB7579, Fake md5: 43BE3875207DCB62A85C8C49970B66CC
18:06:23.0529 5312  wmiApSrv ( ForgedFile.Multi.Generic ) - warning
18:06:23.0529 5312  wmiApSrv - detected ForgedFile.Multi.Generic (1)
18:06:23.0576 5312  [ 2C245A6ED1E1FF435B600B5DFC7325F0 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:06:23.0638 5312  Suspicious file (Forged): C:\Program Files\Windows Media Player\wmpnetwk.exe. Real md5: 2C245A6ED1E1FF435B600B5DFC7325F0, Fake md5: 3978704576A121A9204F8CC49A301A9B
18:06:23.0638 5312  WMPNetworkSvc ( ForgedFile.Multi.Generic ) - warning
18:06:23.0638 5312  WMPNetworkSvc - detected ForgedFile.Multi.Generic (1)
18:06:23.0669 5312  [ 5ABD1095CC6E1E212DF86050ACB64BDA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:06:23.0701 5312  Suspicious file (Forged): C:\Windows\System32\wpcsvc.dll. Real md5: 5ABD1095CC6E1E212DF86050ACB64BDA, Fake md5: CFC5A04558F5070CEE3E3A7809F3FF52
18:06:23.0701 5312  WPCSvc ( ForgedFile.Multi.Generic ) - warning
18:06:23.0701 5312  WPCSvc - detected ForgedFile.Multi.Generic (1)
18:06:23.0747 5312  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:06:23.0810 5312  WPDBusEnum - ok
18:06:23.0872 5312  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:06:23.0888 5312  WpdUsb - ok
18:06:24.0137 5312  [ 4FB6CD0265037B5D8B86CCF770CFB25A ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:06:24.0184 5312  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe. Real md5: 4FB6CD0265037B5D8B86CCF770CFB25A, Fake md5: DCF3E3EDF5109EE8BC02FE6E1F045795
18:06:24.0184 5312  WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - warning
18:06:24.0184 5312  WPFFontCache_v0400 - detected ForgedFile.Multi.Generic (1)
18:06:24.0231 5312  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:06:24.0371 5312  ws2ifsl - ok
18:06:24.0434 5312  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
18:06:24.0465 5312  wscsvc - ok
18:06:24.0465 5312  WSearch - ok
18:06:24.0512 5312  [ CE80FEC12F96CA35DEEFD2A4E7E3F798 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:06:24.0590 5312  Suspicious file (Forged): C:\Windows\system32\wuaueng.dll. Real md5: CE80FEC12F96CA35DEEFD2A4E7E3F798, Fake md5: FC3EC24FCE372C89423E015A2AC1A31E
18:06:24.0605 5312  wuauserv ( ForgedFile.Multi.Generic ) - warning
18:06:24.0605 5312  wuauserv - detected ForgedFile.Multi.Generic (1)
18:06:24.0652 5312  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:06:24.0730 5312  WudfPf - ok
18:06:24.0730 5312  [ 95078B3A120FB0488447F4BF9794D24E ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:24.0761 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\WUDFRd.sys. Real md5: 95078B3A120FB0488447F4BF9794D24E, Fake md5: 867C301E8B790040AE9CF6486E8041DF
18:06:24.0761 5312  WUDFRd ( ForgedFile.Multi.Generic ) - warning
18:06:24.0761 5312  WUDFRd - detected ForgedFile.Multi.Generic (1)
18:06:24.0793 5312  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:06:24.0839 5312  wudfsvc - ok
18:06:24.0871 5312  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
18:06:24.0902 5312  XAudio - ok
18:06:24.0917 5312  [ 54664AB16813A31387F89CD60E9B0832 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
18:06:24.0949 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\xaudio.exe. Real md5: 54664AB16813A31387F89CD60E9B0832, Fake md5: 28DC5D626E036A75A572556F0A6EB1F6
18:06:24.0949 5312  XAudioService ( ForgedFile.Multi.Generic ) - warning
18:06:24.0949 5312  XAudioService - detected ForgedFile.Multi.Generic (1)
18:06:24.0964 5312  [ FECB77B39816ADA633949F4E27BC6026 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
18:06:24.0980 5312  Suspicious file (Forged): C:\Windows\system32\DRIVERS\yk60x86.sys. Real md5: FECB77B39816ADA633949F4E27BC6026, Fake md5: 69222091B6285906AFF82E43681CF826
18:06:24.0980 5312  yukonwlh ( ForgedFile.Multi.Generic ) - warning
18:06:24.0980 5312  yukonwlh - detected ForgedFile.Multi.Generic (1)
18:06:24.0980 5312  ================ Scan global ===============================
18:06:25.0027 5312  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:06:25.0042 5312  [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:06:25.0073 5312  Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:06:25.0089 5312  [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:06:25.0089 5312  Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:06:25.0120 5312  [ CF967F2AD6364DCB895114E5CBE0FD72 ] C:\Windows\system32\services.exe
18:06:25.0167 5312  Suspicious file (Forged): C:\Windows\system32\services.exe. Real md5: CF967F2AD6364DCB895114E5CBE0FD72, Fake md5: D4E6D91C1349B7BFB3599A6ADA56851B
18:06:25.0167 5312  [Global] - ok
18:06:25.0167 5312  ================ Scan MBR ==================================
18:06:25.0183 5312  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:06:27.0788 5312  \Device\Harddisk0\DR0 - ok
18:06:27.0788 5312  ================ Scan VBR ==================================
18:06:27.0803 5312  [ 350DCDFB2C7F032B38144820915AE7AA ] \Device\Harddisk0\DR0\Partition1
18:06:27.0819 5312  \Device\Harddisk0\DR0\Partition1 - ok
18:06:27.0819 5312  ============================================================
18:06:27.0819 5312  Scan finished
18:06:27.0819 5312  ============================================================
18:06:27.0850 0648  Detected object count: 153
18:06:27.0850 0648  Actual detected object count: 153
18:08:39.0233 0648  ACPI ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0233 0648  ACPI ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0233 0648  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0233 0648  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0249 0648  adp94xx ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648  adp94xx ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0249 0648  adpahci ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648  adpahci ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0249 0648  adpu320 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648  adpu320 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0249 0648  AFD ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648  AFD ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0249 0648  ApfiltrService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648  ApfiltrService ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0249 0648  athr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0249 0648  athr ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0265 0648  AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648  AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0265 0648  Audiosrv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648  Audiosrv ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0265 0648  avipbb ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648  avipbb ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0265 0648  BFE ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648  BFE ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0265 0648  BITS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0265 0648  BITS ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0280 0648  Bonjour Service ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648  Bonjour Service ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0280 0648  CLFS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648  CLFS ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0280 0648  clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648  clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0280 0648  CryptSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648  CryptSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0280 0648  DcomLaunch ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648  DcomLaunch ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0280 0648  DFSR ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648  DFSR ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0280 0648  Dhcp ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0280 0648  Dhcp ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0296 0648  dot3svc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648  dot3svc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0296 0648  Dot4 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648  Dot4 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0296 0648  DPS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648  DPS ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0296 0648  DXGKrnl ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648  DXGKrnl ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0296 0648  Ecache ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648  Ecache ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0296 0648  eeCtrl ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0296 0648  eeCtrl ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0311 0648  ehRecvr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648  ehRecvr ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0311 0648  ehSched ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648  ehSched ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0311 0648  elxstor ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648  elxstor ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0311 0648  EMDMgmt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648  EMDMgmt ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0311 0648  EventSystem ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648  EventSystem ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0311 0648  exfat ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0311 0648  exfat ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0327 0648  fastfat ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648  fastfat ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0327 0648  FltMgr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648  FltMgr ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0327 0648  FontCache ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648  FontCache ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0327 0648  gpsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648  gpsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0327 0648  gupdate ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0327 0648  gupdate ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0343 0648  gupdatem ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648  gupdatem ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0343 0648  HdAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648  HdAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0343 0648  HDAudBus ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648  HDAudBus ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0343 0648  hpqcxs08 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648  hpqcxs08 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0343 0648  hpqddsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648  hpqddsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0343 0648  HSF_DPV ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0343 0648  HSF_DPV ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0358 0648  HSXHWAZL ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648  HSXHWAZL ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0358 0648  HTTP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648  HTTP ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0358 0648  iaStorV ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648  iaStorV ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0358 0648  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0358 0648  idsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648  idsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0358 0648  igfx ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0358 0648  igfx ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0374 0648  IKEEXT ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648  IKEEXT ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0374 0648  IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648  IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0374 0648  iphlpsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648  iphlpsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0374 0648  iPod Service ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648  iPod Service ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0374 0648  iScsiPrt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648  iScsiPrt ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0374 0648  KSecDD ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0374 0648  KSecDD ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0389 0648  KtmRm ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648  KtmRm ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0389 0648  LanmanWorkstation ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648  LanmanWorkstation ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0389 0648  lltdsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648  lltdsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0389 0648  MpsSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648  MpsSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0389 0648  mrxsmb10 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0389 0648  mrxsmb10 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0405 0648  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0405 0648  MsRPC ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648  MsRPC ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0405 0648  napagent ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648  napagent ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0405 0648  NativeWifiP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648  NativeWifiP ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0405 0648  NDIS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648  NDIS ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0405 0648  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0405 0648  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0421 0648  netbt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648  netbt ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0421 0648  Netman ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648  Netman ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0421 0648  netprofm ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648  netprofm ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0421 0648  NetTcpPortSharing ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648  NetTcpPortSharing ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0421 0648  NETw3v32 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648  NETw3v32 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0421 0648  NlaSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0421 0648  NlaSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0436 0648  Ntfs ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648  Ntfs ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0436 0648  odserv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648  odserv ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0436 0648  ose ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648  ose ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0436 0648  p2pimsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648  p2pimsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0436 0648  p2psvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648  p2psvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0436 0648  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0436 0648  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0452 0648  pci ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648  pci ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0452 0648  pcmcia ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648  pcmcia ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0452 0648  PEAUTH ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648  PEAUTH ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0452 0648  pla ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648  pla ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0452 0648  PlugPlay ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648  PlugPlay ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0452 0648  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0452 0648  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0467 0648  PNRPAutoReg ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648  PNRPAutoReg ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0467 0648  PNRPsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648  PNRPsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0467 0648  PolicyAgent ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648  PolicyAgent ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0467 0648  ProfSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648  ProfSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0467 0648  ql2300 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0467 0648  ql2300 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0467 0648  QWAVE ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648  QWAVE ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0483 0648  RasMan ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648  RasMan ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0483 0648  rdbss ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648  rdbss ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0483 0648  rdpdr ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648  rdpdr ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0483 0648  RDPWD ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648  RDPWD ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0483 0648  RpcSs ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0483 0648  RpcSs ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0499 0648  Schedule ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648  Schedule ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0499 0648  SeaPort ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648  SeaPort ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0499 0648  SharedAccess ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648  SharedAccess ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0499 0648  ShellHWDetection ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648  ShellHWDetection ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0499 0648  slsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648  slsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0499 0648  SNPSTD3 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0499 0648  SNPSTD3 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0514 0648  Spooler ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648  Spooler ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0514 0648  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0514 0648  SQLBrowser ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648  SQLBrowser ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0514 0648  srv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648  srv ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0514 0648  srv2 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0514 0648  srv2 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0530 0648  SSDPSRV ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648  SSDPSRV ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0530 0648  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0530 0648  stisvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648  stisvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0530 0648  swprv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648  swprv ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0530 0648  SysMain ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648  SysMain ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0530 0648  TapiSrv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0530 0648  TapiSrv ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0545 0648  Tcpip ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648  Tcpip ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0545 0648  Tcpip6 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648  Tcpip6 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0545 0648  TermService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648  TermService ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0545 0648  Themes ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648  Themes ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0545 0648  ti21sony ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648  ti21sony ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0545 0648  udfs ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0545 0648  udfs ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0561 0648  uliahci ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648  uliahci ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0561 0648  upnphost ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648  upnphost ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0561 0648  usbhub ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648  usbhub ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0561 0648  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0561 0648  VAIO Event Service ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0561 0648  VAIO Event Service ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0561 0648  VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648  VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0577 0648  VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648  VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0577 0648  VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648  VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0577 0648  VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648  VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0577 0648  VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648  VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0577 0648  VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0577 0648  VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0592 0648  vds ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648  vds ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0592 0648  volmgrx ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648  volmgrx ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0592 0648  volsnap ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648  volsnap ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0592 0648  VSS ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648  VSS ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0592 0648  VzCdbSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648  VzCdbSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0592 0648  VzFw ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0592 0648  VzFw ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0608 0648  W32Time ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648  W32Time ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0608 0648  wcncsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648  wcncsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0608 0648  Wdf01000 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648  Wdf01000 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0608 0648  WebClient ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648  WebClient ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0608 0648  Wecsvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0608 0648  Wecsvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0623 0648  winachsf ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648  winachsf ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0623 0648  WinDefend ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648  WinDefend ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0623 0648  Winmgmt ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648  Winmgmt ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0623 0648  WinRM ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648  WinRM ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0623 0648  Wlansvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648  Wlansvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0623 0648  wmiApSrv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648  wmiApSrv ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0623 0648  WMPNetworkSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0623 0648  WMPNetworkSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0639 0648  WPCSvc ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648  WPCSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0639 0648  WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648  WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0639 0648  wuauserv ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648  wuauserv ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0639 0648  WUDFRd ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648  WUDFRd ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0639 0648  XAudioService ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648  XAudioService ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:08:39.0639 0648  yukonwlh ( ForgedFile.Multi.Generic ) - skipped by user
18:08:39.0639 0648  yukonwlh ( ForgedFile.Multi.Generic ) - User select action: Skip 
18:11:40.0581 4692  ============================================================
18:11:40.0581 4692  Scan started
18:11:40.0581 4692  Mode: Manual; SigCheck; TDLFS; 
18:11:40.0581 4692  ============================================================
18:11:41.0018 4692  ================ Scan system memory ========================
18:11:41.0018 4692  System memory - ok
18:11:41.0018 4692  ================ Scan services =============================
18:11:41.0158 4692  [ 1C46DB7455C8BAA1CDA105BE636EA2BD ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:11:41.0158 4692  Suspicious file (Forged): C:\Windows\system32\drivers\acpi.sys. Real md5: 1C46DB7455C8BAA1CDA105BE636EA2BD, Fake md5: 82B296AE1892FE3DBEE00C9CF92F8AC7
18:11:41.0158 4692  ACPI ( ForgedFile.Multi.Generic ) - warning
18:11:41.0158 4692  ACPI - detected ForgedFile.Multi.Generic (1)
18:11:41.0283 4692  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:11:41.0314 4692  AdobeARMservice - ok
18:11:41.0361 4692  [ DBBDE6BC8995ABC5DBBD3C8874A6AA4C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:11:41.0377 4692  Suspicious file (Forged): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: DBBDE6BC8995ABC5DBBD3C8874A6AA4C, Fake md5: 9942DC4CC265CDA00486504444EF521D
18:11:41.0377 4692  AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - warning
18:11:41.0377 4692  AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic (1)
18:11:41.0392 4692  [ 180296C9364B330492245C6A906DFD21 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:11:41.0424 4692  Suspicious file (Forged): C:\Windows\system32\drivers\adp94xx.sys. Real md5: 180296C9364B330492245C6A906DFD21, Fake md5: 2EDC5BBAC6C651ECE337BDE8ED97C9FB
18:11:41.0424 4692  adp94xx ( ForgedFile.Multi.Generic ) - warning
18:11:41.0424 4692  adp94xx - detected ForgedFile.Multi.Generic (1)
18:11:41.0424 4692  [ F583BF71EEBE44D9D68EE1E2C95FA182 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:11:41.0439 4692  Suspicious file (Forged): C:\Windows\system32\drivers\adpahci.sys. Real md5: F583BF71EEBE44D9D68EE1E2C95FA182, Fake md5: B84088CA3CDCA97DA44A984C6CE1CCAD
18:11:41.0439 4692  adpahci ( ForgedFile.Multi.Generic ) - warning
18:11:41.0439 4692  adpahci - detected ForgedFile.Multi.Generic (1)
18:11:41.0455 4692  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:11:41.0486 4692  adpu160m - ok
18:11:41.0486 4692  [ 6B6E34A9C063B2F426C4C635B6A224BE ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:11:41.0486 4692  Suspicious file (Forged): C:\Windows\system32\drivers\adpu320.sys. Real md5: 6B6E34A9C063B2F426C4C635B6A224BE, Fake md5: 9AE713F8E30EFC2ABCCD84904333DF4D
18:11:41.0486 4692  adpu320 ( ForgedFile.Multi.Generic ) - warning
18:11:41.0486 4692  adpu320 - detected ForgedFile.Multi.Generic (1)
18:11:41.0533 4692  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:11:41.0642 4692  AeLookupSvc - ok
18:11:41.0673 4692  [ C9C34C252C2DE3DCAB88D01562FDB965 ] AFD             C:\Windows\system32\drivers\afd.sys
18:11:41.0689 4692  Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: C9C34C252C2DE3DCAB88D01562FDB965, Fake md5: 3911B972B55FEA0478476B2E777B29FA
18:11:41.0689 4692  AFD ( ForgedFile.Multi.Generic ) - warning
18:11:41.0689 4692  AFD - detected ForgedFile.Multi.Generic (1)
18:11:41.0720 4692  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:11:41.0736 4692  agp440 - ok
18:11:41.0751 4692  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:11:41.0767 4692  aic78xx - ok
18:11:41.0814 4692  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
18:11:41.0923 4692  ALG - ok
18:11:41.0938 4692  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:11:41.0954 4692  aliide - ok
18:11:41.0985 4692  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:11:42.0001 4692  amdagp - ok
18:11:42.0016 4692  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
18:11:42.0032 4692  amdide - ok
18:11:42.0063 4692  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:11:42.0282 4692  AmdK7 - ok
18:11:42.0313 4692  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:11:42.0360 4692  AmdK8 - ok
18:11:42.0422 4692  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:11:42.0438 4692  AntiVirSchedulerService - ok
18:11:42.0484 4692  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:11:42.0500 4692  AntiVirService - ok
18:11:42.0516 4692  [ 370197CD43319BA40CCE4FC6DDF047B7 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
18:11:42.0531 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\Apfiltr.sys. Real md5: 370197CD43319BA40CCE4FC6DDF047B7, Fake md5: 7C2F57BCE81FA74933F0E1C84A97C9DB
18:11:42.0531 4692  ApfiltrService ( ForgedFile.Multi.Generic ) - warning
18:11:42.0531 4692  ApfiltrService - detected ForgedFile.Multi.Generic (1)
18:11:42.0578 4692  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
18:11:42.0609 4692  Appinfo - ok
18:11:42.0687 4692  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:11:42.0718 4692  Apple Mobile Device - ok
18:11:42.0734 4692  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
18:11:42.0750 4692  arc - ok
18:11:42.0765 4692  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:11:42.0781 4692  arcsas - ok
18:11:42.0812 4692  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:11:42.0843 4692  AsyncMac - ok
18:11:42.0890 4692  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:11:42.0906 4692  atapi - ok
18:11:42.0937 4692  [ 13673718FB38F2049FFA8E23CB5B9D82 ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:11:42.0968 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\athr.sys. Real md5: 13673718FB38F2049FFA8E23CB5B9D82, Fake md5: 7FA516FC81DD5931F389B56279A27A3E
18:11:42.0984 4692  athr ( ForgedFile.Multi.Generic ) - warning
18:11:42.0984 4692  athr - detected ForgedFile.Multi.Generic (1)
18:11:42.0999 4692  [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:11:43.0030 4692  Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:11:43.0030 4692  AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - warning
18:11:43.0030 4692  AudioEndpointBuilder - detected ForgedFile.Multi.Generic (1)
18:11:43.0046 4692  [ 0BA0A4FF706F4293AB499229D7AEEAE2 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:11:43.0046 4692  Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, Fake md5: 68E2A1A0407A66CF50DA0300852424AB
18:11:43.0046 4692  Audiosrv ( ForgedFile.Multi.Generic ) - warning
18:11:43.0046 4692  Audiosrv - detected ForgedFile.Multi.Generic (1)
18:11:43.0062 4692  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:11:43.0077 4692  avgntflt - ok
18:11:43.0108 4692  [ 56E83EEDA5468D29B74B14F4CCCC27F2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:11:43.0140 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\avipbb.sys. Real md5: 56E83EEDA5468D29B74B14F4CCCC27F2, Fake md5: 37B854C7D1F477E66C5B49C7700C47CC
18:11:43.0140 4692  avipbb ( ForgedFile.Multi.Generic ) - warning
18:11:43.0140 4692  avipbb - detected ForgedFile.Multi.Generic (1)
18:11:43.0155 4692  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:11:43.0171 4692  avkmgr - ok
18:11:43.0202 4692  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:11:43.0249 4692  Beep - ok
18:11:43.0264 4692  [ 4F99C5E39834F98AD426DCE8F4FD50EA ] BFE             C:\Windows\System32\bfe.dll
18:11:43.0296 4692  Suspicious file (Forged): C:\Windows\System32\bfe.dll. Real md5: 4F99C5E39834F98AD426DCE8F4FD50EA, Fake md5: C789AF0F724FDA5852FB9A7D3A432381
18:11:43.0296 4692  BFE ( ForgedFile.Multi.Generic ) - warning
18:11:43.0296 4692  BFE - detected ForgedFile.Multi.Generic (1)
18:11:43.0327 4692  [ 2C17A8F1C97593B30DA4771F66B9D9FA ] BITS            C:\Windows\System32\qmgr.dll
18:11:43.0358 4692  Suspicious file (Forged): C:\Windows\System32\qmgr.dll. Real md5: 2C17A8F1C97593B30DA4771F66B9D9FA, Fake md5: 93952506C6D67330367F7E7934B6A02F
18:11:43.0358 4692  BITS ( ForgedFile.Multi.Generic ) - warning
18:11:43.0358 4692  BITS - detected ForgedFile.Multi.Generic (1)
18:11:43.0358 4692  blbdrive - ok
18:11:43.0436 4692  [ 55F1E1F0CCF431207DCBCFE3668E5187 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:11:43.0467 4692  Suspicious file (Forged): C:\Program Files\Bonjour\mDNSResponder.exe. Real md5: 55F1E1F0CCF431207DCBCFE3668E5187, Fake md5: DB5BEA73EDAF19AC68B2C0FAD0F92B1A
18:11:43.0467 4692  Bonjour Service ( ForgedFile.Multi.Generic ) - warning
18:11:43.0467 4692  Bonjour Service - detected ForgedFile.Multi.Generic (1)
18:11:43.0498 4692  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:11:43.0530 4692  bowser - ok
18:11:43.0561 4692  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:11:43.0592 4692  BrFiltLo - ok
18:11:43.0608 4692  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:11:43.0639 4692  BrFiltUp - ok
18:11:43.0670 4692  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
18:11:43.0701 4692  Browser - ok
18:11:43.0732 4692  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:11:43.0795 4692  Brserid - ok
18:11:43.0842 4692  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:11:43.0888 4692  BrSerWdm - ok
18:11:43.0920 4692  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:11:43.0982 4692  BrUsbMdm - ok
18:11:43.0998 4692  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:11:44.0060 4692  BrUsbSer - ok
18:11:44.0091 4692  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:11:44.0169 4692  BTHMODEM - ok
18:11:44.0216 4692  [ 088C0978203D59425A12B2A53FCCD02B ] camfilt2        C:\Windows\system32\DRIVERS\camfilt2.sys
18:11:44.0247 4692  camfilt2 - ok
18:11:44.0294 4692  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:11:44.0325 4692  cdfs - ok
18:11:44.0372 4692  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:11:44.0403 4692  cdrom - ok
18:11:44.0450 4692  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:11:44.0481 4692  CertPropSvc - ok
18:11:44.0497 4692  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:11:44.0559 4692  circlass - ok
18:11:44.0575 4692  [ B3C3AFFC37D0BCDA8084B0427DEB9201 ] CLFS            C:\Windows\system32\CLFS.sys
18:11:44.0606 4692  Suspicious file (Forged): C:\Windows\system32\CLFS.sys. Real md5: B3C3AFFC37D0BCDA8084B0427DEB9201, Fake md5: D7659D3B5B92C31E84E53C1431F35132
18:11:44.0606 4692  CLFS ( ForgedFile.Multi.Generic ) - warning
18:11:44.0606 4692  CLFS - detected ForgedFile.Multi.Generic (1)
18:11:44.0793 4692  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:11:44.0824 4692  clr_optimization_v2.0.50727_32 - ok
18:11:44.0902 4692  [ B89B6C8262ACA6654AF4C5C96B00EAD4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:11:44.0934 4692  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe. Real md5: B89B6C8262ACA6654AF4C5C96B00EAD4, Fake md5: C5A75EB48E2344ABDC162BDA79E16841
18:11:44.0934 4692  clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic ) - warning
18:11:44.0934 4692  clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.Generic (1)
18:11:44.0980 4692  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:11:45.0012 4692  CmBatt - ok
18:11:45.0043 4692  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:11:45.0074 4692  cmdide - ok
18:11:45.0105 4692  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:11:45.0121 4692  Compbatt - ok
18:11:45.0136 4692  COMSysApp - ok
18:11:45.0152 4692  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:11:45.0183 4692  crcdisk - ok
18:11:45.0199 4692  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:11:45.0261 4692  Crusoe - ok
18:11:45.0292 4692  [ FD4F06A4D4B35CD18DBE7AE5932BD2BC ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:11:45.0324 4692  Suspicious file (Forged): C:\Windows\system32\cryptsvc.dll. Real md5: FD4F06A4D4B35CD18DBE7AE5932BD2BC, Fake md5: F1E8C34892336D33EDDCDFE44E474F64
18:11:45.0324 4692  CryptSvc ( ForgedFile.Multi.Generic ) - warning
18:11:45.0324 4692  CryptSvc - detected ForgedFile.Multi.Generic (1)
18:11:45.0355 4692  [ 6621476E1926167313D0FE6E95E98E7F ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:11:45.0386 4692  Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:11:45.0402 4692  DcomLaunch ( ForgedFile.Multi.Generic ) - warning
18:11:45.0402 4692  DcomLaunch - detected ForgedFile.Multi.Generic (1)
18:11:45.0433 4692  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:11:45.0464 4692  DfsC - ok
18:11:45.0495 4692  [ E64B47ECCBA21C3EB9167C21EF8DFCD6 ] DFSR            C:\Windows\system32\DFSR.exe
18:11:45.0511 4692  Suspicious file (Forged): C:\Windows\system32\DFSR.exe. Real md5: E64B47ECCBA21C3EB9167C21EF8DFCD6, Fake md5: 2CC3DCFB533A1035B13DCAB6160AB38B
18:11:45.0511 4692  DFSR ( ForgedFile.Multi.Generic ) - warning
18:11:45.0511 4692  DFSR - detected ForgedFile.Multi.Generic (1)
18:11:45.0542 4692  [ BEE7BF9A9BC8EECF0DAB06823333EB71 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:11:45.0558 4692  Suspicious file (Forged): C:\Windows\System32\dhcpcsvc.dll. Real md5: BEE7BF9A9BC8EECF0DAB06823333EB71, Fake md5: 9028559C132146FB75EB7ACF384B086A
18:11:45.0558 4692  Dhcp ( ForgedFile.Multi.Generic ) - warning
18:11:45.0558 4692  Dhcp - detected ForgedFile.Multi.Generic (1)
18:11:45.0604 4692  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
18:11:45.0620 4692  disk - ok
18:11:45.0636 4692  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
18:11:45.0667 4692  DMICall - ok
18:11:45.0682 4692  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:11:45.0714 4692  Dnscache - ok
18:11:45.0745 4692  [ 5602860034ED703E783E0AD7DDA6F685 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:11:45.0776 4692  Suspicious file (Forged): C:\Windows\System32\dot3svc.dll. Real md5: 5602860034ED703E783E0AD7DDA6F685, Fake md5: 324FD74686B1EF5E7C19A8AF49E748F6
18:11:45.0776 4692  dot3svc ( ForgedFile.Multi.Generic ) - warning
18:11:45.0776 4692  dot3svc - detected ForgedFile.Multi.Generic (1)
18:11:45.0792 4692  [ 310D59BD6E8CDC0F2000AF2010679936 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
18:11:45.0823 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\Dot4.sys. Real md5: 310D59BD6E8CDC0F2000AF2010679936, Fake md5: 4F59C172C094E1A1D46463A8DC061CBD
18:11:45.0823 4692  Dot4 ( ForgedFile.Multi.Generic ) - warning
18:11:45.0823 4692  Dot4 - detected ForgedFile.Multi.Generic (1)
18:11:45.0854 4692  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:11:45.0885 4692  Dot4Print - ok
18:11:45.0948 4692  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
18:11:45.0994 4692  dot4usb - ok
18:11:46.0026 4692  [ D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE ] DPS             C:\Windows\system32\dps.dll
18:11:46.0041 4692  Suspicious file (Forged): C:\Windows\system32\dps.dll. Real md5: D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, Fake md5: A622E888F8AA2F6B49E9BC466F0E5DEF
18:11:46.0041 4692  DPS ( ForgedFile.Multi.Generic ) - warning
18:11:46.0041 4692  DPS - detected ForgedFile.Multi.Generic (1)
18:11:46.0088 4692  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:11:46.0119 4692  drmkaud - ok
18:11:46.0150 4692  [ BF43DE3D7B7AD1DB3D14B6F6B0168FF4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:11:46.0150 4692  Suspicious file (Forged): C:\Windows\System32\drivers\dxgkrnl.sys. Real md5: BF43DE3D7B7AD1DB3D14B6F6B0168FF4, Fake md5: C68AC676B0EF30CFBB1080ADCE49EB1F
18:11:46.0150 4692  DXGKrnl ( ForgedFile.Multi.Generic ) - warning
18:11:46.0150 4692  DXGKrnl - detected ForgedFile.Multi.Generic (1)
18:11:46.0182 4692  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:11:46.0260 4692  E1G60 - ok
18:11:46.0291 4692  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
18:11:46.0322 4692  EapHost - ok
18:11:46.0338 4692  [ EB7BB3F702D7B9FA17F02902A26D3102 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:11:46.0369 4692  Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: EB7BB3F702D7B9FA17F02902A26D3102, Fake md5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371
18:11:46.0369 4692  Ecache ( ForgedFile.Multi.Generic ) - warning
18:11:46.0369 4692  Ecache - detected ForgedFile.Multi.Generic (1)
18:11:46.0400 4692  [ A663C89B95F6C823BE98E1A0C23149A1 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:11:46.0431 4692  Suspicious file (Forged): C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys. Real md5: A663C89B95F6C823BE98E1A0C23149A1, Fake md5: E89CC1363CB7F5320AE3B41C1333D0C3
18:11:46.0431 4692  eeCtrl ( ForgedFile.Multi.Generic ) - warning
18:11:46.0431 4692  eeCtrl - detected ForgedFile.Multi.Generic (1)
18:11:46.0478 4692  [ 8BC25F382CE1C37F3462184FD1D8030C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:11:46.0525 4692  Suspicious file (Forged): C:\Windows\ehome\ehRecvr.exe. Real md5: 8BC25F382CE1C37F3462184FD1D8030C, Fake md5: 9BE3744D295A7701EB425332014F0797
18:11:46.0525 4692  ehRecvr ( ForgedFile.Multi.Generic ) - warning
18:11:46.0525 4692  ehRecvr - detected ForgedFile.Multi.Generic (1)
18:11:46.0540 4692  [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] ehSched         C:\Windows\ehome\ehsched.exe
18:11:46.0556 4692  Suspicious file (Forged): C:\Windows\ehome\ehsched.exe. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: AD1870C8E5D6DD340C829E6074BF3C3F
18:11:46.0556 4692  ehSched ( ForgedFile.Multi.Generic ) - warning
18:11:46.0556 4692  ehSched - detected ForgedFile.Multi.Generic (1)
18:11:46.0572 4692  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
18:11:46.0603 4692  ehstart - ok
18:11:46.0618 4692  [ A673FE699A92D5D8543D5169B998866B ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:11:46.0634 4692  Suspicious file (Forged): C:\Windows\system32\drivers\elxstor.sys. Real md5: A673FE699A92D5D8543D5169B998866B, Fake md5: E8F3F21A71720C84BCF423B80028359F
18:11:46.0650 4692  elxstor ( ForgedFile.Multi.Generic ) - warning
18:11:46.0650 4692  elxstor - detected ForgedFile.Multi.Generic (1)
18:11:46.0665 4692  [ 05724A298F2FCAF5F4711D153600379A ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:11:46.0712 4692  Suspicious file (Forged): C:\Windows\system32\emdmgmt.dll. Real md5: 05724A298F2FCAF5F4711D153600379A, Fake md5: 4E6B23DFC917EA39306B529B773950F4
18:11:46.0712 4692  EMDMgmt ( ForgedFile.Multi.Generic ) - warning
18:11:46.0712 4692  EMDMgmt - detected ForgedFile.Multi.Generic (1)
18:11:46.0743 4692  [ 4A37B2EBCE76601F28E88E24E62AE715 ] EventSystem     C:\Windows\system32\es.dll
18:11:46.0774 4692  Suspicious file (Forged): C:\Windows\system32\es.dll. Real md5: 4A37B2EBCE76601F28E88E24E62AE715, Fake md5: 67058C46504BC12D821F38CF99B7B28F
18:11:46.0774 4692  EventSystem ( ForgedFile.Multi.Generic ) - warning
18:11:46.0774 4692  EventSystem - detected ForgedFile.Multi.Generic (1)
18:11:46.0806 4692  [ DD5448BF498735A4AF29D9B7A08BAA98 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:11:46.0837 4692  Suspicious file (Forged): C:\Windows\system32\drivers\exfat.sys. Real md5: DD5448BF498735A4AF29D9B7A08BAA98, Fake md5: 22B408651F9123527BCEE54B4F6C5CAE
18:11:46.0837 4692  exfat ( ForgedFile.Multi.Generic ) - warning
18:11:46.0837 4692  exfat - detected ForgedFile.Multi.Generic (1)
18:11:46.0852 4692  [ 31478AB932E13E1C1D7B15EA886D4753 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:11:46.0884 4692  Suspicious file (Forged): C:\Windows\system32\drivers\fastfat.sys. Real md5: 31478AB932E13E1C1D7B15EA886D4753, Fake md5: 1E9B9A70D332103C52995E957DC09EF8
18:11:46.0884 4692  fastfat ( ForgedFile.Multi.Generic ) - warning
18:11:46.0884 4692  fastfat - detected ForgedFile.Multi.Generic (1)
18:11:46.0899 4692  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:11:47.0133 4692  fdc - ok
18:11:47.0180 4692  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:11:47.0305 4692  fdPHost - ok
18:11:47.0336 4692  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:11:47.0398 4692  FDResPub - ok
18:11:47.0445 4692  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:11:47.0476 4692  FileInfo - ok
18:11:47.0508 4692  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:11:47.0539 4692  Filetrace - ok
18:11:47.0570 4692  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:11:47.0617 4692  flpydisk - ok
18:11:47.0648 4692  [ 2538353A92BCA8ABF5E0765C025845A0 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:11:47.0679 4692  Suspicious file (Forged): C:\Windows\system32\drivers\fltmgr.sys. Real md5: 2538353A92BCA8ABF5E0765C025845A0, Fake md5: 01334F9EA68E6877C4EF05D3EA8ABB05
18:11:47.0679 4692  FltMgr ( ForgedFile.Multi.Generic ) - warning
18:11:47.0679 4692  FltMgr - detected ForgedFile.Multi.Generic (1)
18:11:47.0710 4692  [ 6F9F3DBF97422A2B4F71F15602830D65 ] FontCache       C:\Windows\system32\FntCache.dll
18:11:47.0757 4692  Suspicious file (Forged): C:\Windows\system32\FntCache.dll. Real md5: 6F9F3DBF97422A2B4F71F15602830D65, Fake md5: 8CE364388C8ECA59B14B539179276D44
18:11:47.0757 4692  FontCache ( ForgedFile.Multi.Generic ) - warning
18:11:47.0757 4692  FontCache - detected ForgedFile.Multi.Generic (1)
18:11:47.0835 4692  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:11:47.0866 4692  FontCache3.0.0.0 - ok
18:11:47.0913 4692  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:11:47.0944 4692  Fs_Rec - ok
18:11:47.0976 4692  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:11:47.0991 4692  gagp30kx - ok
18:11:48.0022 4692  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:11:48.0038 4692  GEARAspiWDM - ok
18:11:48.0069 4692  [ 709215724B53CA227C140AD2E45F321E ] gpsvc           C:\Windows\System32\gpsvc.dll
18:11:48.0116 4692  Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Real md5: 709215724B53CA227C140AD2E45F321E, Fake md5: CD5D0AEEE35DFD4E986A5AA1500A6E66
18:11:48.0116 4692  gpsvc ( ForgedFile.Multi.Generic ) - warning
18:11:48.0116 4692  gpsvc - detected ForgedFile.Multi.Generic (1)
18:11:48.0194 4692  [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:11:48.0225 4692  Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:11:48.0225 4692  gupdate ( ForgedFile.Multi.Generic ) - warning
18:11:48.0225 4692  gupdate - detected ForgedFile.Multi.Generic (1)
18:11:48.0225 4692  [ 0BE51E585C219A4FEEA6FF6ECE67B722 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:11:48.0225 4692  Suspicious file (Forged): C:\Program Files\Google\Update\GoogleUpdate.exe. Real md5: 0BE51E585C219A4FEEA6FF6ECE67B722, Fake md5: 8F0DE4FEF8201E306F9938B0905AC96A
18:11:48.0225 4692  gupdatem ( ForgedFile.Multi.Generic ) - warning
18:11:48.0225 4692  gupdatem - detected ForgedFile.Multi.Generic (1)
18:11:48.0241 4692  [ 6C484169033372E257F146D913D603B7 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:11:48.0256 4692  Suspicious file (Forged): C:\Windows\system32\drivers\HdAudio.sys. Real md5: 6C484169033372E257F146D913D603B7, Fake md5: CB04C744BE0A61B1D648FAED182C3B59
18:11:48.0256 4692  HdAudAddService ( ForgedFile.Multi.Generic ) - warning
18:11:48.0256 4692  HdAudAddService - detected ForgedFile.Multi.Generic (1)
18:11:48.0272 4692  [ 7B0576051613B2B104C13014FE46280B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:11:48.0319 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HDAudBus.sys. Real md5: 7B0576051613B2B104C13014FE46280B, Fake md5: 062452B7FFD68C8C042A6261FE8DFF4A
18:11:48.0319 4692  HDAudBus ( ForgedFile.Multi.Generic ) - warning
18:11:48.0319 4692  HDAudBus - detected ForgedFile.Multi.Generic (1)
18:11:48.0334 4692  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:11:48.0568 4692  HidBth - ok
18:11:48.0600 4692  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:11:48.0662 4692  HidIr - ok
18:11:48.0693 4692  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
18:11:48.0724 4692  hidserv - ok
18:11:48.0756 4692  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:11:48.0849 4692  HidUsb - ok
18:11:48.0880 4692  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:11:49.0005 4692  hkmsvc - ok
18:11:49.0021 4692  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:11:49.0036 4692  HpCISSs - ok
18:11:49.0208 4692  [ 3E02DA96A403154487761734F342C2C9 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:11:49.0239 4692  Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: FCB563B0A23643E5F80B6FF1E60F610F
18:11:49.0239 4692  hpqcxs08 ( ForgedFile.Multi.Generic ) - warning
18:11:49.0239 4692  hpqcxs08 - detected ForgedFile.Multi.Generic (1)
18:11:49.0270 4692  [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:11:49.0286 4692  Suspicious file (Forged): C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, Fake md5: 25E443E27165C652723A92D9BDFD4649
18:11:49.0286 4692  hpqddsvc ( ForgedFile.Multi.Generic ) - warning
18:11:49.0286 4692  hpqddsvc - detected ForgedFile.Multi.Generic (1)
18:11:49.0302 4692  [ C55ECAF5DAD25B1ACD51B5087DEBE629 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:11:49.0348 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_DPV.sys. Real md5: C55ECAF5DAD25B1ACD51B5087DEBE629, Fake md5: 53229DCF431D76434816CD29251168A0
18:11:49.0364 4692  HSF_DPV ( ForgedFile.Multi.Generic ) - warning
18:11:49.0364 4692  HSF_DPV - detected ForgedFile.Multi.Generic (1)
18:11:49.0364 4692  [ BDBCD7E0ED72601DD45C5773EBE77624 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:11:49.0380 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSXHWAZL.sys. Real md5: BDBCD7E0ED72601DD45C5773EBE77624, Fake md5: 31F949D452201F2F0AF0C88D7DB512CD
18:11:49.0395 4692  HSXHWAZL ( ForgedFile.Multi.Generic ) - warning
18:11:49.0395 4692  HSXHWAZL - detected ForgedFile.Multi.Generic (1)
18:11:49.0411 4692  [ 5D2F2BE05E2B89926F215648CB978659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:11:49.0442 4692  Suspicious file (Forged): C:\Windows\system32\drivers\HTTP.sys. Real md5: 5D2F2BE05E2B89926F215648CB978659, Fake md5: F870AA3E254628EBEAFE754108D664DE
18:11:49.0442 4692  HTTP ( ForgedFile.Multi.Generic ) - warning
18:11:49.0442 4692  HTTP - detected ForgedFile.Multi.Generic (1)
18:11:49.0473 4692  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:11:49.0489 4692  i2omp - ok
18:11:49.0536 4692  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:11:49.0660 4692  i8042prt - ok
18:11:49.0660 4692  [ 9DCF37FC5B8F3792267FDE48E9F4C977 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:11:49.0692 4692  Suspicious file (Forged): C:\Windows\system32\drivers\iastorv.sys. Real md5: 9DCF37FC5B8F3792267FDE48E9F4C977, Fake md5: C957BF4B5D80B46C5017BF0101E6C906
18:11:49.0692 4692  iaStorV ( ForgedFile.Multi.Generic ) - warning
18:11:49.0692 4692  iaStorV - detected ForgedFile.Multi.Generic (1)
18:11:49.0754 4692  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:11:49.0770 4692  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:11:49.0770 4692  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:11:49.0801 4692  [ 0CCB927A147D18781E9D1DB3C285B8D9 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:11:49.0863 4692  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 0CCB927A147D18781E9D1DB3C285B8D9, Fake md5: 98477B08E61945F974ED9FDC4CB6BDAB
18:11:49.0863 4692  idsvc ( ForgedFile.Multi.Generic ) - warning
18:11:49.0863 4692  idsvc - detected ForgedFile.Multi.Generic (1)
18:11:49.0879 4692  [ 3BE04D53EBE12B6027374781F8189DB9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:11:49.0957 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\igdkmd32.sys. Real md5: 3BE04D53EBE12B6027374781F8189DB9, Fake md5: A4FBA5B34E69E46315A7C5223A470A17
18:11:49.0957 4692  igfx ( ForgedFile.Multi.Generic ) - warning
18:11:49.0957 4692  igfx - detected ForgedFile.Multi.Generic (1)
18:11:49.0972 4692  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:11:49.0988 4692  iirsp - ok
18:11:50.0019 4692  [ 756645FB1BF7F3A406DD9A4C13CC73C0 ] IKEEXT          C:\Windows\System32\ikeext.dll
         

Alt 10.03.2013, 18:45   #15
Kim1988
 
Groupon Email - Standard

Groupon Email



Das ist der 3. Teil:

Code:
ATTFilter
18:11:50.0082 4692  Suspicious file (Forged): C:\Windows\System32\ikeext.dll. Real md5: 756645FB1BF7F3A406DD9A4C13CC73C0, Fake md5: 9908D8A397B76CD8D31D0D383C5773C9
18:11:50.0082 4692  IKEEXT ( ForgedFile.Multi.Generic ) - warning
18:11:50.0082 4692  IKEEXT - detected ForgedFile.Multi.Generic (1)
18:11:50.0113 4692  [ 568E6FAAF0C70FE1305DFD9A1788EE8E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:11:50.0175 4692  Suspicious file (Forged): C:\Windows\system32\drivers\RTKVHDA.sys. Real md5: 568E6FAAF0C70FE1305DFD9A1788EE8E, Fake md5: C61B3B87F3856CEF0C9F204028C6860D
18:11:50.0191 4692  IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
18:11:50.0191 4692  IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
18:11:50.0222 4692  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:11:50.0238 4692  intelide - ok
18:11:50.0269 4692  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:11:50.0378 4692  intelppm - ok
18:11:50.0440 4692  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:11:50.0503 4692  IPBusEnum - ok
18:11:50.0534 4692  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:11:50.0565 4692  IpFilterDriver - ok
18:11:50.0581 4692  [ E4EFE9F0DD1EDCD7769C9423596DABCC ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:11:50.0612 4692  Suspicious file (Forged): C:\Windows\System32\iphlpsvc.dll. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, Fake md5: 1998BD97F950680BB55F55A7244679C2
18:11:50.0612 4692  iphlpsvc ( ForgedFile.Multi.Generic ) - warning
18:11:50.0612 4692  iphlpsvc - detected ForgedFile.Multi.Generic (1)
18:11:50.0612 4692  IpInIp - ok
18:11:50.0659 4692  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:11:50.0893 4692  IPMIDRV - ok
18:11:50.0924 4692  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:11:51.0080 4692  IPNAT - ok
18:11:51.0111 4692  [ B2179A1F99818EFF32BB644A54FB35B7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:11:51.0142 4692  Suspicious file (Forged): C:\Program Files\iPod\bin\iPodService.exe. Real md5: B2179A1F99818EFF32BB644A54FB35B7, Fake md5: E46B17060D3962A384AE484094614788
18:11:51.0142 4692  iPod Service ( ForgedFile.Multi.Generic ) - warning
18:11:51.0142 4692  iPod Service - detected ForgedFile.Multi.Generic (1)
18:11:51.0189 4692  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:11:51.0314 4692  IRENUM - ok
18:11:51.0345 4692  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:11:51.0361 4692  isapnp - ok
18:11:51.0376 4692  [ AB9208FAF0F529FC3EED3B7761029859 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:11:51.0408 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\msiscsi.sys. Real md5: AB9208FAF0F529FC3EED3B7761029859, Fake md5: 232FA340531D940AAC623B121A595034
18:11:51.0408 4692  iScsiPrt ( ForgedFile.Multi.Generic ) - warning
18:11:51.0408 4692  iScsiPrt - detected ForgedFile.Multi.Generic (1)
18:11:51.0423 4692  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:11:51.0439 4692  iteatapi - ok
18:11:51.0454 4692  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:11:51.0470 4692  iteraid - ok
18:11:51.0501 4692  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:11:51.0548 4692  kbdclass - ok
18:11:51.0564 4692  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:11:51.0798 4692  kbdhid - ok
18:11:51.0860 4692  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
18:11:51.0907 4692  KeyIso - ok
18:11:51.0938 4692  [ 0A433A51020CD61594EE0AB8435B2176 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:11:51.0969 4692  Suspicious file (Forged): C:\Windows\system32\Drivers\ksecdd.sys. Real md5: 0A433A51020CD61594EE0AB8435B2176, Fake md5: 4A1445EFA932A3BAF5BDB02D7131EE20
18:11:51.0969 4692  KSecDD ( ForgedFile.Multi.Generic ) - warning
18:11:51.0969 4692  KSecDD - detected ForgedFile.Multi.Generic (1)
18:11:52.0000 4692  [ C6DCDF88AE75644704F35CAF5337C0B6 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:11:52.0032 4692  Suspicious file (Forged): C:\Windows\system32\msdtckrm.dll. Real md5: C6DCDF88AE75644704F35CAF5337C0B6, Fake md5: 8078F8F8F7A79E2E6B494523A828C585
18:11:52.0032 4692  KtmRm ( ForgedFile.Multi.Generic ) - warning
18:11:52.0032 4692  KtmRm - detected ForgedFile.Multi.Generic (1)
18:11:52.0078 4692  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:11:52.0110 4692  LanmanServer - ok
18:11:52.0125 4692  [ A3D96945791156D3AAF9CF34FEEFA21C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:11:52.0156 4692  Suspicious file (Forged): C:\Windows\System32\wkssvc.dll. Real md5: A3D96945791156D3AAF9CF34FEEFA21C, Fake md5: 1DB69705B695B987082C8BAEC0C6B34F
18:11:52.0156 4692  LanmanWorkstation ( ForgedFile.Multi.Generic ) - warning
18:11:52.0156 4692  LanmanWorkstation - detected ForgedFile.Multi.Generic (1)
18:11:52.0203 4692  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:11:52.0312 4692  lltdio - ok
18:11:52.0328 4692  [ B98524C2784030C4ECFE3DEA47002A80 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:11:52.0359 4692  Suspicious file (Forged): C:\Windows\System32\lltdsvc.dll. Real md5: B98524C2784030C4ECFE3DEA47002A80, Fake md5: 2D5A428872F1442631D0959A34ABFF63
18:11:52.0359 4692  lltdsvc ( ForgedFile.Multi.Generic ) - warning
18:11:52.0359 4692  lltdsvc - detected ForgedFile.Multi.Generic (1)
18:11:52.0390 4692  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:11:52.0656 4692  lmhosts - ok
18:11:52.0687 4692  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:11:52.0734 4692  LSI_FC - ok
18:11:52.0765 4692  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:11:52.0780 4692  LSI_SAS - ok
18:11:52.0812 4692  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:11:52.0827 4692  LSI_SCSI - ok
18:11:52.0843 4692  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
18:11:52.0968 4692  luafv - ok
18:11:52.0999 4692  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:11:53.0046 4692  Mcx2Svc - ok
18:11:53.0092 4692  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:11:53.0108 4692  mdmxsdk - ok
18:11:53.0139 4692  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
18:11:53.0155 4692  megasas - ok
18:11:53.0170 4692  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
18:11:53.0202 4692  MMCSS - ok
18:11:53.0248 4692  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
18:11:53.0295 4692  Modem - ok
18:11:53.0342 4692  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:11:53.0373 4692  monitor - ok
18:11:53.0451 4692  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:11:53.0467 4692  mouclass - ok
18:11:53.0482 4692  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:11:53.0514 4692  mouhid - ok
18:11:53.0576 4692  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:11:53.0623 4692  MountMgr - ok
18:11:53.0670 4692  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:11:53.0685 4692  MozillaMaintenance - ok
18:11:53.0732 4692  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:11:53.0763 4692  mpio - ok
18:11:53.0794 4692  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:11:53.0888 4692  mpsdrv - ok
18:11:53.0904 4692  [ C46DF109D49B7827F326885D1367C964 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:11:53.0935 4692  Suspicious file (Forged): C:\Windows\system32\mpssvc.dll. Real md5: C46DF109D49B7827F326885D1367C964, Fake md5: 5DE62C6E9108F14F6794060A9BDECAEC
18:11:53.0935 4692  MpsSvc ( ForgedFile.Multi.Generic ) - warning
18:11:53.0935 4692  MpsSvc - detected ForgedFile.Multi.Generic (1)
18:11:53.0950 4692  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:11:53.0966 4692  Mraid35x - ok
18:11:54.0013 4692  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:11:54.0044 4692  MRxDAV - ok
18:11:54.0075 4692  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:11:54.0106 4692  mrxsmb - ok
18:11:54.0138 4692  [ B094DB2537AAEDACCB66B3707A5BB91C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:11:54.0153 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\mrxsmb10.sys. Real md5: B094DB2537AAEDACCB66B3707A5BB91C, Fake md5: 4FCCB34D793B116423209C0F8B7A3B03
18:11:54.0169 4692  mrxsmb10 ( ForgedFile.Multi.Generic ) - warning
18:11:54.0169 4692  mrxsmb10 - detected ForgedFile.Multi.Generic (1)
18:11:54.0184 4692  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:11:54.0200 4692  mrxsmb20 - ok
18:11:54.0231 4692  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:11:54.0247 4692  msahci - ok
18:11:54.0372 4692  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
18:11:54.0403 4692  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:11:54.0403 4692  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:11:54.0434 4692  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:11:54.0450 4692  msdsm - ok
18:11:54.0481 4692  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
18:11:54.0590 4692  MSDTC - ok
18:11:54.0652 4692  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:11:54.0684 4692  Msfs - ok
18:11:54.0715 4692  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:11:54.0746 4692  msisadrv - ok
18:11:54.0808 4692  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:11:54.0840 4692  MSiSCSI - ok
18:11:54.0840 4692  msiserver - ok
18:11:54.0886 4692  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:11:54.0949 4692  MSKSSRV - ok
18:11:54.0980 4692  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:11:55.0011 4692  MSPCLOCK - ok
18:11:55.0027 4692  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:11:55.0058 4692  MSPQM - ok
18:11:55.0074 4692  [ 22CDB67DE48B43458FEAF4025CFF9E6A ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:11:55.0105 4692  Suspicious file (Forged): C:\Windows\system32\drivers\MsRPC.sys. Real md5: 22CDB67DE48B43458FEAF4025CFF9E6A, Fake md5: B49456D70555DE905C311BCDA6EC6ADB
18:11:55.0105 4692  MsRPC ( ForgedFile.Multi.Generic ) - warning
18:11:55.0105 4692  MsRPC - detected ForgedFile.Multi.Generic (1)
18:11:55.0120 4692  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:11:55.0136 4692  mssmbios - ok
18:11:55.0183 4692  MSSQL$VAIO_VEDB - ok
18:11:55.0276 4692  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:11:55.0292 4692  MSSQLServerADHelper - ok
18:11:55.0308 4692  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:11:55.0417 4692  MSTEE - ok
18:11:55.0464 4692  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
18:11:55.0495 4692  Mup - ok
18:11:55.0510 4692  [ BF16B6BE3E81BF3A03898E51FE2BA197 ] napagent        C:\Windows\system32\qagentRT.dll
18:11:55.0542 4692  Suspicious file (Forged): C:\Windows\system32\qagentRT.dll. Real md5: BF16B6BE3E81BF3A03898E51FE2BA197, Fake md5: E4EAF0C5C1B41B5C83386CF212CA9584
18:11:55.0542 4692  napagent ( ForgedFile.Multi.Generic ) - warning
18:11:55.0542 4692  napagent - detected ForgedFile.Multi.Generic (1)
18:11:55.0573 4692  [ 0745D9564DDCAC4884B38533C5A9D100 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:11:55.0588 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\nwifi.sys. Real md5: 0745D9564DDCAC4884B38533C5A9D100, Fake md5: 85C44FDFF9CF7E72A40DCB7EC06A4416
18:11:55.0588 4692  NativeWifiP ( ForgedFile.Multi.Generic ) - warning
18:11:55.0588 4692  NativeWifiP - detected ForgedFile.Multi.Generic (1)
18:11:55.0604 4692  [ 1E55E310420D50A24403B5FC3902668F ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:11:55.0651 4692  Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 1E55E310420D50A24403B5FC3902668F, Fake md5: 1357274D1883F68300AEADD15D7BBB42
18:11:55.0651 4692  NDIS ( ForgedFile.Multi.Generic ) - warning
18:11:55.0651 4692  NDIS - detected ForgedFile.Multi.Generic (1)
18:11:55.0698 4692  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:11:55.0791 4692  NdisTapi - ok
18:11:55.0822 4692  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:11:55.0947 4692  Ndisuio - ok
18:11:55.0994 4692  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:11:56.0025 4692  NdisWan - ok
18:11:56.0056 4692  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:11:56.0103 4692  NDProxy - ok
18:11:56.0150 4692  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:11:56.0150 4692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:11:56.0150 4692  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:11:56.0197 4692  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:11:56.0290 4692  NetBIOS - ok
18:11:56.0306 4692  [ 78E78900E441476A988389AE05503FD9 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:11:56.0337 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 78E78900E441476A988389AE05503FD9, Fake md5: ECD64230A59CBD93C85F1CD1CAB9F3F6
18:11:56.0337 4692  netbt ( ForgedFile.Multi.Generic ) - warning
18:11:56.0337 4692  netbt - detected ForgedFile.Multi.Generic (1)
18:11:56.0353 4692  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
18:11:56.0368 4692  Netlogon - ok
18:11:56.0400 4692  [ 3DCB0CE00A2ADEE38D7B96AFC169C680 ] Netman          C:\Windows\System32\netman.dll
18:11:56.0431 4692  Suspicious file (Forged): C:\Windows\System32\netman.dll. Real md5: 3DCB0CE00A2ADEE38D7B96AFC169C680, Fake md5: C8052711DAECC48B982434C5116CA401
18:11:56.0431 4692  Netman ( ForgedFile.Multi.Generic ) - warning
18:11:56.0431 4692  Netman - detected ForgedFile.Multi.Generic (1)
18:11:56.0462 4692  [ 625E3E643559D386D809FC1F29B94496 ] netprofm        C:\Windows\System32\netprofm.dll
18:11:56.0493 4692  Suspicious file (Forged): C:\Windows\System32\netprofm.dll. Real md5: 625E3E643559D386D809FC1F29B94496, Fake md5: 2EF3BBE22E5A5ACD1428EE387A0D0172
18:11:56.0493 4692  netprofm ( ForgedFile.Multi.Generic ) - warning
18:11:56.0493 4692  netprofm - detected ForgedFile.Multi.Generic (1)
18:11:56.0509 4692  [ BC27D9CA87FCCDA85C061271B6A57D02 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:11:56.0524 4692  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe. Real md5: BC27D9CA87FCCDA85C061271B6A57D02, Fake md5: D6C4E4A39A36029AC0813D476FBD0248
18:11:56.0524 4692  NetTcpPortSharing ( ForgedFile.Multi.Generic ) - warning
18:11:56.0524 4692  NetTcpPortSharing - detected ForgedFile.Multi.Generic (1)
18:11:56.0556 4692  [ 7499E08715BE018B7F4CCBDD4861A2F0 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
18:11:56.0634 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\NETw3v32.sys. Real md5: 7499E08715BE018B7F4CCBDD4861A2F0, Fake md5: ACC6170D80C69E50145B370023B64ED3
18:11:56.0634 4692  NETw3v32 ( ForgedFile.Multi.Generic ) - warning
18:11:56.0649 4692  NETw3v32 - detected ForgedFile.Multi.Generic (1)
18:11:56.0680 4692  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:11:56.0712 4692  nfrd960 - ok
18:11:56.0743 4692  [ 1E517742239024F78839DAEE35CB395B ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:11:56.0758 4692  Suspicious file (Forged): C:\Windows\System32\nlasvc.dll. Real md5: 1E517742239024F78839DAEE35CB395B, Fake md5: 2997B15415F9BBE05B5A4C1C85E0C6A2
18:11:56.0758 4692  NlaSvc ( ForgedFile.Multi.Generic ) - warning
18:11:56.0758 4692  NlaSvc - detected ForgedFile.Multi.Generic (1)
18:11:56.0790 4692  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:11:56.0883 4692  Npfs - ok
18:11:56.0930 4692  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
18:11:57.0039 4692  nsi - ok
18:11:57.0086 4692  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:11:57.0117 4692  nsiproxy - ok
18:11:57.0164 4692  [ 943AC7EF323DCA9CE13C2EF3BE9A8715 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:11:57.0226 4692  Suspicious file (Forged): C:\Windows\system32\drivers\Ntfs.sys. Real md5: 943AC7EF323DCA9CE13C2EF3BE9A8715, Fake md5: 6A4A98CEE84CF9E99564510DDA4BAA47
18:11:57.0226 4692  Ntfs ( ForgedFile.Multi.Generic ) - warning
18:11:57.0226 4692  Ntfs - detected ForgedFile.Multi.Generic (1)
18:11:57.0273 4692  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:11:57.0523 4692  ntrigdigi - ok
18:11:57.0570 4692  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
18:11:57.0694 4692  Null - ok
18:11:57.0726 4692  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:11:57.0757 4692  nvraid - ok
18:11:57.0772 4692  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:11:57.0788 4692  nvstor - ok
18:11:57.0804 4692  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:11:57.0819 4692  nv_agp - ok
18:11:57.0819 4692  NwlnkFlt - ok
18:11:57.0835 4692  NwlnkFwd - ok
18:11:57.0913 4692  [ 087DFF37488245EC9717B29C4E818056 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:11:57.0960 4692  Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE. Real md5: 087DFF37488245EC9717B29C4E818056, Fake md5: 785F487A64950F3CB8E9F16253BA3B7B
18:11:57.0960 4692  odserv ( ForgedFile.Multi.Generic ) - warning
18:11:57.0960 4692  odserv - detected ForgedFile.Multi.Generic (1)
18:11:58.0006 4692  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:11:58.0116 4692  ohci1394 - ok
18:11:58.0131 4692  [ 23345305EDC5827EDE315B8491292308 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:11:58.0147 4692  Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE. Real md5: 23345305EDC5827EDE315B8491292308, Fake md5: 5A432A042DAE460ABE7199B758E8606C
18:11:58.0147 4692  ose ( ForgedFile.Multi.Generic ) - warning
18:11:58.0147 4692  ose - detected ForgedFile.Multi.Generic (1)
18:11:58.0178 4692  [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:11:58.0225 4692  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:58.0225 4692  p2pimsvc ( ForgedFile.Multi.Generic ) - warning
18:11:58.0225 4692  p2pimsvc - detected ForgedFile.Multi.Generic (1)
18:11:58.0240 4692  [ 5D419559B02E305B06B6A96C8E4F78A2 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:11:58.0240 4692  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:58.0240 4692  p2psvc ( ForgedFile.Multi.Generic ) - warning
18:11:58.0240 4692  p2psvc - detected ForgedFile.Multi.Generic (1)
18:11:58.0272 4692  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
18:11:58.0303 4692  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:11:58.0303 4692  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:11:58.0334 4692  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
18:11:58.0568 4692  Parport - ok
18:11:58.0630 4692  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:11:58.0646 4692  partmgr - ok
18:11:58.0662 4692  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:11:58.0724 4692  Parvdm - ok
18:11:58.0755 4692  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:11:58.0802 4692  PcaSvc - ok
18:11:58.0833 4692  [ F408E154834EE6CB75FA90E27C4BE3FB ] pci             C:\Windows\system32\drivers\pci.sys
18:11:58.0849 4692  Suspicious file (Forged): C:\Windows\system32\drivers\pci.sys. Real md5: F408E154834EE6CB75FA90E27C4BE3FB, Fake md5: 941DC1D19E7E8620F40BBC206981EFDB
18:11:58.0849 4692  pci ( ForgedFile.Multi.Generic ) - warning
18:11:58.0849 4692  pci - detected ForgedFile.Multi.Generic (1)
18:11:58.0864 4692  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
18:11:58.0896 4692  pciide - ok
18:11:58.0911 4692  [ 7511D48D729354CE8FCD4FAC7E06C8BA ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:11:58.0942 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\pcmcia.sys. Real md5: 7511D48D729354CE8FCD4FAC7E06C8BA, Fake md5: 3BB2244F343B610C29C98035504C9B75
18:11:58.0942 4692  pcmcia ( ForgedFile.Multi.Generic ) - warning
18:11:58.0942 4692  pcmcia - detected ForgedFile.Multi.Generic (1)
18:11:58.0958 4692  [ 1BD9BE9899B531181E5E4634768C97D1 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:11:58.0989 4692  Suspicious file (Forged): C:\Windows\system32\drivers\peauth.sys. Real md5: 1BD9BE9899B531181E5E4634768C97D1, Fake md5: 6349F6ED9C623B44B52EA3C63C831A92
18:11:58.0989 4692  PEAUTH ( ForgedFile.Multi.Generic ) - warning
18:11:58.0989 4692  PEAUTH - detected ForgedFile.Multi.Generic (1)
18:11:59.0036 4692  [ 0BBDA46E800FA755DBF6637A974CAE08 ] pla             C:\Windows\system32\pla.dll
18:11:59.0098 4692  Suspicious file (Forged): C:\Windows\system32\pla.dll. Real md5: 0BBDA46E800FA755DBF6637A974CAE08, Fake md5: B1689DF169143F57053F795390C99DB3
18:11:59.0114 4692  pla ( ForgedFile.Multi.Generic ) - warning
18:11:59.0114 4692  pla - detected ForgedFile.Multi.Generic (1)
18:11:59.0145 4692  [ 63369EA0128CAEB9771F59C9F056A4E4 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:11:59.0176 4692  Suspicious file (Forged): C:\Windows\system32\umpnpmgr.dll. Real md5: 63369EA0128CAEB9771F59C9F056A4E4, Fake md5: C5E7F8A996EC0A82D508FD9064A5569E
18:11:59.0176 4692  PlugPlay ( ForgedFile.Multi.Generic ) - warning
18:11:59.0176 4692  PlugPlay - detected ForgedFile.Multi.Generic (1)
18:11:59.0223 4692  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:11:59.0223 4692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:11:59.0223 4692  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:11:59.0239 4692  [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:11:59.0270 4692  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:59.0286 4692  PNRPAutoReg ( ForgedFile.Multi.Generic ) - warning
18:11:59.0286 4692  PNRPAutoReg - detected ForgedFile.Multi.Generic (1)
18:11:59.0286 4692  [ 5D419559B02E305B06B6A96C8E4F78A2 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:11:59.0301 4692  Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, Fake md5: 0C8E8E61AD1EB0B250B846712C917506
18:11:59.0301 4692  PNRPsvc ( ForgedFile.Multi.Generic ) - warning
18:11:59.0301 4692  PNRPsvc - detected ForgedFile.Multi.Generic (1)
18:11:59.0301 4692  [ 004ED2668CD0E02186B518A76BFA7305 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:11:59.0332 4692  Suspicious file (Forged): C:\Windows\System32\ipsecsvc.dll. Real md5: 004ED2668CD0E02186B518A76BFA7305, Fake md5: D0494460421A03CD5225CCA0059AA146
18:11:59.0332 4692  PolicyAgent ( ForgedFile.Multi.Generic ) - warning
18:11:59.0332 4692  PolicyAgent - detected ForgedFile.Multi.Generic (1)
18:11:59.0364 4692  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:11:59.0504 4692  PptpMiniport - ok
18:11:59.0535 4692  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
18:11:59.0769 4692  Processor - ok
18:11:59.0785 4692  [ D94085B36C265D5E7F49C6B6E817C992 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:11:59.0800 4692  Suspicious file (Forged): C:\Windows\system32\profsvc.dll. Real md5: D94085B36C265D5E7F49C6B6E817C992, Fake md5: 0508FAA222D28835310B7BFCA7A77346
18:11:59.0800 4692  ProfSvc ( ForgedFile.Multi.Generic ) - warning
18:11:59.0800 4692  ProfSvc - detected ForgedFile.Multi.Generic (1)
18:11:59.0816 4692  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:11:59.0847 4692  ProtectedStorage - ok
18:11:59.0894 4692  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:12:00.0003 4692  PSched - ok
18:12:00.0034 4692  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
18:12:00.0050 4692  PxHelp20 - ok
18:12:00.0081 4692  [ 5AF2613C3656B3CC9BF2395F60E05566 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:12:00.0128 4692  Suspicious file (Forged): C:\Windows\system32\drivers\ql2300.sys. Real md5: 5AF2613C3656B3CC9BF2395F60E05566, Fake md5: CCDAC889326317792480C0A67156A1EC
18:12:00.0128 4692  ql2300 ( ForgedFile.Multi.Generic ) - warning
18:12:00.0128 4692  ql2300 - detected ForgedFile.Multi.Generic (1)
18:12:00.0144 4692  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:12:00.0159 4692  ql40xx - ok
18:12:00.0190 4692  [ 5F04EBF515737B3A3A3E13EAE4FD6339 ] QWAVE           C:\Windows\system32\qwave.dll
18:12:00.0222 4692  Suspicious file (Forged): C:\Windows\system32\qwave.dll. Real md5: 5F04EBF515737B3A3A3E13EAE4FD6339, Fake md5: E9ECAE663F47E6CB43962D18AB18890F
18:12:00.0222 4692  QWAVE ( ForgedFile.Multi.Generic ) - warning
18:12:00.0222 4692  QWAVE - detected ForgedFile.Multi.Generic (1)
18:12:00.0268 4692  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:12:00.0315 4692  QWAVEdrv - ok
18:12:00.0362 4692  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:12:00.0471 4692  RasAcd - ok
18:12:00.0502 4692  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
18:12:00.0549 4692  RasAuto - ok
18:12:00.0596 4692  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:12:00.0627 4692  Rasl2tp - ok
18:12:00.0658 4692  [ EC87A838931D4D5D2E94A04644788A55 ] RasMan          C:\Windows\System32\rasmans.dll
18:12:00.0690 4692  Suspicious file (Forged): C:\Windows\System32\rasmans.dll. Real md5: EC87A838931D4D5D2E94A04644788A55, Fake md5: 75D47445D70CA6F9F894B032FBC64FCF
18:12:00.0690 4692  RasMan ( ForgedFile.Multi.Generic ) - warning
18:12:00.0705 4692  RasMan - detected ForgedFile.Multi.Generic (1)
18:12:00.0721 4692  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:12:00.0814 4692  RasPppoe - ok
18:12:00.0846 4692  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:12:00.0877 4692  RasSstp - ok
18:12:00.0908 4692  [ 3E02DA96A403154487761734F342C2C9 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:12:00.0924 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\rdbss.sys. Real md5: 3E02DA96A403154487761734F342C2C9, Fake md5: B14C9D5B9ADD2F84F70570BBBFAA7935
18:12:00.0924 4692  rdbss ( ForgedFile.Multi.Generic ) - warning
18:12:00.0924 4692  rdbss - detected ForgedFile.Multi.Generic (1)
18:12:00.0970 4692  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:12:01.0080 4692  RDPCDD - ok
18:12:01.0095 4692  [ 689CB8A9930F9D6F3838F751619FA22F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:12:01.0111 4692  Suspicious file (Forged): C:\Windows\system32\drivers\rdpdr.sys. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: E8BD98D46F2ED77132BA927FCCB47D8B
18:12:01.0111 4692  rdpdr ( ForgedFile.Multi.Generic ) - warning
18:12:01.0111 4692  rdpdr - detected ForgedFile.Multi.Generic (1)
18:12:01.0126 4692  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:12:01.0189 4692  RDPENCDD - ok
18:12:01.0204 4692  [ 5C8871B41E0604F375A577760391CB24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:12:01.0236 4692  Suspicious file (Forged): C:\Windows\system32\drivers\RDPWD.sys. Real md5: 5C8871B41E0604F375A577760391CB24, Fake md5: C127EBD5AFAB31524662C48DFCEB773A
18:12:01.0236 4692  RDPWD ( ForgedFile.Multi.Generic ) - warning
18:12:01.0236 4692  RDPWD - detected ForgedFile.Multi.Generic (1)
18:12:01.0267 4692  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:12:01.0345 4692  RemoteAccess - ok
18:12:01.0392 4692  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:12:01.0516 4692  RemoteRegistry - ok
18:12:01.0532 4692  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
18:12:01.0563 4692  RpcLocator - ok
18:12:01.0579 4692  [ 6621476E1926167313D0FE6E95E98E7F ] RpcSs           C:\Windows\system32\rpcss.dll
18:12:01.0610 4692  Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, Fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9
18:12:01.0610 4692  RpcSs ( ForgedFile.Multi.Generic ) - warning
18:12:01.0610 4692  RpcSs - detected ForgedFile.Multi.Generic (1)
18:12:01.0657 4692  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:12:01.0766 4692  rspndr - ok
18:12:01.0782 4692  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
18:12:01.0813 4692  SamSs - ok
18:12:01.0844 4692  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:12:01.0891 4692  sbp2port - ok
18:12:01.0922 4692  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:12:02.0031 4692  SCardSvr - ok
18:12:02.0047 4692  [ 6A325B709D328A46B39F3C8EB55347AF ] Schedule        C:\Windows\system32\schedsvc.dll
18:12:02.0094 4692  Suspicious file (Forged): C:\Windows\system32\schedsvc.dll. Real md5: 6A325B709D328A46B39F3C8EB55347AF, Fake md5: 1A58069DB21D05EB2AB58EE5753EBE8D
18:12:02.0094 4692  Schedule ( ForgedFile.Multi.Generic ) - warning
18:12:02.0094 4692  Schedule - detected ForgedFile.Multi.Generic (1)
18:12:02.0140 4692  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:12:02.0187 4692  SCPolicySvc - ok
18:12:02.0218 4692  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:12:02.0265 4692  SDRSVC - ok
18:12:02.0343 4692  [ AC20213C4C2A97DDF091B8FA7C0D5185 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:12:02.0374 4692  Suspicious file (Forged): C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe. Real md5: AC20213C4C2A97DDF091B8FA7C0D5185, Fake md5: 271077B91D7AD1B616F8AFDFE8E3F981
18:12:02.0374 4692  SeaPort ( ForgedFile.Multi.Generic ) - warning
18:12:02.0374 4692  SeaPort - detected ForgedFile.Multi.Generic (1)
18:12:02.0390 4692  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:12:02.0624 4692  secdrv - ok
18:12:02.0671 4692  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
18:12:02.0780 4692  seclogon - ok
18:12:02.0827 4692  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
18:12:02.0874 4692  SENS - ok
18:12:02.0905 4692  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:12:02.0952 4692  Serenum - ok
18:12:02.0983 4692  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
18:12:03.0045 4692  Serial - ok
18:12:03.0061 4692  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:12:03.0092 4692  sermouse - ok
18:12:03.0108 4692  ServiceLayer - ok
18:12:03.0154 4692  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:12:03.0186 4692  SessionEnv - ok
18:12:03.0232 4692  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:12:03.0295 4692  sffdisk - ok
18:12:03.0326 4692  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:12:03.0388 4692  sffp_mmc - ok
18:12:03.0420 4692  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:12:03.0466 4692  sffp_sd - ok
18:12:03.0482 4692  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:12:03.0560 4692  sfloppy - ok
18:12:03.0560 4692  [ BE808F75A548431F70DD63967B466661 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:12:03.0591 4692  Suspicious file (Forged): C:\Windows\System32\ipnathlp.dll. Real md5: BE808F75A548431F70DD63967B466661, Fake md5: E1499BD0FF76B1B2FBBF1AF339D91165
18:12:03.0591 4692  SharedAccess ( ForgedFile.Multi.Generic ) - warning
18:12:03.0591 4692  SharedAccess - detected ForgedFile.Multi.Generic (1)
18:12:03.0622 4692  [ F2F577D6BBA24BD4F1882E289203F358 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:12:03.0654 4692  Suspicious file (Forged): C:\Windows\System32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:12:03.0654 4692  ShellHWDetection ( ForgedFile.Multi.Generic ) - warning
18:12:03.0654 4692  ShellHWDetection - detected ForgedFile.Multi.Generic (1)
18:12:03.0685 4692  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:12:03.0700 4692  sisagp - ok
18:12:03.0716 4692  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:12:03.0732 4692  SiSRaid2 - ok
18:12:03.0763 4692  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:12:03.0778 4692  SiSRaid4 - ok
18:12:03.0825 4692  [ 26C1DCA2184E7E9911D714A55D349CE6 ] slsvc           C:\Windows\system32\SLsvc.exe
18:12:03.0966 4692  Suspicious file (Forged): C:\Windows\system32\SLsvc.exe. Real md5: 26C1DCA2184E7E9911D714A55D349CE6, Fake md5: 862BB4CBC05D80C5B45BE430E5EF872F
18:12:03.0966 4692  slsvc ( ForgedFile.Multi.Generic ) - warning
18:12:03.0966 4692  slsvc - detected ForgedFile.Multi.Generic (1)
18:12:04.0044 4692  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:12:04.0137 4692  SLUINotify - ok
18:12:04.0184 4692  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:12:04.0231 4692  Smb - ok
18:12:04.0278 4692  [ DB31D8989B3450569C29780E7FA98C48 ] SNC             C:\Windows\system32\Drivers\SonyNC.sys
18:12:04.0293 4692  SNC - ok
18:12:04.0324 4692  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:12:04.0356 4692  SNMPTRAP - ok
18:12:04.0434 4692  [ 8C565651AF9023F2D0616D80BB28D253 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
18:12:04.0824 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\snpstd3.sys. Real md5: 8C565651AF9023F2D0616D80BB28D253, Fake md5: 9CD6FFC9F5B999EB5DF69B9177D9848F
18:12:04.0870 4692  SNPSTD3 ( ForgedFile.Multi.Generic ) - warning
18:12:04.0870 4692  SNPSTD3 - detected ForgedFile.Multi.Generic (1)
18:12:04.0917 4692  [ 86DA2BEFB800D726FEA98A539606553C ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
18:12:04.0948 4692  SonicStage Back-End Service - ok
18:12:04.0980 4692  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
18:12:04.0995 4692  spldr - ok
18:12:05.0026 4692  [ 05DBBD20D38DEC7598E4AE3E255200AD ] Spooler         C:\Windows\System32\spoolsv.exe
18:12:05.0042 4692  Suspicious file (Forged): C:\Windows\System32\spoolsv.exe. Real md5: 05DBBD20D38DEC7598E4AE3E255200AD, Fake md5: 8554097E5136C3BF9F69FE578A1B35F4
18:12:05.0042 4692  Spooler ( ForgedFile.Multi.Generic ) - warning
18:12:05.0042 4692  Spooler - detected ForgedFile.Multi.Generic (1)
18:12:05.0073 4692  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
18:12:05.0073 4692  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:12:05.0073 4692  SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:12:05.0104 4692  [ 0E4F0E65B32CB4132B39A439951342A3 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:12:05.0136 4692  Suspicious file (Forged): C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe. Real md5: 0E4F0E65B32CB4132B39A439951342A3, Fake md5: 86EBD8B1F23E743AAD21F4D5B4D40985
18:12:05.0136 4692  SQLBrowser ( ForgedFile.Multi.Generic ) - warning
18:12:05.0136 4692  SQLBrowser - detected ForgedFile.Multi.Generic (1)
18:12:05.0167 4692  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:12:05.0182 4692  SQLWriter - ok
18:12:05.0214 4692  [ 397039AF02D50D15C70B74088EB8A1CB ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:12:05.0229 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv.sys. Real md5: 397039AF02D50D15C70B74088EB8A1CB, Fake md5: 41987F9FC0E61ADF54F581E15029AD91
18:12:05.0229 4692  srv ( ForgedFile.Multi.Generic ) - warning
18:12:05.0229 4692  srv - detected ForgedFile.Multi.Generic (1)
18:12:05.0260 4692  [ 1AA21A40A1067F5BF80513656735A2BF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:12:05.0276 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv2.sys. Real md5: 1AA21A40A1067F5BF80513656735A2BF, Fake md5: FF33AFF99564B1AA534F58868CBE41EF
18:12:05.0276 4692  srv2 ( ForgedFile.Multi.Generic ) - warning
18:12:05.0276 4692  srv2 - detected ForgedFile.Multi.Generic (1)
18:12:05.0292 4692  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:12:05.0323 4692  srvnet - ok
18:12:05.0354 4692  [ 3DABE639076AEA4BE21608FEBC95C1B5 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:12:05.0385 4692  Suspicious file (Forged): C:\Windows\System32\ssdpsrv.dll. Real md5: 3DABE639076AEA4BE21608FEBC95C1B5, Fake md5: 03D50B37234967433A5EA5BA72BC0B62
18:12:05.0385 4692  SSDPSRV ( ForgedFile.Multi.Generic ) - warning
18:12:05.0385 4692  SSDPSRV - detected ForgedFile.Multi.Generic (1)
18:12:05.0432 4692  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:12:05.0463 4692  ssmdrv - ok
18:12:05.0479 4692  [ 6EB13F919D22D5056B4FB66AA3BB497A ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
18:12:05.0494 4692  SSScsiSV - ok
18:12:05.0541 4692  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:12:05.0572 4692  SstpSvc - ok
18:12:05.0604 4692  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
18:12:05.0619 4692  StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:12:05.0619 4692  StarOpen - detected UnsignedFile.Multi.Generic (1)
18:12:05.0635 4692  [ A89777E9809EC6EA3190114E59C67BCB ] stisvc          C:\Windows\System32\wiaservc.dll
18:12:05.0666 4692  Suspicious file (Forged): C:\Windows\System32\wiaservc.dll. Real md5: A89777E9809EC6EA3190114E59C67BCB, Fake md5: 5DE7D67E49B88F5F07F3E53C4B92A352
18:12:05.0682 4692  stisvc ( ForgedFile.Multi.Generic ) - warning
18:12:05.0682 4692  stisvc - detected ForgedFile.Multi.Generic (1)
18:12:05.0713 4692  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:12:05.0728 4692  swenum - ok
18:12:05.0760 4692  [ 6A66D33C6A7B55416D843AEE2FF2BF93 ] swprv           C:\Windows\System32\swprv.dll
18:12:05.0791 4692  Suspicious file (Forged): C:\Windows\System32\swprv.dll. Real md5: 6A66D33C6A7B55416D843AEE2FF2BF93, Fake md5: F21FD248040681CCA1FB6C9A03AAA93D
18:12:05.0791 4692  swprv ( ForgedFile.Multi.Generic ) - warning
18:12:05.0791 4692  swprv - detected ForgedFile.Multi.Generic (1)
18:12:05.0806 4692  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:12:05.0822 4692  Symc8xx - ok
18:12:05.0838 4692  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:12:05.0853 4692  Sym_hi - ok
18:12:05.0869 4692  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:12:05.0884 4692  Sym_u3 - ok
18:12:05.0916 4692  [ E3477C4F58312892158CE5963AE18CBA ] SysMain         C:\Windows\system32\sysmain.dll
18:12:05.0962 4692  Suspicious file (Forged): C:\Windows\system32\sysmain.dll. Real md5: E3477C4F58312892158CE5963AE18CBA, Fake md5: 9A51B04E9886AA4EE90093586B0BA88D
18:12:05.0962 4692  SysMain ( ForgedFile.Multi.Generic ) - warning
18:12:05.0962 4692  SysMain - detected ForgedFile.Multi.Generic (1)
18:12:05.0994 4692  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:12:06.0040 4692  TabletInputService - ok
18:12:06.0072 4692  [ 689CB8A9930F9D6F3838F751619FA22F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:12:06.0103 4692  Suspicious file (Forged): C:\Windows\System32\tapisrv.dll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: D7673E4B38CE21EE54C59EEEB65E2483
18:12:06.0103 4692  TapiSrv ( ForgedFile.Multi.Generic ) - warning
18:12:06.0103 4692  TapiSrv - detected ForgedFile.Multi.Generic (1)
18:12:06.0134 4692  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
18:12:06.0290 4692  TBS - ok
18:12:06.0306 4692  [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:12:06.0352 4692  Suspicious file (Forged): C:\Windows\system32\drivers\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:12:06.0352 4692  Tcpip ( ForgedFile.Multi.Generic ) - warning
18:12:06.0352 4692  Tcpip - detected ForgedFile.Multi.Generic (1)
18:12:06.0368 4692  [ 1F77A1251CBF9BA5C01C72391E09A8B2 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:12:06.0384 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip.sys. Real md5: 1F77A1251CBF9BA5C01C72391E09A8B2, Fake md5: 74E2D020C47BB2B2FCCBA29A518A7EB4
18:12:06.0384 4692  Tcpip6 ( ForgedFile.Multi.Generic ) - warning
18:12:06.0384 4692  Tcpip6 - detected ForgedFile.Multi.Generic (1)
18:12:06.0446 4692  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:12:06.0493 4692  tcpipreg - ok
18:12:06.0540 4692  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:12:06.0633 4692  TDPIPE - ok
18:12:06.0649 4692  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:12:06.0680 4692  TDTCP - ok
18:12:06.0727 4692  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:12:06.0820 4692  tdx - ok
18:12:06.0836 4692  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:12:06.0867 4692  TermDD - ok
18:12:06.0867 4692  [ 147C8282353639F295A50038CC8033C2 ] TermService     C:\Windows\System32\termsrv.dll
18:12:06.0930 4692  Suspicious file (Forged): C:\Windows\System32\termsrv.dll. Real md5: 147C8282353639F295A50038CC8033C2, Fake md5: BB95DA09BEF6E7A131BFF3BA5032090D
18:12:06.0930 4692  TermService ( ForgedFile.Multi.Generic ) - warning
18:12:06.0930 4692  TermService - detected ForgedFile.Multi.Generic (1)
18:12:06.0945 4692  [ F2F577D6BBA24BD4F1882E289203F358 ] Themes          C:\Windows\system32\shsvcs.dll
18:12:06.0961 4692  Suspicious file (Forged): C:\Windows\system32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, Fake md5: C7230FBEE14437716701C15BE02C27B8
18:12:06.0961 4692  Themes ( ForgedFile.Multi.Generic ) - warning
18:12:06.0961 4692  Themes - detected ForgedFile.Multi.Generic (1)
18:12:06.0976 4692  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:12:07.0086 4692  THREADORDER - ok
18:12:07.0101 4692  [ A52733D3CD7D1DC595E8830569F9DE5E ] ti21sony        C:\Windows\system32\drivers\ti21sony.sys
18:12:07.0148 4692  Suspicious file (Forged): C:\Windows\system32\drivers\ti21sony.sys. Real md5: A52733D3CD7D1DC595E8830569F9DE5E, Fake md5: 909CD987B54A8179C9AEE874D754721A
18:12:07.0148 4692  ti21sony ( ForgedFile.Multi.Generic ) - warning
18:12:07.0148 4692  ti21sony - detected ForgedFile.Multi.Generic (1)
18:12:07.0179 4692  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
18:12:07.0257 4692  TrkWks - ok
18:12:07.0335 4692  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:12:07.0444 4692  TrustedInstaller - ok
18:12:07.0476 4692  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:12:07.0507 4692  tssecsrv - ok
18:12:07.0538 4692  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:12:07.0569 4692  tunmp - ok
18:12:07.0616 4692  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:12:07.0632 4692  tunnel - ok
18:12:07.0663 4692  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:12:07.0694 4692  uagp35 - ok
18:12:07.0710 4692  [ 5542930F3F6E98007EE9B6DF0ADA3300 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:12:07.0725 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\udfs.sys. Real md5: 5542930F3F6E98007EE9B6DF0ADA3300, Fake md5: D9728AF68C4C7693CB100B8441CBDEC6
18:12:07.0725 4692  udfs ( ForgedFile.Multi.Generic ) - warning
18:12:07.0725 4692  udfs - detected ForgedFile.Multi.Generic (1)
18:12:07.0772 4692  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:12:07.0881 4692  UI0Detect - ok
18:12:07.0912 4692  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:12:07.0928 4692  uliagpkx - ok
18:12:07.0928 4692  [ 68871CA1E5BE5A6D5A2C2252D1FD2E52 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:12:07.0959 4692  Suspicious file (Forged): C:\Windows\system32\drivers\uliahci.sys. Real md5: 68871CA1E5BE5A6D5A2C2252D1FD2E52, Fake md5: 3CD4EA35A6221B85DCC25DAA46313F8D
18:12:07.0959 4692  uliahci ( ForgedFile.Multi.Generic ) - warning
18:12:07.0959 4692  uliahci - detected ForgedFile.Multi.Generic (1)
18:12:07.0990 4692  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:12:08.0006 4692  UlSata - ok
18:12:08.0022 4692  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:12:08.0037 4692  ulsata2 - ok
18:12:08.0068 4692  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:12:08.0178 4692  umbus - ok
18:12:08.0209 4692  [ FB00CD74A5F35E89A7FBDD3C1D05375A ] upnphost        C:\Windows\System32\upnphost.dll
18:12:08.0256 4692  Suspicious file (Forged): C:\Windows\System32\upnphost.dll. Real md5: FB00CD74A5F35E89A7FBDD3C1D05375A, Fake md5: 68308183F4AE0BE7BF8ECD07CB297999
18:12:08.0256 4692  upnphost ( ForgedFile.Multi.Generic ) - warning
18:12:08.0256 4692  upnphost - detected ForgedFile.Multi.Generic (1)
18:12:08.0256 4692  upperdev - ok
18:12:08.0302 4692  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:12:08.0334 4692  USBAAPL - ok
18:12:08.0380 4692  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:12:08.0505 4692  usbaudio - ok
18:12:08.0536 4692  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:12:08.0568 4692  usbccgp - ok
18:12:08.0583 4692  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:12:08.0817 4692  usbcir - ok
18:12:08.0864 4692  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:12:08.0895 4692  usbehci - ok
18:12:08.0895 4692  [ 6C73AB814C9C7902C1F03C63EE3600A5 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:12:08.0926 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbhub.sys. Real md5: 6C73AB814C9C7902C1F03C63EE3600A5, Fake md5: 4673BBCB006AF60E7ABDDBE7A130BA42
18:12:08.0926 4692  usbhub ( ForgedFile.Multi.Generic ) - warning
18:12:08.0926 4692  usbhub - detected ForgedFile.Multi.Generic (1)
18:12:08.0958 4692  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:12:09.0160 4692  usbohci - ok
18:12:09.0207 4692  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:12:09.0316 4692  usbprint - ok
18:12:09.0348 4692  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:12:09.0472 4692  usbscan - ok
18:12:09.0504 4692  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:12:09.0535 4692  USBSTOR - ok
18:12:09.0566 4692  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:12:09.0597 4692  usbuhci - ok
18:12:09.0628 4692  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
18:12:09.0675 4692  UxSms - ok
18:12:09.0722 4692  [ 4E9C6BF8D0655BB7538088DC6F2306D9 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:12:09.0722 4692  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:12:09.0722 4692  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:12:09.0769 4692  [ 83928CD1291215AEDEDC2534CA4775D4 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
18:12:09.0784 4692  Suspicious file (Forged): C:\Program Files\sony\VAIO Event Service\VESMgr.exe. Real md5: 83928CD1291215AEDEDC2534CA4775D4, Fake md5: 8A9F18ADAD471402236CA931553BF79B
18:12:09.0784 4692  VAIO Event Service ( ForgedFile.Multi.Generic ) - warning
18:12:09.0784 4692  VAIO Event Service - detected ForgedFile.Multi.Generic (1)
18:12:09.0847 4692  [ 00BC8160BE04FE47673D00165EA8B157 ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
18:12:09.0956 4692  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe. Real md5: 00BC8160BE04FE47673D00165EA8B157, Fake md5: 88DC6B884824A578B0E1E9C3790C105B
18:12:09.0972 4692  VAIOMediaPlatform-IntegratedServer-AppServer ( ForgedFile.Multi.Generic ) - warning
18:12:09.0972 4692  VAIOMediaPlatform-IntegratedServer-AppServer - detected ForgedFile.Multi.Generic (1)
18:12:09.0987 4692  [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:12:10.0018 4692  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:12:10.0018 4692  VAIOMediaPlatform-IntegratedServer-HTTP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0018 4692  VAIOMediaPlatform-IntegratedServer-HTTP - detected ForgedFile.Multi.Generic (1)
18:12:10.0034 4692  [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:12:10.0081 4692  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:12:10.0096 4692  VAIOMediaPlatform-IntegratedServer-UPnP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0096 4692  VAIOMediaPlatform-IntegratedServer-UPnP - detected ForgedFile.Multi.Generic (1)
18:12:10.0112 4692  [ A751E17CD529631B38B0909D446C2151 ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
18:12:10.0143 4692  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe. Real md5: A751E17CD529631B38B0909D446C2151, Fake md5: 52D4F568FE7D05AE5026B8717EEB59EB
18:12:10.0143 4692  VAIOMediaPlatform-UCLS-AppServer ( ForgedFile.Multi.Generic ) - warning
18:12:10.0143 4692  VAIOMediaPlatform-UCLS-AppServer - detected ForgedFile.Multi.Generic (1)
18:12:10.0159 4692  [ 55264B1EAE6BA625E879110E26D8FD8A ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:12:10.0159 4692  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe. Real md5: 55264B1EAE6BA625E879110E26D8FD8A, Fake md5: 56E33AAA46CBA8431E72486196AFB3A1
18:12:10.0159 4692  VAIOMediaPlatform-UCLS-HTTP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0159 4692  VAIOMediaPlatform-UCLS-HTTP - detected ForgedFile.Multi.Generic (1)
18:12:10.0174 4692  [ 0A30E3DE28B80A0FB659B8C270839E23 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:12:10.0174 4692  Suspicious file (Forged): C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe. Real md5: 0A30E3DE28B80A0FB659B8C270839E23, Fake md5: ADDF0E4E19BD2FF0A0B852D324FDC281
18:12:10.0174 4692  VAIOMediaPlatform-UCLS-UPnP ( ForgedFile.Multi.Generic ) - warning
18:12:10.0174 4692  VAIOMediaPlatform-UCLS-UPnP - detected ForgedFile.Multi.Generic (1)
18:12:10.0190 4692  Vcsw - ok
18:12:10.0206 4692  [ 4E418BB00EC74CA23F2CD4285DA2B270 ] vds             C:\Windows\System32\vds.exe
18:12:10.0252 4692  Suspicious file (Forged): C:\Windows\System32\vds.exe. Real md5: 4E418BB00EC74CA23F2CD4285DA2B270, Fake md5: CD88D1B7776DC17A119049742EC07EB4
18:12:10.0252 4692  vds ( ForgedFile.Multi.Generic ) - warning
18:12:10.0252 4692  vds - detected ForgedFile.Multi.Generic (1)
18:12:10.0299 4692  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:12:10.0533 4692  vga - ok
18:12:10.0564 4692  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:12:10.0705 4692  VgaSave - ok
18:12:10.0736 4692  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:12:10.0767 4692  viaagp - ok
18:12:10.0767 4692  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:12:10.0830 4692  ViaC7 - ok
18:12:10.0845 4692  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
18:12:10.0876 4692  viaide - ok
18:12:10.0908 4692  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:12:10.0923 4692  volmgr - ok
18:12:10.0939 4692  [ 211CB019691759FD10FE37E808E9B0A4 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:12:10.0970 4692  Suspicious file (Forged): C:\Windows\system32\drivers\volmgrx.sys. Real md5: 211CB019691759FD10FE37E808E9B0A4, Fake md5: 23E41B834759917BFD6B9A0D625D0C28
18:12:10.0970 4692  volmgrx ( ForgedFile.Multi.Generic ) - warning
18:12:10.0970 4692  volmgrx - detected ForgedFile.Multi.Generic (1)
18:12:10.0986 4692  [ 7D825B6B001A6BB172AB034144480A99 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:12:11.0017 4692  Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 7D825B6B001A6BB172AB034144480A99, Fake md5: 786DB5771F05EF300390399F626BF30A
18:12:11.0017 4692  volsnap ( ForgedFile.Multi.Generic ) - warning
18:12:11.0017 4692  volsnap - detected ForgedFile.Multi.Generic (1)
18:12:11.0048 4692  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:12:11.0064 4692  vsmraid - ok
18:12:11.0095 4692  [ 0C9CD2B425AC2CBE1D403A8F136A926B ] VSS             C:\Windows\system32\vssvc.exe
18:12:11.0142 4692  Suspicious file (Forged): C:\Windows\system32\vssvc.exe. Real md5: 0C9CD2B425AC2CBE1D403A8F136A926B, Fake md5: DB3D19F850C6EB32BDCB9BC0836ACDDB
18:12:11.0157 4692  VSS ( ForgedFile.Multi.Generic ) - warning
18:12:11.0157 4692  VSS - detected ForgedFile.Multi.Generic (1)
18:12:11.0188 4692  [ 72389E9E2971CD7227DD5AA2543D6C73 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:12:11.0220 4692  Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe. Real md5: 72389E9E2971CD7227DD5AA2543D6C73, Fake md5: 5FEB20D9ED9A2BD4F234222B0A3BB855
18:12:11.0220 4692  VzCdbSvc ( ForgedFile.Multi.Generic ) - warning
18:12:11.0220 4692  VzCdbSvc - detected ForgedFile.Multi.Generic (1)
18:12:11.0220 4692  [ A1A0E1292171BC39DA88FA48EB208023 ] VzFw            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:12:11.0235 4692  Suspicious file (Forged): C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe. Real md5: A1A0E1292171BC39DA88FA48EB208023, Fake md5: 3757DFD3C07896EF660D4060366E7B4E
18:12:11.0235 4692  VzFw ( ForgedFile.Multi.Generic ) - warning
18:12:11.0235 4692  VzFw - detected ForgedFile.Multi.Generic (1)
18:12:11.0266 4692  [ 4F61A26D5D0A96E6D46B0617192010E3 ] W32Time         C:\Windows\system32\w32time.dll
18:12:11.0298 4692  Suspicious file (Forged): C:\Windows\system32\w32time.dll. Real md5: 4F61A26D5D0A96E6D46B0617192010E3, Fake md5: 96EA68B9EB310A69C25EBB0282B2B9DE
18:12:11.0298 4692  W32Time ( ForgedFile.Multi.Generic ) - warning
18:12:11.0298 4692  W32Time - detected ForgedFile.Multi.Generic (1)
18:12:11.0329 4692  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:12:11.0578 4692  WacomPen - ok
18:12:11.0625 4692  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:12:11.0750 4692  Wanarp - ok
18:12:11.0750 4692  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:12:11.0781 4692  Wanarpv6 - ok
18:12:11.0797 4692  [ 0183D84E9A99DB28B40E94117A3B7E6D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:12:11.0828 4692  Suspicious file (Forged): C:\Windows\System32\wcncsvc.dll. Real md5: 0183D84E9A99DB28B40E94117A3B7E6D, Fake md5: A3CD60FD826381B49F03832590E069AF
18:12:11.0828 4692  wcncsvc ( ForgedFile.Multi.Generic ) - warning
18:12:11.0828 4692  wcncsvc - detected ForgedFile.Multi.Generic (1)
18:12:11.0859 4692  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:12:11.0906 4692  WcsPlugInService - ok
18:12:11.0937 4692  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
18:12:11.0953 4692  Wd - ok
18:12:11.0968 4692  [ 899BFAC7D63DDE7F811570826DC8972A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:12:12.0015 4692  Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 899BFAC7D63DDE7F811570826DC8972A, Fake md5: A840213F1ACDCC175B4D1D5AAEAC0D7A
18:12:12.0015 4692  Wdf01000 ( ForgedFile.Multi.Generic ) - warning
18:12:12.0015 4692  Wdf01000 - detected ForgedFile.Multi.Generic (1)
18:12:12.0062 4692  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:12:12.0202 4692  WdiServiceHost - ok
18:12:12.0202 4692  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:12:12.0234 4692  WdiSystemHost - ok
18:12:12.0265 4692  [ 53297B80FCB36799AFD2E7707CF15101 ] WebClient       C:\Windows\System32\webclnt.dll
18:12:12.0296 4692  Suspicious file (Forged): C:\Windows\System32\webclnt.dll. Real md5: 53297B80FCB36799AFD2E7707CF15101, Fake md5: 04C37D8107320312FBAE09926103D5E2
18:12:12.0296 4692  WebClient ( ForgedFile.Multi.Generic ) - warning
18:12:12.0296 4692  WebClient - detected ForgedFile.Multi.Generic (1)
18:12:12.0312 4692  [ 2EED3BF66F3B7A8D7A8F04E295502CBE ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:12:12.0343 4692  Suspicious file (Forged): C:\Windows\system32\wecsvc.dll. Real md5: 2EED3BF66F3B7A8D7A8F04E295502CBE, Fake md5: AE3736E7E8892241C23E4EBBB7453B60
18:12:12.0343 4692  Wecsvc ( ForgedFile.Multi.Generic ) - warning
18:12:12.0343 4692  Wecsvc - detected ForgedFile.Multi.Generic (1)
18:12:12.0374 4692  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:12:12.0483 4692  wercplsupport - ok
18:12:12.0514 4692  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:12:12.0561 4692  WerSvc - ok
18:12:12.0577 4692  [ CA07CF5D723A0935217BAB6085DF5F29 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:12:12.0624 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\HSX_CNXT.sys. Real md5: CA07CF5D723A0935217BAB6085DF5F29, Fake md5: 6D2350BB6E77E800FC4BE4E5B7A2E89A
18:12:12.0624 4692  winachsf ( ForgedFile.Multi.Generic ) - warning
18:12:12.0624 4692  winachsf - detected ForgedFile.Multi.Generic (1)
18:12:12.0670 4692  [ 4CA8E488299BAF19CE350E16BA5ACC0D ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:12:12.0702 4692  Suspicious file (Forged): C:\Program Files\Windows Defender\mpsvc.dll. Real md5: 4CA8E488299BAF19CE350E16BA5ACC0D, Fake md5: 4575AA12561C5648483403541D0D7F2B
18:12:12.0702 4692  WinDefend ( ForgedFile.Multi.Generic ) - warning
18:12:12.0702 4692  WinDefend - detected ForgedFile.Multi.Generic (1)
18:12:12.0717 4692  WinHttpAutoProxySvc - ok
18:12:12.0748 4692  [ 5A7FC383C3355595A83FCE4F23FA792C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:12:12.0764 4692  Suspicious file (Forged): C:\Windows\system32\wbem\WMIsvc.dll. Real md5: 5A7FC383C3355595A83FCE4F23FA792C, Fake md5: 6B2A1D0E80110E3D04E6863C6E62FD8A
18:12:12.0764 4692  Winmgmt ( ForgedFile.Multi.Generic ) - warning
18:12:12.0764 4692  Winmgmt - detected ForgedFile.Multi.Generic (1)
18:12:12.0795 4692  [ 449CBE07A71B499191C227506456C7C8 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:12:12.0858 4692  Suspicious file (Forged): C:\Windows\system32\WsmSvc.dll. Real md5: 449CBE07A71B499191C227506456C7C8, Fake md5: 7CFE68BDC065E55AA5E8421607037511
18:12:12.0858 4692  WinRM ( ForgedFile.Multi.Generic ) - warning
18:12:12.0858 4692  WinRM - detected ForgedFile.Multi.Generic (1)
18:12:12.0904 4692  [ D20CE70213434432BED5CDC45AFA74A1 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:12:12.0951 4692  Suspicious file (Forged): C:\Windows\System32\wlansvc.dll. Real md5: D20CE70213434432BED5CDC45AFA74A1, Fake md5: C008405E4FEEB069E30DA1D823910234
18:12:12.0951 4692  Wlansvc ( ForgedFile.Multi.Generic ) - warning
18:12:12.0951 4692  Wlansvc - detected ForgedFile.Multi.Generic (1)
18:12:12.0998 4692  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:12:13.0232 4692  WmiAcpi - ok
18:12:13.0248 4692  [ 8A976E019FB3D9F72D7C1EC0D4FB7579 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:12:13.0279 4692  Suspicious file (Forged): C:\Windows\system32\wbem\WmiApSrv.exe. Real md5: 8A976E019FB3D9F72D7C1EC0D4FB7579, Fake md5: 43BE3875207DCB62A85C8C49970B66CC
18:12:13.0279 4692  wmiApSrv ( ForgedFile.Multi.Generic ) - warning
18:12:13.0279 4692  wmiApSrv - detected ForgedFile.Multi.Generic (1)
18:12:13.0326 4692  [ 2C245A6ED1E1FF435B600B5DFC7325F0 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:12:13.0372 4692  Suspicious file (Forged): C:\Program Files\Windows Media Player\wmpnetwk.exe. Real md5: 2C245A6ED1E1FF435B600B5DFC7325F0, Fake md5: 3978704576A121A9204F8CC49A301A9B
18:12:13.0372 4692  WMPNetworkSvc ( ForgedFile.Multi.Generic ) - warning
18:12:13.0372 4692  WMPNetworkSvc - detected ForgedFile.Multi.Generic (1)
18:12:13.0388 4692  [ 5ABD1095CC6E1E212DF86050ACB64BDA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:12:13.0404 4692  Suspicious file (Forged): C:\Windows\System32\wpcsvc.dll. Real md5: 5ABD1095CC6E1E212DF86050ACB64BDA, Fake md5: CFC5A04558F5070CEE3E3A7809F3FF52
18:12:13.0404 4692  WPCSvc ( ForgedFile.Multi.Generic ) - warning
18:12:13.0404 4692  WPCSvc - detected ForgedFile.Multi.Generic (1)
18:12:13.0450 4692  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:12:13.0497 4692  WPDBusEnum - ok
18:12:13.0544 4692  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:12:13.0560 4692  WpdUsb - ok
18:12:13.0809 4692  [ 4FB6CD0265037B5D8B86CCF770CFB25A ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:12:13.0856 4692  Suspicious file (Forged): C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe. Real md5: 4FB6CD0265037B5D8B86CCF770CFB25A, Fake md5: DCF3E3EDF5109EE8BC02FE6E1F045795
18:12:13.0856 4692  WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - warning
18:12:13.0856 4692  WPFFontCache_v0400 - detected ForgedFile.Multi.Generic (1)
18:12:13.0903 4692  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:12:14.0012 4692  ws2ifsl - ok
18:12:14.0059 4692  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
18:12:14.0121 4692  wscsvc - ok
18:12:14.0121 4692  WSearch - ok
18:12:14.0168 4692  [ CE80FEC12F96CA35DEEFD2A4E7E3F798 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:12:14.0262 4692  Suspicious file (Forged): C:\Windows\system32\wuaueng.dll. Real md5: CE80FEC12F96CA35DEEFD2A4E7E3F798, Fake md5: FC3EC24FCE372C89423E015A2AC1A31E
18:12:14.0262 4692  wuauserv ( ForgedFile.Multi.Generic ) - warning
18:12:14.0262 4692  wuauserv - detected ForgedFile.Multi.Generic (1)
18:12:14.0293 4692  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:12:14.0324 4692  WudfPf - ok
18:12:14.0340 4692  [ 95078B3A120FB0488447F4BF9794D24E ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:12:14.0355 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\WUDFRd.sys. Real md5: 95078B3A120FB0488447F4BF9794D24E, Fake md5: 867C301E8B790040AE9CF6486E8041DF
18:12:14.0355 4692  WUDFRd ( ForgedFile.Multi.Generic ) - warning
18:12:14.0355 4692  WUDFRd - detected ForgedFile.Multi.Generic (1)
18:12:14.0402 4692  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:12:14.0464 4692  wudfsvc - ok
18:12:14.0496 4692  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
18:12:14.0511 4692  XAudio - ok
18:12:14.0527 4692  [ 54664AB16813A31387F89CD60E9B0832 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
18:12:14.0558 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\xaudio.exe. Real md5: 54664AB16813A31387F89CD60E9B0832, Fake md5: 28DC5D626E036A75A572556F0A6EB1F6
18:12:14.0558 4692  XAudioService ( ForgedFile.Multi.Generic ) - warning
18:12:14.0558 4692  XAudioService - detected ForgedFile.Multi.Generic (1)
18:12:14.0574 4692  [ FECB77B39816ADA633949F4E27BC6026 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
18:12:14.0589 4692  Suspicious file (Forged): C:\Windows\system32\DRIVERS\yk60x86.sys. Real md5: FECB77B39816ADA633949F4E27BC6026, Fake md5: 69222091B6285906AFF82E43681CF826
18:12:14.0589 4692  yukonwlh ( ForgedFile.Multi.Generic ) - warning
18:12:14.0589 4692  yukonwlh - detected ForgedFile.Multi.Generic (1)
18:12:14.0589 4692  ================ Scan global ===============================
18:12:14.0636 4692  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:12:14.0652 4692  [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:12:14.0683 4692  Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:12:14.0698 4692  [ 6C5CC47FF3D89E0E38AC5C5377ED63BA ] C:\Windows\system32\winsrv.dll
18:12:14.0698 4692  Suspicious file (Forged): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, Fake md5: D2293B069E4B63DC17B2F08D45E71124
18:12:14.0714 4692  [ CF967F2AD6364DCB895114E5CBE0FD72 ] C:\Windows\system32\services.exe
18:12:14.0776 4692  Suspicious file (Forged): C:\Windows\system32\services.exe. Real md5: CF967F2AD6364DCB895114E5CBE0FD72, Fake md5: D4E6D91C1349B7BFB3599A6ADA56851B
18:12:14.0776 4692  [Global] - ok
18:12:14.0776 4692  ================ Scan MBR ==================================
18:12:14.0792 4692  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:12:17.0974 4692  \Device\Harddisk0\DR0 - ok
18:12:17.0974 4692  ================ Scan VBR ==================================
18:12:18.0006 4692  [ 350DCDFB2C7F032B38144820915AE7AA ] \Device\Harddisk0\DR0\Partition1
18:12:18.0037 4692  \Device\Harddisk0\DR0\Partition1 - ok
18:12:18.0037 4692  ============================================================
18:12:18.0037 4692  Scan finished
18:12:18.0037 4692  ============================================================
18:12:18.0052 1004  Detected object count: 153
18:12:18.0052 1004  Actual detected object count: 153
         

Antwort

Themen zu Groupon Email
anhang, diverse, eingefangen, email, erkennen, folge, folgendes, foren, formatieren, gefälschte, groupon, hängt, neu, notebook, ordner, problem, programm, rechnung, sachen, spam, trojaner, vaio, verhalten, wirklich, öffnen



Ähnliche Themen: Groupon Email


  1. Email Account gehackt: Email Versand an meine Kontakte mit meinem Namen, aber anderer Email Adresse.
    Log-Analyse und Auswertung - 29.07.2015 (3)
  2. E-Mails mit Fehlermeldung Email konnte nicht zugestellt werden im Spamordner + vorläufige Sperrung meines Email Accounts
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (9)
  3. Email von einer Bekannten erhalten mit fragwürdigem Link, sie hat jedoch keine Email verschickt.
    Plagegeister aller Art und deren Bekämpfung - 11.07.2014 (3)
  4. Link in Email geklickt... getarnt als Telekom Email
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (1)
  5. Email an meine Mutter unter meinem Namen von unbekannter Email Adresse
    Überwachung, Datenschutz und Spam - 01.11.2013 (1)
  6. Groupon-EMail mit Trojaner-zip-Datei geöffnet
    Log-Analyse und Auswertung - 08.04.2013 (8)
  7. Groupon Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (9)
  8. Groupon Trojaner. Email leider geoeffnet.Malware bytes findet nichts. Trotzdem noch Gefahr?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (12)
  9. Groupon Email-Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (7)
  10. Groupon: TR/Injector.aos
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (18)
  11. Gefälschte Groupon Email mit Zip Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (13)
  12. 2x | Groupon Trojaner
    Mülltonne - 13.03.2013 (5)
  13. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (24)
  14. Anhang von Fake-Groupon-Email geöffnet - Trojaner
    Log-Analyse und Auswertung - 11.03.2013 (11)
  15. Groupon Email zum Opfer gefallen
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  16. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (13)
  17. Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren
    Log-Analyse und Auswertung - 25.02.2013 (19)

Zum Thema Groupon Email - Hallo, ich habe folgendes Problem; Leider habe ich den Anhang einer gefälschten Groupon Rechnung geöffnet Ich weiß man sollte nie solche Anhänge öffnen gerade wenn sie wie bei mir auch - Groupon Email...
Archiv
Du betrachtest: Groupon Email auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.