Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Verdacht auf Trojaner (Probleme über Probleme)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.03.2014, 03:24   #1
Hahpuh
 
Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Sehr geehrtes Team vom Trojaner-Board,

mein Computer spackt seit einer geraumen Zeit völlig rum.
Normalerweise versuche ich meine Probleme einfach mir einer neu aufsetzten zu beheben,
jedoch bin ich es satt und möchte mal herausfinden, was meine Fehler sind.
Ich habe mehrere Probleme zugleich und stelle eine Liste von den Problemen auf:

Probleme:

1) Crome ist beim Start zu langsam und braucht unnatürlich lange, bis er eine Seite geöffnet hat. Außerdem öffnet er manche Seiten gar nicht und ich bekomme eine Fehlermeldung, das ein Internetproblem besteht. Zugleich zeigt mir der Internetexplorer nach längerem Laufen des Computers gar keine Seiten mehr an und z.B. sei angeblich bei Youtube kein Java installiert, was quatsch ist.

2) Ich verliere ständig die Internetverbindung bei Spielen und werde somit ausgeschlossen. Darüberhinaus ist es auch üblich, dass ich ein unheimliche hohe Latenz aufweise und das Spiel somit unspielbar ist.

PS: Es liegen 100% keine Modem vor und es liegt nicht an anderen Computern im Netzwerk.

3) Anwendungen, sei es Explorer (Crome+Internetexplorer), Anwendungen wie Teamspeak, oder Spiele, stürzen zufällig entweder mit dem Hinweis "Das Programm reagiert nicht mehr" oder auch gar keiner Rückmeldung ab und schließt sich dann.

4) Der Pc Boot verläuft bemerkbar langsamer ab, als ich gewohnt bin.

5) Den "Echtzeitscann" bei der "Antivir-Free-Version" bekomme ich zum verreckten einfach nicht auf "Aktiviert" gestellt. Ich hatte dannach schon gegoggled und eine Lösung gefunden mit Malwarebytes und anderen zwei Tools, wo er seine Berichte geposted hatte, jedoch wollte ich mich daran nicht versuchen, da ihr davon abgeraten hattet.

6) Antvir und Malwarebyte spucken immer wieder Funde herraus, die jedoch nach erneuter Suche immer wieder auftreten oder spätestens beim Systemneustart.

7) Zufällig bekomm ich ein bis mehrmals gleichzeitig diese Fehlermeldung: hxxp://i.imgur.com/sYY9rFt.jpg

8) Zu Letzt bekomme ich auch manchmal folgende Fehlermeldung, wenn ich versuche mit Hilfe von Strg+Shift+Esc den Taskmanager aufzurufen:

taskmgr.exe - Systemfehler

Das Programm kann nicht gestartet werden, da pcwum.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben.

Dieses Problem hab ich aber wie schon erwähnt nur manchmal und dies verstehe ich auch nicht.


Im Großen und Ganzen sind das meine Probleme, aus die ich einfach nicht Schlau werde. Es hat sicherlich etwas mit diesen Funden zutun, die ich immer wieder finde, aber bevor ich falsche Sachen an meinem Pc vornehme, lasse ich mich lieber von fähigen Pc-Experten beraten und führen.

Zu guter Letzt werde ich nun die Berichte posten, die auf folgender Seite mir ans Herz gelegt wurden. Mein Pc ist Bootfähig!

Seite: http://www.trojaner-board.de/69886-a...-beachten.html

Berichte von meinem Computer:

Schritt 1: Hat funktioniert ohne Rückmeldung.
Re-enable Button habe ich daraufhin auch nicht gedrückt.

Schritt 2: Farbar's Recovery Scan Tool

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014 01
Ran by Kevin (administrator) on KEVIN_S on 13-03-2014 04:17:20
Running from C:\Users\Kevin\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hi-Rez Studios) D:\Smite\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Nostromo Driver] - C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\MountPoints2: {4b09e8b9-9585-11e3-a541-001f1fe447f5} - G:\Lenovo_USB_Driver.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x05871061813DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google-Suche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-10]
CHR Extension: (Yulia Brodskaya) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
U2 HiPatchService; D:\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-15] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [227840 2009-07-14] ()
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] ()
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] ()
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] ()
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] ()
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] ()
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] ()
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] ()
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] ()
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [12534784 2013-10-08] ()
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [619008 2013-10-08] ()
R3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-14] ()
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] ()
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] ()
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] ()
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] ()
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] ()
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] ()
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] ()
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] ()
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] ()
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] ()
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] ()
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] ()
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] ()
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] ()
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] ()
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] ()
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] ()
U5 d9c0704a342146bd; C:\Windows\System32\Drivers\d9c0704a342146bd.sys [78800 2014-01-02] () <===== ATTENTION Necurs Rootkit?
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2009-11-04] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] ()
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] ()
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] ()
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] ()
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] ()
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] ()
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2350240 2010-05-20] ()
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] ()
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] ()
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] ()
R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [22408 2009-11-24] ()
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [16008 2009-11-24] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] ()
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] ()
S3 msahci; C:\Windows\system32\DRIVERS\msahci.sys [30272 2009-07-14] ()
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
R3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] ()
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] ()
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] ()
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] ()
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] ()
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] ()
R0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] ()
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] ()
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] ()
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [347680 2010-05-20] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] ()
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] ()
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] ()
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] ()
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] ()
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [126912 2012-04-19] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] ()
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] ()
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] ()
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] ()
R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109568 2009-07-14] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] ()
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] ()
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-14] ()
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] ()
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] ()
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] ()
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] ()
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] ()
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] ()
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] ()
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [187904 2009-11-04] ()
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [66304 2009-11-04] ()
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2009-11-04] ()
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [359552 2009-11-04] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] ()
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] ()
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-14] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-13 04:17 - 2014-03-13 04:17 - 00027051 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:14 - 2014-03-13 04:15 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 04:06 - 2014-03-13 04:10 - 00002794 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:18 - 2014-03-13 04:17 - 00000000 ____D () C:\FRST
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-13 03:28 - 00000112 _____ () C:\Windows\setupact.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00084668 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:05 - 2014-03-13 02:10 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-11 00:31 - 2014-02-21 10:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-03-10 22:49 - 2013-11-08 09:12 - 00000000 ____D () C:\Users\Kevin\Downloads\After.Earth.2013.BDRip.AC3.German.XviD-MB
2014-03-10 16:02 - 2014-03-10 16:06 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:40 - 2014-03-10 15:46 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:19 - 2014-03-10 04:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 03:43 - 2014-03-10 04:09 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 03:43 - 2014-03-10 04:07 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:43 - 2014-03-10 03:57 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:17 - 2014-03-10 03:34 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:16 - 2014-03-10 03:33 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:16 - 2014-03-10 03:32 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-12 05:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-10 01:02 - 2014-03-13 01:46 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-10 01:02 - 2014-03-12 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 14:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-06 14:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-06 14:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-12 05:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 23:05 - 2014-03-03 06:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-02-25 23:05 - 2014-03-03 04:50 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:33 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:33 - 2014-02-25 19:34 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-20 13:11 - 2014-02-25 20:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 13:11 - 2014-02-25 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo

==================== One Month Modified Files and Folders =======

2014-03-13 04:17 - 2014-03-13 04:17 - 00027051 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-13 04:17 - 2014-03-13 03:18 - 00000000 ____D () C:\FRST
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:15 - 2014-03-13 04:14 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:14 - 2013-12-10 14:26 - 00000000 ____D () C:\Users\Kevin
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 04:10 - 2014-03-13 04:06 - 00002794 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:36 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 03:36 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 03:29 - 2013-12-10 15:04 - 00000557 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-13 03:28 - 2014-03-13 03:09 - 00000112 _____ () C:\Windows\setupact.log
2014-03-13 03:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-13 03:09 - 00084668 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 03:09 - 2009-07-14 01:20 - 00000000 __SHD () C:\Users\Kevin\AppData\Roaming\brjhugsc
2014-03-13 03:07 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2014-03-13 02:32 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Kevin\Desktop\Sc
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Spiele
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Programme
2014-03-13 02:30 - 2014-01-18 21:04 - 00003334 _____ () C:\Windows\System32\Tasks\{96E09B51-3767-4369-B365-95C572CD4F5D}
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:10 - 2014-03-13 02:05 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:09 - 2013-12-10 14:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 02:08 - 2013-12-26 02:45 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2014-03-13 02:08 - 2013-12-10 15:07 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\TS3Client
2014-03-13 01:58 - 2013-12-11 12:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-13 01:57 - 2013-12-10 21:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 01:46 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-13 01:41 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Microsoft Games
2014-03-12 23:53 - 2009-07-14 18:58 - 00700562 _____ () C:\Windows\system32\perfh007.dat
2014-03-12 23:53 - 2009-07-14 18:58 - 00149462 _____ () C:\Windows\system32\perfc007.dat
2014-03-12 23:53 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 23:41 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-12 23:31 - 2013-12-11 16:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2014-03-12 22:55 - 2013-12-11 00:01 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\vlc
2014-03-12 05:32 - 2014-03-10 03:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 05:32 - 2014-03-01 05:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 22:54 - 2013-12-27 04:57 - 00000000 ____D () C:\Users\Kevin\Downloads\2.Harry.Potter.und.die.Kammer.des.Schreckens-23thstreet
2014-03-10 16:06 - 2014-03-10 16:02 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:46 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 15:40 - 2013-12-10 14:42 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-10 04:21 - 2014-03-10 04:19 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 04:09 - 2014-03-10 03:43 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 04:07 - 2014-03-10 03:43 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:57 - 2014-03-10 03:43 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:34 - 2014-03-10 03:17 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:33 - 2014-03-10 03:16 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:32 - 2014-03-10 03:16 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-07 17:31 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Battle.net
2014-03-07 05:29 - 2013-12-11 23:03 - 00000596 _____ () C:\Users\Kevin\Desktop\Neues Textdokument.txt
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-03 06:39 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-03-03 04:50 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 06:02 - 2013-12-29 00:48 - 00000000 ____D () C:\Users\Kevin\Documents\my games
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 04:38 - 2013-12-10 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 20:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 21:15 - 2013-12-17 01:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yjquxu
2014-02-25 20:25 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-25 20:25 - 2013-12-10 14:27 - 00000000 ___RD () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 20:23 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:40 - 2014-02-25 19:33 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-25 19:34 - 2014-02-25 19:33 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:34 - 2013-12-10 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 19:33 - 2013-12-10 14:32 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Deployment
2014-02-25 19:25 - 2014-01-21 23:30 - 00000000 ____D () C:\Windows\Minidump
2014-02-25 19:25 - 2013-12-10 14:15 - 00000000 ____D () C:\Windows\Panther
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-25 11:41 - 2014-03-13 02:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-21 10:21 - 2014-03-11 00:31 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-17 15:57 - 2013-12-10 14:31 - 00001491 _____ () C:\Users\Kevin\Desktop\W-Lan Code.txt
2014-02-16 22:50 - 2013-12-15 18:21 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-16 22:50 - 2013-12-11 12:55 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\avgnt.exe
C:\Users\Kevin\AppData\Local\Temp\riftuninstall.exe
C:\Users\Kevin\AppData\Local\Temp\Uninstaller-7636.exe
C:\Users\Kevin\AppData\Local\Temp\VSUSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:20] - [2009-07-14 02:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-02-28 00:40

==================== End Of Log ============================
         
--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2014 01
Ran by Kevin at 2014-03-13 04:19:00
Running from C:\Users\Kevin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Avira (HKLM-x32\...\{b0281a65-bf49-4b99-9ba4-8bd5acf46421}) (Version: 1.0.5179.26566 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5179.26566 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version:  - Stunlock Studios)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders II (HKLM-x32\...\Darksiders II_is1) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Edimax Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0165 - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo USB driver (HKLM\...\Lenovo USB Driver_is1) (Version: V1.0 - Lenovo)
Logitech Gaming Software (Version: 8.30.86 - Logitech Inc.) Hidden
Logitech Gaming Software 8.30 (HKLM\...\Logitech Gaming Software) (Version: 8.30.86 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Service Center (Version: 2.5.2.1549 - Native Instruments) Hidden
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.1.0.418 - Native Instruments)
Native Instruments Supercharger (Version: 1.1.0.418 - Native Instruments) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.1 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
R.U.S.E (HKLM-x32\...\Steam App 21970) (Version:  - Eugen Systems)
Razer Nostromo (HKLM-x32\...\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}) (Version: 2.02.08 - Razer USA Ltd.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6093 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SkyDrift (HKLM-x32\...\Steam App 91100) (Version:  - Digital Reality)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1989.5 - Hi-Rez Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TEdit 3 (HKLM-x32\...\{F015942F-C1BD-4297-A8A4-C0B8D42B39C5}) (Version: 3.4.13358.0 - BinaryConstruct)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version:  - Mercenary Technologies)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {348B7B85-BF52-460A-AEF1-19D8F097C353} - System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D} => C:\Users\Kevin\AppData\Roaming\.minecraft\saves\ruehrqh.exe [2014-03-04] ()

==================== Loaded Modules (whitelisted) =============

2009-07-14 00:19 - 2009-07-14 02:40 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2013-10-08 09:35 - 2013-10-08 09:35 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-10-08 09:34 - 2013-10-08 09:34 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-12-11 12:55 - 2013-12-15 18:21 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-08 09:34 - 2013-10-08 09:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-13 02:13 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-07 14:47 - 2014-03-07 14:47 - 00111696 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2014-03-07 14:48 - 2014-03-07 14:48 - 00061520 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-01-02 00:17 - 2014-01-02 00:17 - 00016896 _____ () C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll
2014-03-13 02:14 - 2014-03-07 14:48 - 00049744 _____ () C:\Users\Kevin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-12-10 14:30 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-25 19:33 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-25 19:33 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-25 19:33 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-25 19:33 - 2014-02-20 02:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2014 03:34:47 AM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1598

Startzeit: 01cf3e64c3b5409f

Endzeit: 9

Anwendungspfad: C:\Users\Kevin\Downloads\FRST64.exe

Berichts-ID: 086c05ac-aa58-11e3-8b8e-82ffc1deec15

Error: (03/13/2014 03:18:00 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:17:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:52 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:51 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:51 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:40 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:39 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:35 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:15:35 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator


System errors:
=============
Error: (03/13/2014 04:05:39 AM) (Source: ipnathlp) (User: )
Description: 

Error: (03/13/2014 03:53:32 AM) (Source: ipnathlp) (User: )
Description: 

Error: (03/13/2014 03:34:25 AM) (Source: ipnathlp) (User: )
Description: 

Error: (03/13/2014 03:30:11 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (03/13/2014 03:29:33 AM) (Source: ipnathlp) (User: )
Description: 

Error: (03/13/2014 03:29:28 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb
avkmgr

Error: (03/13/2014 03:28:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/13/2014 03:20:49 AM) (Source: ipnathlp) (User: )
Description: 

Error: (03/13/2014 03:15:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/13/2014 03:13:42 AM) (Source: ipnathlp) (User: )
Description: 


Microsoft Office Sessions:
=========================
Error: (03/13/2014 03:34:47 AM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.2159801cf3e64c3b5409f9C:\Users\Kevin\Downloads\FRST64.exe086c05ac-aa58-11e3-8b8e-82ffc1deec15

Error: (03/13/2014 03:18:00 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:17:21 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:52 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:51 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:51 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:40 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:39 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:16:35 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (03/13/2014 03:15:35 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{453bb823-619d-11e3-bb3a-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator


CodeIntegrity Errors:
===================================
  Date: 2014-03-06 14:50:51.941
  Description: N/A

  Date: 2014-03-06 14:50:51.937
  Description: N/A

  Date: 2014-03-06 14:50:51.256
  Description: N/A

  Date: 2014-03-06 14:50:51.252
  Description: N/A

  Date: 2014-01-02 10:43:14.886
  Description: N/A

  Date: 2014-01-02 10:43:14.863
  Description: N/A


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 8191.11 MB
Available physical RAM: 5501.02 MB
Total Pagefile: 16380.38 MB
Available Pagefile: 13158.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.21 GB) (Free:112.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:601.78 GB) NTFS
Drive e: (NCIS 422-508) (CDROM) (Total:3.76 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 06CA3123)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: FFFFFFFF)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Schritt 3: GMER.exe.

- 1) Als erstes hat er mit folgende Meldung angezeigt:
Zitat:
c:\Windows\system32\config\system: der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Nach Pcneustart ging es jedoch mit folgenden Optionen:


Dabei heraus kam diese Meldung:


Der Log vom Programm hänge ich jetzt an.


Dies müssten alle Vorgehensweisen sein und ich hoffe, das ich nichts vergessen habe.
Freue mich schon Rückmeldung und hoffe sehr, dass ihr mir helfen könnt.

MfG

Hahpuh
Angehängte Dateien
Dateityp: txt Gmer.txt (40,3 KB, 124x aufgerufen)

Geändert von Hahpuh (13.03.2014 um 04:10 Uhr)

Alt 13.03.2014, 06:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 13.03.2014, 18:52   #3
Hahpuh
 
Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Ich danke dir schoneinmal, dass du dir die Zeit nimmst mir zu helfen.
Erfolgreich habe ich den Scan mit deinem sogenannten "TDSSKiller" vorgenommen.

Erstmal gebe ich dir ein Bild von meinen Einstellungen, die ich vorgenommen habe:



Jetzt gebe ich dir das Ergebnis meiner Auswertung inform eines Anhangs, da er zu lang ist.

1 Part

Code:
ATTFilter
19:01:52.0766 0x19e8  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
19:01:55.0386 0x19e8  ============================================================
19:01:55.0386 0x19e8  Current date / time: 2014/03/13 19:01:55.0386
19:01:55.0386 0x19e8  SystemInfo:
19:01:55.0386 0x19e8  
19:01:55.0386 0x19e8  OS Version: 6.1.7600 ServicePack: 0.0
19:01:55.0386 0x19e8  Product type: Workstation
19:01:55.0386 0x19e8  ComputerName: KEVIN_S
19:01:55.0386 0x19e8  UserName: Kevin
19:01:55.0386 0x19e8  Windows directory: C:\Windows
19:01:55.0386 0x19e8  System windows directory: C:\Windows
19:01:55.0386 0x19e8  Running under WOW64
19:01:55.0386 0x19e8  Processor architecture: Intel x64
19:01:55.0386 0x19e8  Number of processors: 6
19:01:55.0386 0x19e8  Page size: 0x1000
19:01:55.0386 0x19e8  Boot type: Normal boot
19:01:55.0386 0x19e8  ============================================================
19:01:59.0366 0x19e8  KLMD registered as C:\Windows\system32\drivers\48244133.sys
19:02:04.0906 0x19e8  System UUID: {BA0B612D-301B-6C6B-CF72-5BBF1BD01CD5}
19:02:05.0156 0x19e8  !crdlk
19:02:05.0156 0x19e8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:02:05.0806 0x19e8  Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:02:05.0836 0x19e8  Drive \Device\Harddisk2\DR2 - Size: 0x15D50F65800 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:05.0836 0x19e8  ============================================================
19:02:05.0836 0x19e8  \Device\Harddisk0\DR0:
19:02:05.0836 0x19e8  MBR partitions:
19:02:05.0836 0x19e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:02:05.0836 0x19e8  \Device\Harddisk1\DR1:
19:02:05.0836 0x19e8  MBR partitions:
19:02:05.0836 0x19e8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1746C000
19:02:05.0836 0x19e8  \Device\Harddisk2\DR2:
19:02:05.0836 0x19e8  MBR partitions:
19:02:05.0836 0x19e8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
19:02:05.0836 0x19e8  ============================================================
19:02:05.0846 0x19e8  C: <-> \Device\Harddisk1\DR1\Partition1
19:02:05.0866 0x19e8  D: <-> \Device\Harddisk0\DR0\Partition1
19:02:05.0866 0x19e8  F: <-> \Device\Harddisk2\DR2\Partition1
19:02:05.0866 0x19e8  ============================================================
19:02:05.0866 0x19e8  Initialize success
19:02:05.0866 0x19e8  ============================================================
19:05:05.0656 0x1428  ============================================================
19:05:05.0656 0x1428  Scan started
19:05:05.0656 0x1428  Mode: Manual; SigCheck; TDLFS; 
19:05:05.0656 0x1428  ============================================================
19:05:05.0656 0x1428  KSN ping started
19:05:11.0662 0x1428  KSN ping finished: true
19:05:13.0066 0x1428  ================ Scan system memory ========================
19:05:13.0066 0x1428  System memory - ok
19:05:13.0066 0x1428  ================ Scan services =============================
19:05:13.0315 0x1428  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:05:13.0393 0x1428  1394ohci - ok
19:05:13.0456 0x1428  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:05:13.0487 0x1428  ACPI - ok
19:05:13.0518 0x1428  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:05:13.0627 0x1428  AcpiPmi - ok
19:05:13.0783 0x1428  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:05:13.0799 0x1428  AdobeFlashPlayerUpdateSvc - ok
19:05:13.0830 0x1428  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:05:13.0846 0x1428  adp94xx - ok
19:05:13.0877 0x1428  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:05:13.0892 0x1428  adpahci - ok
19:05:13.0924 0x1428  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:05:13.0939 0x1428  adpu320 - ok
19:05:13.0986 0x1428  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:05:14.0158 0x1428  AeLookupSvc - ok
19:05:14.0220 0x1428  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
19:05:14.0329 0x1428  AFD - ok
19:05:14.0360 0x1428  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:05:14.0360 0x1428  agp440 - ok
19:05:14.0407 0x1428  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:05:14.0470 0x1428  ALG - ok
19:05:14.0501 0x1428  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:05:14.0516 0x1428  aliide - ok
19:05:14.0563 0x1428  [ 68B2C801CDB2B3838E9C27C3C6F66C73, D2E7A062973CB4D1C33A299D5AEFCE943EB59934EBA427F3C99D03A56EFF7A96 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:05:14.0657 0x1428  AMD External Events Utility - ok
19:05:14.0704 0x1428  AMD FUEL Service - ok
19:05:14.0735 0x1428  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:05:14.0735 0x1428  amdide - ok
19:05:14.0782 0x1428  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:05:14.0813 0x1428  AmdK8 - ok
19:05:15.0343 0x1428  [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:05:15.0624 0x1428  amdkmdag - ok
19:05:15.0749 0x1428  [ 954759EAE7FB2591A5E7206AB0093AE7, A47FFCE75767CFE79A1CD2B42DC1FEEC8C65C0E503289DC70B751FECDD9CE9FF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:05:15.0796 0x1428  amdkmdap - ok
19:05:15.0827 0x1428  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:05:15.0858 0x1428  AmdPPM - ok
19:05:15.0905 0x1428  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
19:05:15.0920 0x1428  amdsata - ok
19:05:15.0952 0x1428  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:05:15.0967 0x1428  amdsbs - ok
19:05:15.0983 0x1428  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
19:05:15.0998 0x1428  amdxata - ok
19:05:16.0232 0x1428  [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:05:16.0264 0x1428  AntiVirSchedulerService - ok
19:05:16.0357 0x1428  [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:05:16.0357 0x1428  AntiVirService - ok
19:05:16.0404 0x1428  [ F2154A205F4B784B61A72AEBC72BDC5F, A1D962BCF952FAD8016D9210327E7C1044BF4D3D035C7443F8671DDA16E0A390 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:05:16.0404 0x1428  Suspicious file ( NoAccess ): C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys. md5: F2154A205F4B784B61A72AEBC72BDC5F, sha256: A1D962BCF952FAD8016D9210327E7C1044BF4D3D035C7443F8671DDA16E0A390
19:05:16.0435 0x1428  AODDriver4.2 - detected LockedFile.Multi.Generic ( 1 )
19:05:22.0472 0x1428  Detect skipped due to KSN trusted
19:05:22.0472 0x1428  AODDriver4.2 - ok
19:05:22.0535 0x1428  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
19:05:22.0691 0x1428  AppID - ok
19:05:22.0722 0x1428  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:05:22.0800 0x1428  AppIDSvc - ok
19:05:22.0847 0x1428  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
19:05:22.0909 0x1428  Appinfo - ok
19:05:22.0956 0x1428  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:05:23.0034 0x1428  AppMgmt - ok
19:05:23.0081 0x1428  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:05:23.0112 0x1428  arc - ok
19:05:23.0128 0x1428  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:05:23.0143 0x1428  arcsas - ok
19:05:23.0268 0x1428  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:05:23.0284 0x1428  aspnet_state - ok
19:05:23.0330 0x1428  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:05:23.0330 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242, sha256: 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26
19:05:23.0346 0x1428  AsyncMac - detected LockedFile.Multi.Generic ( 1 )
19:05:29.0414 0x1428  Detect skipped due to KSN trusted
19:05:29.0414 0x1428  AsyncMac - ok
19:05:29.0461 0x1428  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:05:29.0461 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
19:05:29.0461 0x1428  atapi - detected LockedFile.Multi.Generic ( 1 )
19:05:35.0498 0x1428  Detect skipped due to KSN trusted
19:05:35.0498 0x1428  atapi - ok
19:05:35.0576 0x1428  [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:05:35.0576 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\AtihdW76.sys. md5: 37CB595C0AB20ECBFA5170D3185690DB, sha256: 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2
19:05:35.0592 0x1428  AtiHDAudioService - detected LockedFile.Multi.Generic ( 1 )
19:05:41.0629 0x1428  Detect skipped due to KSN trusted
19:05:41.0629 0x1428  AtiHDAudioService - ok
19:05:41.0738 0x1428  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:05:41.0801 0x1428  AudioEndpointBuilder - ok
19:05:41.0832 0x1428  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:05:41.0863 0x1428  AudioSrv - ok
19:05:41.0910 0x1428  [ 7806BFCD1D7FA5EC23F7324D4EAFD25B, 4EDFD9DE520728AF6578BED0054ED6A4976A7F020F3329EA6681D6E361D9DB2D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:05:41.0957 0x1428  avgntflt - ok
19:05:42.0019 0x1428  [ C3A58DBD18786C338126D30BF8C33D72, 4DF4D37AB5139548C2DA4B4C8D6B933A7F4ED001BCA089EFBC8C57EEDE8785A6 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:05:42.0035 0x1428  avipbb - ok
19:05:42.0144 0x1428  [ 32C1455646CFDD79B01603C21620BA56, 36D2B55D2A5620F666408C4064449E4FE060A2E8BC9292F21E9DFD4FCD6C9DF0 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
19:05:42.0144 0x1428  Avira.OE.ServiceHost - ok
19:05:42.0175 0x1428  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:05:42.0191 0x1428  avkmgr - ok
19:05:42.0222 0x1428  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:05:42.0347 0x1428  AxInstSV - ok
19:05:42.0409 0x1428  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:05:42.0409 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842, sha256: DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580
19:05:42.0440 0x1428  b06bdrv - detected LockedFile.Multi.Generic ( 1 )
19:05:52.0534 0x1428  b06bdrv ( LockedFile.Multi.Generic ) - warning
19:05:52.0534 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\bxvbda.sys
19:06:12.0127 0x1428  Object send P2P result: true
19:06:18.0196 0x1428  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:06:18.0196 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2, sha256: 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA
19:06:18.0227 0x1428  b57nd60a - detected LockedFile.Multi.Generic ( 1 )
19:06:24.0264 0x1428  Detect skipped due to KSN trusted
19:06:24.0264 0x1428  b57nd60a - ok
19:06:24.0326 0x1428  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:06:24.0373 0x1428  BDESVC - ok
19:06:24.0389 0x1428  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:06:24.0389 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746, sha256: 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024
19:06:24.0404 0x1428  Beep - detected LockedFile.Multi.Generic ( 1 )
19:06:30.0376 0x1428  Detect skipped due to KSN trusted
19:06:30.0376 0x1428  Beep - ok
19:06:30.0693 0x1428  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
19:06:30.0758 0x1428  BFE - ok
19:06:30.0835 0x1428  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
19:06:30.0915 0x1428  BITS - ok
19:06:30.0968 0x1428  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:06:30.0968 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3, sha256: 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811
19:06:30.0995 0x1428  blbdrive - detected LockedFile.Multi.Generic ( 1 )
19:06:36.0844 0x1428  Detect skipped due to KSN trusted
19:06:36.0844 0x1428  blbdrive - ok
19:06:37.0074 0x1428  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:06:37.0074 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 91CE0D3DC57DD377E690A2D324022B08, sha256: 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E
19:06:37.0099 0x1428  bowser - detected LockedFile.Multi.Generic ( 1 )
19:06:42.0965 0x1428  Detect skipped due to KSN trusted
19:06:42.0965 0x1428  bowser - ok
19:06:43.0255 0x1428  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:06:43.0255 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8, sha256: 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3
19:06:43.0265 0x1428  BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
19:06:49.0115 0x1428  Detect skipped due to KSN trusted
19:06:49.0115 0x1428  BrFiltLo - ok
19:06:49.0135 0x1428  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:06:49.0135 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6, sha256: 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C
19:06:49.0135 0x1428  BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
19:06:54.0975 0x1428  Detect skipped due to KSN trusted
19:06:54.0975 0x1428  BrFiltUp - ok
19:06:55.0015 0x1428  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
19:06:55.0055 0x1428  Browser - ok
19:06:55.0095 0x1428  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:06:55.0095 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD, sha256: 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272
19:06:55.0105 0x1428  Brserid - detected LockedFile.Multi.Generic ( 1 )
19:07:05.0105 0x1428  Object is SCO, delete is not allowed
19:07:05.0105 0x1428  Brserid ( LockedFile.Multi.Generic ) - warning
19:07:25.0125 0x1428  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:25.0125 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
19:07:25.0125 0x1428  BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
19:07:30.0965 0x1428  Detect skipped due to KSN trusted
19:07:30.0965 0x1428  BrSerWdm - ok
19:07:30.0995 0x1428  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:30.0995 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
19:07:31.0005 0x1428  BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
19:07:36.0865 0x1428  Detect skipped due to KSN trusted
19:07:36.0865 0x1428  BrUsbMdm - ok
19:07:36.0895 0x1428  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:36.0895 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
19:07:36.0905 0x1428  BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
19:07:42.0775 0x1428  Detect skipped due to KSN trusted
19:07:42.0775 0x1428  BrUsbSer - ok
19:07:42.0795 0x1428  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:42.0795 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
19:07:42.0805 0x1428  BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
19:07:48.0665 0x1428  Detect skipped due to KSN trusted
19:07:48.0665 0x1428  BTHMODEM - ok
19:07:48.0715 0x1428  [ A51FA9D0E85D5ADABEF72E67F386309C, 4F6F44D5E3A43239B50BCA75CBAA48FE40097E2AFF9360E1956F41ED52BD8183 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:07:48.0745 0x1428  BTHPORT - ok
19:07:48.0805 0x1428  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:07:48.0835 0x1428  bthserv - ok
19:07:48.0895 0x1428  [ F740B9A16B2C06700F2130E19986BF3B, 92158FD1B3706DE068F077ACA9A25F5479EF282E8B81F5A2FF8A66CBB5F80FCF ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:07:48.0915 0x1428  BTHUSB - ok
19:07:48.0965 0x1428  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:07:48.0965 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
19:07:48.0965 0x1428  cdfs - detected LockedFile.Multi.Generic ( 1 )
19:07:54.0865 0x1428  Detect skipped due to KSN trusted
19:07:54.0865 0x1428  cdfs - ok
19:07:54.0885 0x1428  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:07:54.0885 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdrom.sys. md5: 83D2D75E1EFB81B3450C18131443F7DB, sha256: F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22
19:07:54.0895 0x1428  cdrom - detected LockedFile.Multi.Generic ( 1 )
19:08:00.0755 0x1428  Detect skipped due to KSN trusted
19:08:00.0755 0x1428  cdrom - ok
19:08:00.0785 0x1428  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:08:00.0835 0x1428  CertPropSvc - ok
19:08:00.0855 0x1428  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:08:00.0855 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
19:08:00.0865 0x1428  circlass - detected LockedFile.Multi.Generic ( 1 )
19:08:06.0715 0x1428  Detect skipped due to KSN trusted
19:08:06.0715 0x1428  circlass - ok
19:08:06.0775 0x1428  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:08:06.0775 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
19:08:06.0775 0x1428  CLFS - detected LockedFile.Multi.Generic ( 1 )
19:08:12.0635 0x1428  Detect skipped due to KSN trusted
19:08:12.0635 0x1428  CLFS - ok
19:08:12.0695 0x1428  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:12.0705 0x1428  clr_optimization_v2.0.50727_32 - ok
19:08:12.0765 0x1428  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:12.0775 0x1428  clr_optimization_v2.0.50727_64 - ok
19:08:12.0845 0x1428  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:12.0885 0x1428  clr_optimization_v4.0.30319_32 - ok
19:08:12.0925 0x1428  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:08:12.0935 0x1428  clr_optimization_v4.0.30319_64 - ok
19:08:12.0955 0x1428  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:12.0955 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
19:08:12.0965 0x1428  CmBatt - detected LockedFile.Multi.Generic ( 1 )
19:08:22.0965 0x1428  Object is SCO, delete is not allowed
19:08:22.0965 0x1428  CmBatt ( LockedFile.Multi.Generic ) - warning
19:08:22.0965 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:41.0906 0x1428  Object send P2P result: true
19:08:47.0706 0x1428  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:08:47.0706 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
19:08:47.0716 0x1428  cmdide - detected LockedFile.Multi.Generic ( 1 )
19:08:53.0546 0x1428  Detect skipped due to KSN trusted
19:08:53.0546 0x1428  cmdide - ok
19:08:53.0586 0x1428  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:08:53.0586 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: F95FD4CB7DA00BA2A63CE9F6B5C053E1, sha256: D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49
19:08:53.0596 0x1428  CNG - detected LockedFile.Multi.Generic ( 1 )
19:08:59.0436 0x1428  Detect skipped due to KSN trusted
19:08:59.0436 0x1428  CNG - ok
19:08:59.0466 0x1428  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:08:59.0466 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
19:08:59.0466 0x1428  Compbatt - detected LockedFile.Multi.Generic ( 1 )
19:09:05.0336 0x1428  Detect skipped due to KSN trusted
19:09:05.0336 0x1428  Compbatt - ok
19:09:05.0386 0x1428  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:09:05.0386 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CompositeBus.sys. md5: F26B3A86F6FA87CA360B879581AB4123, sha256: 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF
19:09:05.0386 0x1428  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
19:09:11.0316 0x1428  Detect skipped due to KSN trusted
19:09:11.0316 0x1428  CompositeBus - ok
19:09:11.0336 0x1428  COMSysApp - ok
19:09:11.0376 0x1428  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:09:11.0376 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
19:09:11.0386 0x1428  crcdisk - detected LockedFile.Multi.Generic ( 1 )
19:09:17.0296 0x1428  Detect skipped due to KSN trusted
19:09:17.0296 0x1428  crcdisk - ok
19:09:17.0356 0x1428  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:09:17.0426 0x1428  CryptSvc - ok
19:09:17.0496 0x1428  [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC             C:\Windows\system32\drivers\csc.sys
19:09:17.0496 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\csc.sys. md5: 4A6173C2279B498CD8F57CAE504564CB, sha256: FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216
19:09:17.0506 0x1428  CSC - detected LockedFile.Multi.Generic ( 1 )
19:09:23.0406 0x1428  Detect skipped due to KSN trusted
19:09:23.0406 0x1428  CSC - ok
19:09:23.0476 0x1428  [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService      C:\Windows\System32\cscsvc.dll
19:09:23.0536 0x1428  CscService - ok
19:09:23.0546 0x1428  Suspicious service (NoAccess): d9c0704a342146bd
19:09:23.0586 0x1428  [ 66D8440BEEA84FB7DB3F6474827F6B9D, 0EB179E00FBD7440D455F6EF4D6F4D3101B8A55F913BA90079F0315E4DE42B9A ] d9c0704a342146bd C:\Windows\System32\Drivers\d9c0704a342146bd.sys
19:09:23.0586 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\d9c0704a342146bd.sys. md5: 66D8440BEEA84FB7DB3F6474827F6B9D, sha256: 0EB179E00FBD7440D455F6EF4D6F4D3101B8A55F913BA90079F0315E4DE42B9A
19:09:23.0646 0x1428  d9c0704a342146bd - detected Rootkit.Win32.Necurs.gen ( 0 )
19:09:29.0566 0x1428  d9c0704a342146bd ( Rootkit.Win32.Necurs.gen ) - infected
19:09:29.0566 0x1428  Force sending object to P2P due to detect: C:\Windows\System32\Drivers\d9c0704a342146bd.sys
19:09:49.0566 0x1428  Object send P2P result: false
19:09:57.0916 0x1428  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:09:57.0976 0x1428  DcomLaunch - ok
19:09:58.0046 0x1428  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:09:58.0116 0x1428  defragsvc - ok
19:09:58.0166 0x1428  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:09:58.0166 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 3F1DC527070ACB87E40AFE46EF6DA749, sha256: 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84
19:09:58.0196 0x1428  DfsC - detected LockedFile.Multi.Generic ( 1 )
19:10:04.0086 0x1428  Detect skipped due to KSN trusted
19:10:04.0096 0x1428  DfsC - ok
19:10:04.0156 0x1428  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:10:04.0276 0x1428  Dhcp - ok
19:10:04.0296 0x1428  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:10:04.0296 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
19:10:04.0316 0x1428  discache - detected LockedFile.Multi.Generic ( 1 )
19:10:10.0216 0x1428  Detect skipped due to KSN trusted
19:10:10.0216 0x1428  discache - ok
19:10:10.0256 0x1428  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:10:10.0256 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
19:10:10.0266 0x1428  Disk - detected LockedFile.Multi.Generic ( 1 )
19:10:16.0186 0x1428  Detect skipped due to KSN trusted
19:10:16.0186 0x1428  Disk - ok
19:10:16.0256 0x1428  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:10:16.0326 0x1428  Dnscache - ok
19:10:16.0366 0x1428  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:10:16.0406 0x1428  dot3svc - ok
19:10:16.0466 0x1428  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
19:10:16.0506 0x1428  DPS - ok
19:10:16.0536 0x1428  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:10:16.0536 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
19:10:16.0546 0x1428  drmkaud - detected LockedFile.Multi.Generic ( 1 )
19:10:22.0486 0x1428  Detect skipped due to KSN trusted
19:10:22.0486 0x1428  drmkaud - ok
19:10:22.0596 0x1428  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:10:22.0596 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: EBCE0B0924835F635F620D19F0529DCE, sha256: 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26
19:10:22.0606 0x1428  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
19:10:28.0506 0x1428  Detect skipped due to KSN trusted
19:10:28.0516 0x1428  DXGKrnl - ok
19:10:28.0596 0x1428  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:10:28.0656 0x1428  EapHost - ok
19:10:28.0846 0x1428  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:10:28.0846 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
19:10:28.0856 0x1428  ebdrv - detected LockedFile.Multi.Generic ( 1 )
19:10:34.0756 0x1428  Detect skipped due to KSN trusted
19:10:34.0756 0x1428  ebdrv - ok
19:10:34.0796 0x1428  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
19:10:34.0826 0x1428  EFS - ok
19:10:34.0926 0x1428  [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:10:35.0006 0x1428  ehRecvr - ok
19:10:35.0046 0x1428  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:10:35.0066 0x1428  ehSched - ok
19:10:35.0136 0x1428  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:10:35.0136 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
19:10:35.0166 0x1428  elxstor - detected LockedFile.Multi.Generic ( 1 )
19:10:41.0086 0x1428  Detect skipped due to KSN trusted
19:10:41.0086 0x1428  elxstor - ok
19:10:41.0106 0x1428  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:10:41.0106 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
19:10:41.0116 0x1428  ErrDev - detected LockedFile.Multi.Generic ( 1 )
19:10:51.0116 0x1428  Object is SCO, delete is not allowed
19:10:51.0116 0x1428  ErrDev ( LockedFile.Multi.Generic ) - warning
19:11:09.0156 0x1428  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:11:09.0216 0x1428  EventSystem - ok
19:11:09.0266 0x1428  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:11:09.0266 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
19:11:09.0286 0x1428  exfat - detected LockedFile.Multi.Generic ( 1 )
19:11:15.0186 0x1428  Detect skipped due to KSN trusted
19:11:15.0186 0x1428  exfat - ok
19:11:15.0236 0x1428  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:11:15.0236 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
19:11:15.0246 0x1428  fastfat - detected LockedFile.Multi.Generic ( 1 )
19:11:21.0166 0x1428  Detect skipped due to KSN trusted
19:11:21.0166 0x1428  fastfat - ok
19:11:21.0246 0x1428  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
19:11:21.0286 0x1428  Fax - ok
19:11:21.0306 0x1428  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:11:21.0306 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
19:11:21.0316 0x1428  fdc - detected LockedFile.Multi.Generic ( 1 )
19:11:27.0216 0x1428  Detect skipped due to KSN trusted
19:11:27.0216 0x1428  fdc - ok
19:11:27.0266 0x1428  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:11:27.0346 0x1428  fdPHost - ok
19:11:27.0376 0x1428  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:11:27.0426 0x1428  FDResPub - ok
19:11:27.0486 0x1428  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:11:27.0486 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
19:11:27.0496 0x1428  FileInfo - detected LockedFile.Multi.Generic ( 1 )
19:11:33.0406 0x1428  Detect skipped due to KSN trusted
19:11:33.0406 0x1428  FileInfo - ok
19:11:34.0016 0x1428  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:11:34.0016 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
19:11:34.0276 0x1428  Filetrace - detected LockedFile.Multi.Generic ( 1 )
19:11:40.0216 0x1428  Detect skipped due to KSN trusted
19:11:40.0216 0x1428  Filetrace - ok
19:11:40.0246 0x1428  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:40.0246 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
19:11:40.0256 0x1428  flpydisk - detected LockedFile.Multi.Generic ( 1 )
19:11:46.0176 0x1428  Detect skipped due to KSN trusted
19:11:46.0176 0x1428  flpydisk - ok
19:11:46.0246 0x1428  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:11:46.0246 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: F7866AF72ABBAF84B1FA5AA195378C59, sha256: 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8
19:11:46.0256 0x1428  FltMgr - detected LockedFile.Multi.Generic ( 1 )
19:11:52.0156 0x1428  Detect skipped due to KSN trusted
19:11:52.0156 0x1428  FltMgr - ok
19:11:52.0276 0x1428  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
19:11:52.0356 0x1428  FontCache - ok
19:11:52.0416 0x1428  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:11:52.0426 0x1428  FontCache3.0.0.0 - ok
19:11:52.0456 0x1428  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:11:52.0456 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
19:11:52.0466 0x1428  FsDepends - detected LockedFile.Multi.Generic ( 1 )
19:11:58.0366 0x1428  Detect skipped due to KSN trusted
19:11:58.0366 0x1428  FsDepends - ok
19:11:58.0426 0x1428  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:11:58.0426 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: E95EF8547DE20CF0603557C0CF7A9462, sha256: 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6
19:11:58.0426 0x1428  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
19:12:08.0436 0x1428  Object is SCO, delete is not allowed
19:12:08.0436 0x1428  Fs_Rec ( LockedFile.Multi.Generic ) - warning
19:12:08.0436 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\Fs_Rec.sys
19:12:28.0436 0x1428  Object send P2P result: false
19:12:34.0316 0x1428  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:12:34.0316 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: B8B2A6E1558F8F5DE5CE431C5B2C7B09, sha256: 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3
19:12:34.0326 0x1428  fvevol - detected LockedFile.Multi.Generic ( 1 )
19:12:40.0236 0x1428  Detect skipped due to KSN trusted
19:12:40.0236 0x1428  fvevol - ok
19:12:40.0276 0x1428  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:12:40.0276 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
19:12:40.0286 0x1428  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
19:12:46.0196 0x1428  Detect skipped due to KSN trusted
19:12:46.0196 0x1428  gagp30kx - ok
19:12:46.0306 0x1428  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:12:46.0366 0x1428  gpsvc - ok
19:12:46.0406 0x1428  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:12:46.0406 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hamachi.sys. md5: 1E6438D4EA6E1174A3B3B1EDC4DE660B, sha256: F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011
19:12:46.0406 0x1428  hamachi - detected LockedFile.Multi.Generic ( 1 )
19:12:52.0336 0x1428  Detect skipped due to KSN trusted
19:12:52.0336 0x1428  hamachi - ok
19:12:52.0566 0x1428  [ 2A94B104F6B64AE207D687F2AFFE8056, A42F8198A070C417554C34C2166137868506B5F7780DB7C13C0658013940F5D6 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:12:52.0626 0x1428  Hamachi2Svc - ok
19:12:52.0666 0x1428  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:12:52.0666 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
19:12:52.0686 0x1428  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
19:12:58.0566 0x1428  Detect skipped due to KSN trusted
19:12:58.0566 0x1428  hcw85cir - ok
19:12:58.0646 0x1428  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:12:58.0646 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12, sha256: 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5
19:12:58.0656 0x1428  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:13:04.0566 0x1428  Detect skipped due to KSN trusted
19:13:04.0566 0x1428  HdAudAddService - ok
19:13:04.0626 0x1428  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:04.0626 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0A49913402747A0B67DE940FB42CBDBB, sha256: 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83
19:13:04.0636 0x1428  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
19:13:10.0556 0x1428  Detect skipped due to KSN trusted
19:13:10.0556 0x1428  HDAudBus - ok
19:13:10.0586 0x1428  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:10.0586 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
19:13:10.0596 0x1428  HidBatt - detected LockedFile.Multi.Generic ( 1 )
19:13:20.0596 0x1428  HidBatt ( LockedFile.Multi.Generic ) - warning
19:13:20.0596 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:40.0596 0x1428  Object send P2P result: false
19:13:46.0486 0x1428  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:13:46.0486 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
19:13:46.0486 0x1428  HidBth - detected LockedFile.Multi.Generic ( 1 )
19:13:52.0406 0x1428  Detect skipped due to KSN trusted
19:13:52.0406 0x1428  HidBth - ok
19:13:52.0456 0x1428  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:13:52.0456 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
19:13:52.0466 0x1428  HidIr - detected LockedFile.Multi.Generic ( 1 )
19:13:58.0346 0x1428  Detect skipped due to KSN trusted
19:13:58.0346 0x1428  HidIr - ok
19:13:58.0406 0x1428  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:13:58.0456 0x1428  hidserv - ok
19:13:58.0486 0x1428  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:13:58.0486 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: B3BF6B5B50006DEF50B66306D99FCF6F, sha256: D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417
19:13:58.0496 0x1428  HidUsb - detected LockedFile.Multi.Generic ( 1 )
19:14:04.0386 0x1428  Detect skipped due to KSN trusted
19:14:04.0386 0x1428  HidUsb - ok
19:14:04.0496 0x1428  [ DFD1D30D8B68D883B5858748F7E35AD2, 051C9940054558DCB96746C0425A52F5294194163946B4A2A9CAEA64CFA855A1 ] HiPatchService  D:\Smite\HiPatchService.exe
19:14:04.0516 0x1428  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
19:14:10.0416 0x1428  Detect skipped due to KSN trusted
19:14:10.0416 0x1428  HiPatchService - ok
19:14:10.0486 0x1428  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:14:10.0536 0x1428  hkmsvc - ok
19:14:10.0576 0x1428  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:14:10.0636 0x1428  HomeGroupListener - ok
19:14:10.0696 0x1428  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:14:10.0726 0x1428  HomeGroupProvider - ok
19:14:10.0756 0x1428  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:14:10.0756 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886D440058F203EBA0E1825E4355914, sha256: BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070
19:14:10.0796 0x1428  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
19:14:17.0136 0x1428  Detect skipped due to KSN trusted
19:14:17.0136 0x1428  HpSAMD - ok
19:14:17.0226 0x1428  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:14:17.0226 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: CEE049CAC4EFA7F4E1E4AD014414A5D4, sha256: 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D
19:14:17.0236 0x1428  HTTP - detected LockedFile.Multi.Generic ( 1 )
19:14:23.0146 0x1428  Detect skipped due to KSN trusted
19:14:23.0146 0x1428  HTTP - ok
19:14:23.0206 0x1428  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:14:23.0206 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: F17766A19145F111856378DF337A5D79, sha256: FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62
19:14:23.0216 0x1428  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
19:14:33.0216 0x1428  hwpolicy ( LockedFile.Multi.Generic ) - warning
19:14:52.0166 0x1428  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:14:52.0166 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
19:14:52.0166 0x1428  i8042prt - detected LockedFile.Multi.Generic ( 1 )
19:14:58.0056 0x1428  Detect skipped due to KSN trusted
19:14:58.0056 0x1428  i8042prt - ok
19:14:58.0126 0x1428  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
19:14:58.0126 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorV.sys. md5: D83EFB6FD45DF9D55E9A1AFC63640D50, sha256: 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B
19:14:58.0136 0x1428  iaStorV - detected LockedFile.Multi.Generic ( 1 )
19:15:04.0016 0x1428  Detect skipped due to KSN trusted
19:15:04.0016 0x1428  iaStorV - ok
19:15:04.0126 0x1428  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:15:04.0156 0x1428  idsvc - ok
19:15:04.0186 0x1428  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:15:04.0186 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
19:15:04.0206 0x1428  iirsp - detected LockedFile.Multi.Generic ( 1 )
19:15:10.0116 0x1428  Detect skipped due to KSN trusted
19:15:10.0116 0x1428  iirsp - ok
19:15:10.0236 0x1428  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
19:15:10.0286 0x1428  IKEEXT - ok
19:15:10.0456 0x1428  [ D6B90D1208CFC57E9F213357BCC41A3C, E199A28618A5904E619563DB99D708FCD6BDF0FD46EB00FC7B7EE0466F736778 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:15:10.0456 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: D6B90D1208CFC57E9F213357BCC41A3C, sha256: E199A28618A5904E619563DB99D708FCD6BDF0FD46EB00FC7B7EE0466F736778
19:15:10.0466 0x1428  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:15:16.0356 0x1428  Detect skipped due to KSN trusted
19:15:16.0366 0x1428  IntcAzAudAddService - ok
19:15:16.0396 0x1428  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:15:16.0396 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
19:15:16.0406 0x1428  intelide - detected LockedFile.Multi.Generic ( 1 )
19:15:22.0336 0x1428  Detect skipped due to KSN trusted
19:15:22.0336 0x1428  intelide - ok
19:15:22.0366 0x1428  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:15:22.0366 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
19:15:22.0386 0x1428  intelppm - detected LockedFile.Multi.Generic ( 1 )
19:15:28.0306 0x1428  Detect skipped due to KSN trusted
19:15:28.0306 0x1428  intelppm - ok
19:15:28.0366 0x1428  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:15:28.0436 0x1428  IPBusEnum - ok
19:15:28.0476 0x1428  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:15:28.0476 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722DD294DF62483CECAAE6E094B4D695, sha256: 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0
19:15:28.0486 0x1428  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
19:15:34.0396 0x1428  Detect skipped due to KSN trusted
19:15:34.0396 0x1428  IpFilterDriver - ok
19:15:34.0486 0x1428  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:15:34.0586 0x1428  iphlpsvc - ok
19:15:34.0616 0x1428  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:15:34.0616 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: E2B4A4494DB7CB9B89B55CA268C337C5, sha256: C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB
19:15:34.0616 0x1428  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
19:15:40.0536 0x1428  Detect skipped due to KSN trusted
19:15:40.0536 0x1428  IPMIDRV - ok
19:15:40.0596 0x1428  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:15:40.0596 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
19:15:40.0596 0x1428  IPNAT - detected LockedFile.Multi.Generic ( 1 )
19:15:50.0596 0x1428  Object is SCO, delete is not allowed
19:15:50.0596 0x1428  IPNAT ( LockedFile.Multi.Generic ) - warning
19:16:07.0416 0x1428  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:16:07.0416 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
19:16:07.0426 0x1428  IRENUM - detected LockedFile.Multi.Generic ( 1 )
19:16:13.0336 0x1428  Detect skipped due to KSN trusted
19:16:13.0336 0x1428  IRENUM - ok
19:16:13.0366 0x1428  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:16:13.0366 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
19:16:13.0376 0x1428  isapnp - detected LockedFile.Multi.Generic ( 1 )
19:16:19.0306 0x1428  Detect skipped due to KSN trusted
19:16:19.0306 0x1428  isapnp - ok
19:16:19.0356 0x1428  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:19.0356 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: FA4D2557DE56D45B0A346F93564BE6E1, sha256: 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C
19:16:19.0366 0x1428  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
19:16:25.0286 0x1428  Detect skipped due to KSN trusted
19:16:25.0286 0x1428  iScsiPrt - ok
19:16:25.0326 0x1428  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:25.0326 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
19:16:25.0336 0x1428  kbdclass - detected LockedFile.Multi.Generic ( 1 )
19:16:31.0236 0x1428  Detect skipped due to KSN trusted
19:16:31.0236 0x1428  kbdclass - ok
19:16:31.0266 0x1428  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:31.0266 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6DEF98F8541E1B5DCEB2C822A11F7323, sha256: F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D
19:16:31.0276 0x1428  kbdhid - detected LockedFile.Multi.Generic ( 1 )
19:16:37.0206 0x1428  Detect skipped due to KSN trusted
19:16:37.0206 0x1428  kbdhid - ok
19:16:37.0246 0x1428  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
19:16:37.0276 0x1428  KeyIso - ok
19:16:37.0306 0x1428  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:16:37.0306 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: E8B6FCC9C83535C67F835D407620BD27, sha256: 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870
19:16:37.0316 0x1428  KSecDD - detected LockedFile.Multi.Generic ( 1 )
19:16:43.0236 0x1428  Detect skipped due to KSN trusted
19:16:43.0236 0x1428  KSecDD - ok
19:16:43.0276 0x1428  [ BBE1BF6D9B661C354D4857D5FADB943B, D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:16:43.0276 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: BBE1BF6D9B661C354D4857D5FADB943B, sha256: D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF
19:16:43.0276 0x1428  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
19:16:49.0276 0x1428  Detect skipped due to KSN trusted
19:16:49.0276 0x1428  KSecPkg - ok
19:16:49.0326 0x1428  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:16:49.0326 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
19:16:49.0336 0x1428  ksthunk - detected LockedFile.Multi.Generic ( 1 )
19:16:55.0236 0x1428  Detect skipped due to KSN trusted
19:16:55.0236 0x1428  ksthunk - ok
19:16:55.0316 0x1428  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:16:55.0386 0x1428  KtmRm - ok
19:16:55.0456 0x1428  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:16:55.0506 0x1428  LanmanServer - ok
19:16:55.0556 0x1428  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:16:55.0586 0x1428  LanmanWorkstation - ok
19:16:55.0626 0x1428  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
19:16:55.0626 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\LGBusEnum.sys. md5: FA529FB35694C24BF98A9EF67C1CD9D0, sha256: 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075
19:16:55.0636 0x1428  LGBusEnum - detected LockedFile.Multi.Generic ( 1 )
19:17:05.0636 0x1428  LGBusEnum ( LockedFile.Multi.Generic ) - warning
19:17:25.0596 0x1428  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
19:17:25.0596 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\LGVirHid.sys. md5: 94B29CE153765E768F004FB3440BE2B0, sha256: E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024
19:17:25.0606 0x1428  LGVirHid - detected LockedFile.Multi.Generic ( 1 )
19:17:31.0546 0x1428  Detect skipped due to KSN trusted
19:17:31.0546 0x1428  LGVirHid - ok
19:17:31.0586 0x1428  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:17:31.0586 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
19:17:31.0606 0x1428  lltdio - detected LockedFile.Multi.Generic ( 1 )
19:17:37.0536 0x1428  Detect skipped due to KSN trusted
19:17:37.0536 0x1428  lltdio - ok
19:17:37.0606 0x1428  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:17:37.0656 0x1428  lltdsvc - ok
19:17:37.0706 0x1428  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:17:37.0786 0x1428  lmhosts - ok
19:17:37.0866 0x1428  [ E299C7D4AE6AF391F38EAE78D788E678, 830D9466FED497B793BD7AFC31053A903E41E4EE02765365E4D72BADA5C45338 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
19:17:37.0896 0x1428  LMIGuardianSvc - ok
19:17:37.0936 0x1428  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:17:37.0936 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
19:17:37.0946 0x1428  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
19:17:43.0876 0x1428  Detect skipped due to KSN trusted
19:17:43.0876 0x1428  LSI_FC - ok
19:17:43.0906 0x1428  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:17:43.0906 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
19:17:43.0916 0x1428  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
19:17:49.0846 0x1428  Detect skipped due to KSN trusted
19:17:49.0846 0x1428  LSI_SAS - ok
19:17:49.0886 0x1428  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:17:49.0886 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
19:17:49.0896 0x1428  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
19:17:55.0806 0x1428  Detect skipped due to KSN trusted
19:17:55.0806 0x1428  LSI_SAS2 - ok
19:17:55.0856 0x1428  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:17:55.0856 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
19:17:55.0866 0x1428  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
19:18:01.0786 0x1428  Detect skipped due to KSN trusted
19:18:01.0786 0x1428  LSI_SCSI - ok
19:18:01.0836 0x1428  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:18:01.0836 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
19:18:01.0846 0x1428  luafv - detected LockedFile.Multi.Generic ( 1 )
19:18:07.0776 0x1428  Detect skipped due to KSN trusted
19:18:07.0776 0x1428  luafv - ok
19:18:07.0836 0x1428  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:18:07.0886 0x1428  Mcx2Svc - ok
19:18:07.0926 0x1428  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:18:07.0926 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
19:18:07.0936 0x1428  megasas - detected LockedFile.Multi.Generic ( 1 )
19:18:17.0936 0x1428  Object is SCO, delete is not allowed
19:18:17.0936 0x1428  megasas ( LockedFile.Multi.Generic ) - warning
19:18:17.0936 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\megasas.sys
19:18:23.0916 0x1428  Object send P2P result: true
19:18:41.0846 0x1428  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:18:41.0846 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
19:18:41.0856 0x1428  MegaSR - detected LockedFile.Multi.Generic ( 1 )
19:18:47.0766 0x1428  Detect skipped due to KSN trusted
19:18:47.0766 0x1428  MegaSR - ok
19:18:47.0836 0x1428  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:18:47.0906 0x1428  MMCSS - ok
19:18:47.0946 0x1428  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:18:47.0946 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
19:18:47.0956 0x1428  Modem - detected LockedFile.Multi.Generic ( 1 )
19:18:53.0866 0x1428  Detect skipped due to KSN trusted
19:18:53.0866 0x1428  Modem - ok
19:18:53.0916 0x1428  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:18:53.0916 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
19:18:53.0926 0x1428  monitor - detected LockedFile.Multi.Generic ( 1 )
19:18:59.0841 0x1428  Detect skipped due to KSN trusted
19:18:59.0841 0x1428  monitor - ok
19:18:59.0909 0x1428  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:18:59.0910 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
19:18:59.0916 0x1428  mouclass - detected LockedFile.Multi.Generic ( 1 )
19:19:05.0778 0x1428  Detect skipped due to KSN trusted
19:19:05.0778 0x1428  mouclass - ok
19:19:05.0808 0x1428  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:19:05.0808 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
19:19:05.0808 0x1428  mouhid - detected LockedFile.Multi.Generic ( 1 )
19:19:11.0718 0x1428  Detect skipped due to KSN trusted
19:19:11.0718 0x1428  mouhid - ok
19:19:11.0758 0x1428  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:19:11.0758 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 791AF66C4D0E7C90A3646066386FB571, sha256: BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42
19:19:11.0768 0x1428  mountmgr - detected LockedFile.Multi.Generic ( 1 )
19:19:17.0678 0x1428  Detect skipped due to KSN trusted
19:19:17.0678 0x1428  mountmgr - ok
19:19:17.0718 0x1428  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:19:17.0718 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609D1D87649ECC19796F4D76D4C15CEA, sha256: 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00
19:19:17.0728 0x1428  mpio - detected LockedFile.Multi.Generic ( 1 )
19:19:23.0658 0x1428  Detect skipped due to KSN trusted
19:19:23.0658 0x1428  mpio - ok
19:19:23.0678 0x1428  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:19:23.0678 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
19:19:23.0678 0x1428  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
19:19:33.0678 0x1428  Object is SCO, delete is not allowed
19:19:33.0678 0x1428  mpsdrv ( LockedFile.Multi.Generic ) - warning
19:19:33.0678 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\mpsdrv.sys
19:19:41.0708 0x1428  Object send P2P result: true
19:20:01.0688 0x1428  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:20:01.0768 0x1428  MpsSvc - ok
19:20:01.0798 0x1428  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:20:01.0798 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261BB51D96D6FCBAC20C810183C, sha256: 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D
19:20:01.0808 0x1428  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
19:20:07.0698 0x1428  Detect skipped due to KSN trusted
19:20:07.0698 0x1428  MRxDAV - ok
19:20:07.0748 0x1428  [ CFDCD8CA87C2A657DEBC150AC35B5E08, 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:20:07.0748 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: CFDCD8CA87C2A657DEBC150AC35B5E08, sha256: 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A
19:20:07.0758 0x1428  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
19:20:13.0658 0x1428  Detect skipped due to KSN trusted
19:20:13.0658 0x1428  mrxsmb - ok
19:20:13.0708 0x1428  [ 1BEE517B220B7F024F411AEC1571DD5A, 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:20:13.0708 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 1BEE517B220B7F024F411AEC1571DD5A, sha256: 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7
19:20:13.0718 0x1428  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
19:20:19.0628 0x1428  Detect skipped due to KSN trusted
19:20:19.0628 0x1428  mrxsmb10 - ok
19:20:19.0678 0x1428  [ 6B2D5FEF385828B6E485C1C90AFB8195, A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:20:19.0678 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 6B2D5FEF385828B6E485C1C90AFB8195, sha256: A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6
19:20:19.0688 0x1428  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
19:20:25.0598 0x1428  Detect skipped due to KSN trusted
19:20:25.0598 0x1428  mrxsmb20 - ok
19:20:25.0638 0x1428  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:20:25.0638 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5C37497276E3B3A5488B23A326A754B7, sha256: 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967
19:20:25.0648 0x1428  msahci - detected LockedFile.Multi.Generic ( 1 )
19:20:31.0568 0x1428  Detect skipped due to KSN trusted
19:20:31.0568 0x1428  msahci - ok
19:20:31.0618 0x1428  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:20:31.0618 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8D27B597229AED79430FB9DB3BCBFBD0, sha256: 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248
19:20:31.0628 0x1428  msdsm - detected LockedFile.Multi.Generic ( 1 )
19:20:37.0538 0x1428  Detect skipped due to KSN trusted
19:20:37.0538 0x1428  msdsm - ok
19:20:37.0598 0x1428  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:20:37.0628 0x1428  MSDTC - ok
19:20:37.0658 0x1428  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:20:37.0658 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
19:20:37.0668 0x1428  Msfs - detected LockedFile.Multi.Generic ( 1 )
19:20:47.0668 0x1428  Object is SCO, delete is not allowed
19:20:47.0668 0x1428  Msfs ( LockedFile.Multi.Generic ) - warning
19:20:54.0558 0x1428  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:20:54.0558 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
19:20:54.0558 0x1428  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
19:21:00.0468 0x1428  Detect skipped due to KSN trusted
19:21:00.0468 0x1428  mshidkmdf - ok
19:21:00.0498 0x1428  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:21:00.0498 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
19:21:00.0508 0x1428  msisadrv - detected LockedFile.Multi.Generic ( 1 )
19:21:10.0508 0x1428  Object is SCO, delete is not allowed
19:21:10.0508 0x1428  msisadrv ( LockedFile.Multi.Generic ) - warning
19:21:17.0478 0x1428  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:21:17.0558 0x1428  MSiSCSI - ok
19:21:17.0568 0x1428  msiserver - ok
19:21:17.0598 0x1428  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:21:17.0598 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
19:21:17.0608 0x1428  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
19:21:23.0468 0x1428  Detect skipped due to KSN trusted
19:21:23.0468 0x1428  MSKSSRV - ok
19:21:23.0508 0x1428  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:23.0518 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
19:21:23.0518 0x1428  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
19:21:29.0448 0x1428  Detect skipped due to KSN trusted
19:21:29.0448 0x1428  MSPCLOCK - ok
19:21:29.0478 0x1428  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:21:29.0478 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
19:21:29.0488 0x1428  MSPQM - detected LockedFile.Multi.Generic ( 1 )
19:21:35.0408 0x1428  Detect skipped due to KSN trusted
19:21:35.0408 0x1428  MSPQM - ok
19:21:35.0458 0x1428  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:21:35.0458 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 89CB141AA8616D8C6A4610FA26C60964, sha256: 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC
19:21:35.0458 0x1428  MsRPC - detected LockedFile.Multi.Generic ( 1 )
19:21:41.0328 0x1428  Detect skipped due to KSN trusted
19:21:41.0328 0x1428  MsRPC - ok
19:21:41.0378 0x1428  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:21:41.0378 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
19:21:41.0388 0x1428  mssmbios - detected LockedFile.Multi.Generic ( 1 )
19:21:47.0318 0x1428  Detect skipped due to KSN trusted
19:21:47.0318 0x1428  mssmbios - ok
19:21:47.0348 0x1428  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:21:47.0358 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
19:21:47.0358 0x1428  MSTEE - detected LockedFile.Multi.Generic ( 1 )
19:21:53.0678 0x1428  Detect skipped due to KSN trusted
19:21:53.0678 0x1428  MSTEE - ok
19:21:53.0708 0x1428  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:53.0708 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
19:21:53.0718 0x1428  MTConfig - detected LockedFile.Multi.Generic ( 1 )
19:22:03.0718 0x1428  MTConfig ( LockedFile.Multi.Generic ) - warning
19:22:12.0648 0x1428  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:22:12.0648 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 19B006B181E3875FD254F7B67ACF1E7C, sha256: 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61
19:22:12.0658 0x1428  MTsensor - detected LockedFile.Multi.Generic ( 1 )
19:22:22.0658 0x1428  MTsensor ( LockedFile.Multi.Generic ) - warning
19:22:22.0658 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ASACPI.sys
19:22:29.0818 0x1428  Object send P2P result: true
19:22:35.0718 0x1428  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:22:35.0718 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
19:22:35.0728 0x1428  Mup - detected LockedFile.Multi.Generic ( 1 )
19:22:41.0658 0x1428  Detect skipped due to KSN trusted
19:22:41.0658 0x1428  Mup - ok
19:22:41.0758 0x1428  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
19:22:41.0818 0x1428  napagent - ok
19:22:41.0868 0x1428  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:22:41.0878 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
19:22:41.0888 0x1428  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
19:22:47.0768 0x1428  Detect skipped due to KSN trusted
19:22:47.0768 0x1428  NativeWifiP - ok
19:22:47.0868 0x1428  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:22:47.0868 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: CAD515DBD07D082BB317D9928CE8962C, sha256: 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E
19:22:47.0878 0x1428  NDIS - detected LockedFile.Multi.Generic ( 1 )
19:22:53.0768 0x1428  Detect skipped due to KSN trusted
19:22:53.0768 0x1428  NDIS - ok
19:22:53.0808 0x1428  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:53.0808 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
19:22:53.0828 0x1428  NdisCap - detected LockedFile.Multi.Generic ( 1 )
19:22:59.0748 0x1428  Detect skipped due to KSN trusted
19:22:59.0748 0x1428  NdisCap - ok
19:22:59.0768 0x1428  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:59.0768 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
19:22:59.0778 0x1428  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
19:23:05.0718 0x1428  Detect skipped due to KSN trusted
19:23:05.0718 0x1428  NdisTapi - ok
19:23:05.0758 0x1428  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:05.0758 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: F105BA1E22BF1F2EE8F005D4305E4BEC, sha256: 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F
19:23:05.0768 0x1428  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
19:23:11.0688 0x1428  Detect skipped due to KSN trusted
19:23:11.0688 0x1428  Ndisuio - ok
19:23:11.0728 0x1428  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:11.0728 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557DFAB9CA1FCB036AC77564C010DAD3, sha256: 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29
19:23:11.0738 0x1428  NdisWan - detected LockedFile.Multi.Generic ( 1 )
19:23:21.0738 0x1428  Object is SCO, delete is not allowed
19:23:21.0738 0x1428  NdisWan ( LockedFile.Multi.Generic ) - warning
19:23:21.0738 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:29.0698 0x1428  Object send P2P result: true
19:23:47.0618 0x1428  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:23:47.0628 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 659B74FB74B86228D6338D643CD3E3CF, sha256: 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80
19:23:47.0628 0x1428  NDProxy - detected LockedFile.Multi.Generic ( 1 )
19:23:53.0528 0x1428  Detect skipped due to KSN trusted
19:23:53.0528 0x1428  NDProxy - ok
19:23:53.0548 0x1428  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:23:53.0548 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
19:23:53.0568 0x1428  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
19:23:59.0498 0x1428  Detect skipped due to KSN trusted
19:23:59.0498 0x1428  NetBIOS - ok
19:23:59.0668 0x1428  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:23:59.0668 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162B273A44AB9DCE5B44362731D062A, sha256: 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39
19:23:59.0678 0x1428  NetBT - detected LockedFile.Multi.Generic ( 1 )
19:24:05.0588 0x1428  Detect skipped due to KSN trusted
19:24:05.0588 0x1428  NetBT - ok
19:24:05.0638 0x1428  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
19:24:05.0668 0x1428  Netlogon - ok
19:24:05.0738 0x1428  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:24:05.0798 0x1428  Netman - ok
19:24:05.0848 0x1428  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:05.0888 0x1428  NetMsmqActivator - ok
19:24:05.0918 0x1428  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:05.0948 0x1428  NetPipeActivator - ok
19:24:05.0988 0x1428  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:24:06.0038 0x1428  netprofm - ok
19:24:06.0058 0x1428  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:06.0058 0x1428  NetTcpActivator - ok
19:24:06.0078 0x1428  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:06.0088 0x1428  NetTcpPortSharing - ok
19:24:06.0118 0x1428  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:24:06.0118 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
19:24:06.0128 0x1428  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
19:24:12.0038 0x1428  Detect skipped due to KSN trusted
19:24:12.0038 0x1428  nfrd960 - ok
19:24:12.0108 0x1428  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:24:12.0168 0x1428  NlaSvc - ok
19:24:12.0198 0x1428  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:24:12.0198 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
19:24:12.0208 0x1428  Npfs - detected LockedFile.Multi.Generic ( 1 )
19:24:18.0138 0x1428  Detect skipped due to KSN trusted
19:24:18.0138 0x1428  Npfs - ok
19:24:18.0168 0x1428  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:24:18.0258 0x1428  nsi - ok
19:24:18.0268 0x1428  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:24:18.0268 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
19:24:18.0278 0x1428  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
19:24:24.0178 0x1428  Detect skipped due to KSN trusted
19:24:24.0178 0x1428  nsiproxy - ok
19:24:24.0308 0x1428  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:24:24.0308 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 356698A13C4630D5B31C37378D469196, sha256: BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B
19:24:24.0308 0x1428  Ntfs - detected LockedFile.Multi.Generic ( 1 )
19:24:34.0308 0x1428  Object is SCO, delete is not allowed
19:24:34.0308 0x1428  Ntfs ( LockedFile.Multi.Generic ) - warning
19:24:34.0308 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\Ntfs.sys
19:24:41.0278 0x1428  Object send P2P result: true
19:24:47.0148 0x1428  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:24:47.0148 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
19:24:47.0158 0x1428  Null - detected LockedFile.Multi.Generic ( 1 )
19:24:57.0158 0x1428  Object is SCO, delete is not allowed
19:24:57.0158 0x1428  Null ( LockedFile.Multi.Generic ) - warning
19:25:05.0078 0x1428  [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
19:25:05.0078 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvraid.sys. md5: 3E38712941E9BB4DDBEE00AFFE3FED3D, sha256: 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7
19:25:05.0088 0x1428  nvraid - detected LockedFile.Multi.Generic ( 1 )
19:25:10.0988 0x1428  Detect skipped due to KSN trusted
19:25:10.0988 0x1428  nvraid - ok
19:25:11.0038 0x1428  [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
19:25:11.0038 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvstor.sys. md5: 477DC4D6DEB99BE37084C9AC6D013DA1, sha256: E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E
19:25:11.0048 0x1428  nvstor - detected LockedFile.Multi.Generic ( 1 )
19:25:16.0906 0x1428  Detect skipped due to KSN trusted
19:25:16.0906 0x1428  nvstor - ok
19:25:16.0956 0x1428  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:25:16.0957 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
19:25:16.0985 0x1428  nv_agp - detected LockedFile.Multi.Generic ( 1 )
19:25:22.0871 0x1428  Detect skipped due to KSN trusted
19:25:22.0871 0x1428  nv_agp - ok
19:25:22.0951 0x1428  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:25:22.0951 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
19:25:22.0951 0x1428  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
19:25:28.0861 0x1428  Detect skipped due to KSN trusted
19:25:28.0861 0x1428  ohci1394 - ok
19:25:28.0911 0x1428  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:25:28.0961 0x1428  p2pimsvc - ok
19:25:29.0051 0x1428  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:25:29.0121 0x1428  p2psvc - ok
19:25:29.0171 0x1428  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:25:29.0171 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
19:25:29.0171 0x1428  Parport - detected LockedFile.Multi.Generic ( 1 )
19:25:35.0081 0x1428  Detect skipped due to KSN trusted
19:25:35.0081 0x1428  Parport - ok
19:25:35.0111 0x1428  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:25:35.0111 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 7DAA117143316C4A1537E074A5A9EAF0, sha256: D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B
19:25:35.0121 0x1428  partmgr - detected LockedFile.Multi.Generic ( 1 )
19:25:41.0051 0x1428  Detect skipped due to KSN trusted
19:25:41.0051 0x1428  partmgr - ok
19:25:41.0101 0x1428  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:25:41.0181 0x1428  PcaSvc - ok
19:25:41.0231 0x1428  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:25:41.0231 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pci.sys. md5: F36F6504009F2FB0DFD1B17A116AD74B, sha256: 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918
19:25:41.0241 0x1428  pci - detected LockedFile.Multi.Generic ( 1 )
19:25:51.0241 0x1428  Object is SCO, delete is not allowed
19:25:51.0241 0x1428  pci ( LockedFile.Multi.Generic ) - warning
19:25:58.0141 0x1428  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:25:58.0141 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
19:25:58.0151 0x1428  pciide - detected LockedFile.Multi.Generic ( 1 )
19:26:04.0071 0x1428  Detect skipped due to KSN trusted
19:26:04.0071 0x1428  pciide - ok
19:26:04.0121 0x1428  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:26:04.0121 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
19:26:04.0131 0x1428  pcmcia - detected LockedFile.Multi.Generic ( 1 )
19:26:14.0131 0x1428  Object is SCO, delete is not allowed
19:26:14.0131 0x1428  pcmcia ( LockedFile.Multi.Generic ) - warning
19:26:21.0051 0x1428  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:26:21.0051 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
19:26:21.0061 0x1428  pcw - detected LockedFile.Multi.Generic ( 1 )
19:26:26.0981 0x1428  Detect skipped due to KSN trusted
19:26:26.0981 0x1428  pcw - ok
19:26:27.0081 0x1428  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:26:27.0081 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
19:26:27.0091 0x1428  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
19:26:33.0011 0x1428  Detect skipped due to KSN trusted
19:26:33.0011 0x1428  PEAUTH - ok
19:26:33.0161 0x1428  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:26:33.0231 0x1428  PeerDistSvc - ok
19:26:33.0321 0x1428  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:26:33.0351 0x1428  PerfHost - ok
19:26:33.0481 0x1428  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
19:26:33.0551 0x1428  pla - ok
19:26:33.0631 0x1428  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:26:33.0681 0x1428  PlugPlay - ok
19:26:33.0691 0x1428  PnkBstrA - ok
19:26:33.0731 0x1428  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:26:33.0731 0x1428  PNRPAutoReg - ok
19:26:33.0771 0x1428  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:26:33.0791 0x1428  PNRPsvc - ok
19:26:33.0861 0x1428  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:26:33.0921 0x1428  PolicyAgent - ok
19:26:33.0951 0x1428  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:26:33.0981 0x1428  Power - ok
19:26:34.0051 0x1428  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:26:34.0051 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27CC19E81BA5E3403C48302127BDA717, sha256: C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40
19:26:34.0081 0x1428  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
19:26:40.0001 0x1428  Detect skipped due to KSN trusted
19:26:40.0001 0x1428  PptpMiniport - ok
19:26:40.0041 0x1428  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:26:40.0041 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
19:26:40.0041 0x1428  Processor - detected LockedFile.Multi.Generic ( 1 )
19:26:45.0961 0x1428  Detect skipped due to KSN trusted
19:26:45.0961 0x1428  Processor - ok
19:26:46.0031 0x1428  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
19:26:46.0101 0x1428  ProfSvc - ok
         
__________________

Alt 13.03.2014, 19:01   #4
Hahpuh
 
Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



2 Part

Code:
ATTFilter
19:26:46.0131 0x1428  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:26:46.0131 0x1428  ProtectedStorage - ok
19:26:46.0181 0x1428  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:26:46.0181 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: EE992183BD8EAEFD9973F352E587A299, sha256: 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043
19:26:46.0191 0x1428  Psched - detected LockedFile.Multi.Generic ( 1 )
19:26:52.0141 0x1428  Detect skipped due to KSN trusted
19:26:52.0141 0x1428  Psched - ok
19:26:52.0241 0x1428  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:26:52.0241 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
19:26:52.0251 0x1428  ql2300 - detected LockedFile.Multi.Generic ( 1 )
19:26:58.0201 0x1428  Detect skipped due to KSN trusted
19:26:58.0201 0x1428  ql2300 - ok
19:26:58.0241 0x1428  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:26:58.0241 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
19:26:58.0251 0x1428  ql40xx - detected LockedFile.Multi.Generic ( 1 )
19:27:08.0251 0x1428  Object is SCO, delete is not allowed
19:27:08.0251 0x1428  ql40xx ( LockedFile.Multi.Generic ) - warning
19:27:08.0251 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ql40xx.sys
19:27:15.0741 0x1428  Object send P2P result: true
19:27:21.0661 0x1428  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:27:21.0701 0x1428  QWAVE - ok
19:27:21.0751 0x1428  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:27:21.0751 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
19:27:21.0771 0x1428  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
19:27:31.0771 0x1428  Object is SCO, delete is not allowed
19:27:31.0771 0x1428  QWAVEdrv ( LockedFile.Multi.Generic ) - warning
19:27:31.0771 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\qwavedrv.sys
19:27:38.0861 0x1428  Object send P2P result: true
19:27:44.0741 0x1428  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:27:44.0741 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
19:27:44.0751 0x1428  RasAcd - detected LockedFile.Multi.Generic ( 1 )
19:27:50.0641 0x1428  Detect skipped due to KSN trusted
19:27:50.0641 0x1428  RasAcd - ok
19:27:50.0681 0x1428  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:27:50.0681 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
19:27:50.0691 0x1428  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
19:27:56.0581 0x1428  Detect skipped due to KSN trusted
19:27:56.0581 0x1428  RasAgileVpn - ok
19:27:56.0631 0x1428  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:27:56.0711 0x1428  RasAuto - ok
19:27:56.0731 0x1428  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:56.0731 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 87A6E852A22991580D6D39ADC4790463, sha256: 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642
19:27:56.0731 0x1428  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
19:28:02.0641 0x1428  Detect skipped due to KSN trusted
19:28:02.0641 0x1428  Rasl2tp - ok
19:28:02.0711 0x1428  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
19:28:02.0771 0x1428  RasMan - ok
19:28:02.0791 0x1428  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:02.0791 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
19:28:02.0801 0x1428  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
19:28:08.0701 0x1428  Detect skipped due to KSN trusted
19:28:08.0701 0x1428  RasPppoe - ok
19:28:08.0741 0x1428  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:28:08.0741 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
19:28:08.0741 0x1428  RasSstp - detected LockedFile.Multi.Generic ( 1 )
19:28:14.0641 0x1428  Detect skipped due to KSN trusted
19:28:14.0641 0x1428  RasSstp - ok
19:28:14.0711 0x1428  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:28:14.0711 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 3BAC8142102C15D59A87757C1D41DCE5, sha256: C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C
19:28:14.0721 0x1428  rdbss - detected LockedFile.Multi.Generic ( 1 )
19:28:24.0721 0x1428  Object is SCO, delete is not allowed
19:28:24.0721 0x1428  rdbss ( LockedFile.Multi.Generic ) - warning
19:28:32.0621 0x1428  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:32.0621 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
19:28:32.0621 0x1428  rdpbus - detected LockedFile.Multi.Generic ( 1 )
19:28:38.0561 0x1428  Detect skipped due to KSN trusted
19:28:38.0561 0x1428  rdpbus - ok
19:28:38.0591 0x1428  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:38.0591 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
19:28:38.0611 0x1428  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
19:28:48.0611 0x1428  Object is SCO, delete is not allowed
19:28:48.0611 0x1428  RDPCDD ( LockedFile.Multi.Generic ) - warning
19:28:56.0541 0x1428  [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:28:56.0541 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpdr.sys. md5: 9706B84DBABFC4B4CA46C5A82B14DFA3, sha256: AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303
19:28:56.0551 0x1428  RDPDR - detected LockedFile.Multi.Generic ( 1 )
19:29:02.0441 0x1428  Detect skipped due to KSN trusted
19:29:02.0441 0x1428  RDPDR - ok
19:29:02.0541 0x1428  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:29:02.0541 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
19:29:02.0571 0x1428  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
19:29:08.0481 0x1428  Detect skipped due to KSN trusted
19:29:08.0481 0x1428  RDPENCDD - ok
19:29:08.0521 0x1428  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:29:08.0521 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
19:29:08.0531 0x1428  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
19:29:14.0391 0x1428  Detect skipped due to KSN trusted
19:29:14.0391 0x1428  RDPREFMP - ok
19:29:14.0421 0x1428  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:29:14.0421 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, sha256: 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48
19:29:14.0431 0x1428  RDPWD - detected LockedFile.Multi.Generic ( 1 )
19:29:20.0321 0x1428  Detect skipped due to KSN trusted
19:29:20.0321 0x1428  RDPWD - ok
19:29:20.0371 0x1428  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:29:20.0371 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 634B9A2181D98F15941236886164EC8B, sha256: 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8
19:29:20.0381 0x1428  rdyboost - detected LockedFile.Multi.Generic ( 1 )
19:29:26.0441 0x1428  Detect skipped due to KSN trusted
19:29:26.0441 0x1428  rdyboost - ok
19:29:26.0501 0x1428  [ EA569D48B2E755AF6D96F03F3335D98A, EED2DCDF187A69F36A38129C8A1E0D6FE0EBF9232DEAF68A116E9A26E40AB636 ] Realtek11nCU    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
19:29:26.0541 0x1428  Realtek11nCU - detected UnsignedFile.Multi.Generic ( 1 )
19:29:32.0431 0x1428  Detect skipped due to KSN trusted
19:29:32.0431 0x1428  Realtek11nCU - ok
19:29:32.0481 0x1428  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:29:32.0521 0x1428  RemoteAccess - ok
19:29:32.0591 0x1428  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:29:32.0691 0x1428  RemoteRegistry - ok
19:29:32.0721 0x1428  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:29:32.0781 0x1428  RpcEptMapper - ok
19:29:32.0811 0x1428  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:29:32.0821 0x1428  RpcLocator - ok
19:29:32.0881 0x1428  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
19:29:32.0911 0x1428  RpcSs - ok
19:29:32.0971 0x1428  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:29:32.0971 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
19:29:33.0011 0x1428  rspndr - detected LockedFile.Multi.Generic ( 1 )
19:29:43.0011 0x1428  Object is SCO, delete is not allowed
19:29:43.0011 0x1428  rspndr ( LockedFile.Multi.Generic ) - warning
19:29:51.0981 0x1428  [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:29:51.0981 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: 4FBDA07EF0A3097CE14C5CABF723B278, sha256: 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6
19:29:52.0001 0x1428  RTL8167 - detected LockedFile.Multi.Generic ( 1 )
19:30:02.0001 0x1428  RTL8167 ( LockedFile.Multi.Generic ) - warning
19:30:02.0001 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\Rt64win7.sys
19:30:09.0001 0x1428  Object send P2P result: true
19:30:14.0981 0x1428  [ 2BE8E7D6DF63183100F15B27B82EE2ED, CEF98489F7A36F06FF2961CA852386F6E7160BF2F31F12E578D778BE61D56BD6 ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
19:30:14.0981 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RTL8192cu.sys. md5: 2BE8E7D6DF63183100F15B27B82EE2ED, sha256: CEF98489F7A36F06FF2961CA852386F6E7160BF2F31F12E578D778BE61D56BD6
19:30:15.0011 0x1428  RTL8192cu - detected LockedFile.Multi.Generic ( 1 )
19:30:20.0921 0x1428  Detect skipped due to KSN trusted
19:30:20.0921 0x1428  RTL8192cu - ok
19:30:20.0951 0x1428  [ B674400273552406F11A02387222CD0F, 4937F1CE214193B990375B813FC12EFC4DBAE69F290CA44AAF9509C6B37DB44B ] rzjoystk        C:\Windows\system32\DRIVERS\rzjoystk.sys
19:30:20.0951 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rzjoystk.sys. md5: B674400273552406F11A02387222CD0F, sha256: 4937F1CE214193B990375B813FC12EFC4DBAE69F290CA44AAF9509C6B37DB44B
19:30:20.0961 0x1428  rzjoystk - detected LockedFile.Multi.Generic ( 1 )
19:30:26.0861 0x1428  Detect skipped due to KSN trusted
19:30:26.0861 0x1428  rzjoystk - ok
19:30:26.0921 0x1428  [ 95CBC73E98F4A5EF4366DBB4B4E5D436, 65FAC4B83FB8B5F75A04B0CB1D8AEF5BEFB2E628DCFF0B35A463533C3585FE42 ] RzSynapse       C:\Windows\system32\DRIVERS\RzSynapse.sys
19:30:26.0931 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RzSynapse.sys. md5: 95CBC73E98F4A5EF4366DBB4B4E5D436, sha256: 65FAC4B83FB8B5F75A04B0CB1D8AEF5BEFB2E628DCFF0B35A463533C3585FE42
19:30:26.0941 0x1428  RzSynapse - detected LockedFile.Multi.Generic ( 1 )
19:30:32.0861 0x1428  Detect skipped due to KSN trusted
19:30:32.0861 0x1428  RzSynapse - ok
19:30:32.0911 0x1428  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6, C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
19:30:32.0911 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vms3cap.sys. md5: 88AF6E02AB19DF7FD07ECDF9C91E9AF6, sha256: C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399
19:30:32.0921 0x1428  s3cap - detected LockedFile.Multi.Generic ( 1 )
19:30:38.0831 0x1428  Detect skipped due to KSN trusted
19:30:38.0831 0x1428  s3cap - ok
19:30:38.0881 0x1428  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
19:30:38.0911 0x1428  SamSs - ok
19:30:38.0931 0x1428  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:30:38.0931 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: E3BBB89983DAF5622C1D50CF49F28227, sha256: 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07
19:30:38.0941 0x1428  sbp2port - detected LockedFile.Multi.Generic ( 1 )
19:30:44.0851 0x1428  Detect skipped due to KSN trusted
19:30:44.0851 0x1428  sbp2port - ok
19:30:44.0921 0x1428  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:30:44.0981 0x1428  SCardSvr - ok
19:30:45.0021 0x1428  [ 741B338D675FE20B779E7EFFA55032FE, 667CE69AA21B618B4E12581D253568FFE53FC795B0D1328E025EE1DC6CA26EE3 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
19:30:45.0021 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\SCDEmu.sys. md5: 741B338D675FE20B779E7EFFA55032FE, sha256: 667CE69AA21B618B4E12581D253568FFE53FC795B0D1328E025EE1DC6CA26EE3
19:30:45.0031 0x1428  SCDEmu - detected LockedFile.Multi.Generic ( 1 )
19:30:50.0951 0x1428  Detect skipped due to KSN trusted
19:30:50.0951 0x1428  SCDEmu - ok
19:30:50.0991 0x1428  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:30:50.0991 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: C94DA20C7E3BA1DCA269BC8460D98387, sha256: E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61
19:30:51.0001 0x1428  scfilter - detected LockedFile.Multi.Generic ( 1 )
19:31:01.0001 0x1428  scfilter ( LockedFile.Multi.Generic ) - warning
19:31:01.0001 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\scfilter.sys
19:31:08.0721 0x1428  Object send P2P result: true
19:31:27.0721 0x1428  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
19:31:27.0781 0x1428  Schedule - ok
19:31:27.0831 0x1428  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:31:27.0851 0x1428  SCPolicySvc - ok
19:31:27.0891 0x1428  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:31:27.0951 0x1428  SDRSVC - ok
19:31:28.0011 0x1428  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:31:28.0011 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
19:31:28.0041 0x1428  secdrv - detected LockedFile.Multi.Generic ( 1 )
19:31:33.0931 0x1428  Detect skipped due to KSN trusted
19:31:33.0931 0x1428  secdrv - ok
19:31:33.0971 0x1428  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
19:31:34.0051 0x1428  seclogon - ok
19:31:34.0101 0x1428  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:31:34.0181 0x1428  SENS - ok
19:31:34.0221 0x1428  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:31:34.0261 0x1428  SensrSvc - ok
19:31:34.0281 0x1428  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:31:34.0281 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
19:31:34.0291 0x1428  Serenum - detected LockedFile.Multi.Generic ( 1 )
19:31:40.0181 0x1428  Detect skipped due to KSN trusted
19:31:40.0181 0x1428  Serenum - ok
19:31:40.0211 0x1428  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:31:40.0211 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
19:31:40.0221 0x1428  Serial - detected LockedFile.Multi.Generic ( 1 )
19:31:46.0151 0x1428  Detect skipped due to KSN trusted
19:31:46.0151 0x1428  Serial - ok
19:31:46.0181 0x1428  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:31:46.0181 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
19:31:46.0191 0x1428  sermouse - detected LockedFile.Multi.Generic ( 1 )
19:31:52.0111 0x1428  Detect skipped due to KSN trusted
19:31:52.0111 0x1428  sermouse - ok
19:31:52.0191 0x1428  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:31:52.0251 0x1428  SessionEnv - ok
19:31:52.0281 0x1428  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:31:52.0281 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
19:31:52.0291 0x1428  sffdisk - detected LockedFile.Multi.Generic ( 1 )
19:31:58.0211 0x1428  Detect skipped due to KSN trusted
19:31:58.0211 0x1428  sffdisk - ok
19:31:58.0241 0x1428  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:31:58.0241 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
19:31:58.0251 0x1428  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
19:32:04.0161 0x1428  Detect skipped due to KSN trusted
19:32:04.0161 0x1428  sffp_mmc - ok
19:32:04.0191 0x1428  [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:32:04.0191 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_sd.sys. md5: 5588B8C6193EB1522490C122EB94DFFA, sha256: 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43
19:32:04.0211 0x1428  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
19:32:14.0211 0x1428  Object is SCO, delete is not allowed
19:32:14.0211 0x1428  sffp_sd ( LockedFile.Multi.Generic ) - warning
19:32:14.0211 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\sffp_sd.sys
19:32:22.0181 0x1428  Object send P2P result: true
19:32:41.0101 0x1428  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:41.0101 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
19:32:41.0111 0x1428  sfloppy - detected LockedFile.Multi.Generic ( 1 )
19:32:47.0001 0x1428  Detect skipped due to KSN trusted
19:32:47.0001 0x1428  sfloppy - ok
19:32:47.0221 0x1428  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:32:47.0281 0x1428  SharedAccess - ok
19:32:47.0351 0x1428  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:47.0391 0x1428  ShellHWDetection - ok
19:32:47.0431 0x1428  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:47.0431 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
19:32:47.0461 0x1428  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
19:32:53.0381 0x1428  Detect skipped due to KSN trusted
19:32:53.0381 0x1428  SiSRaid2 - ok
19:32:53.0441 0x1428  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:53.0441 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
19:32:53.0521 0x1428  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
19:32:59.0411 0x1428  Detect skipped due to KSN trusted
19:32:59.0411 0x1428  SiSRaid4 - ok
19:32:59.0461 0x1428  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:32:59.0491 0x1428  SkypeUpdate - ok
19:32:59.0531 0x1428  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:32:59.0531 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
19:32:59.0541 0x1428  Smb - detected LockedFile.Multi.Generic ( 1 )
19:33:05.0451 0x1428  Detect skipped due to KSN trusted
19:33:05.0451 0x1428  Smb - ok
19:33:05.0551 0x1428  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:33:05.0601 0x1428  SNMPTRAP - ok
19:33:05.0651 0x1428  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:33:05.0651 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
19:33:05.0681 0x1428  spldr - detected LockedFile.Multi.Generic ( 1 )
19:33:11.0601 0x1428  Detect skipped due to KSN trusted
19:33:11.0601 0x1428  spldr - ok
19:33:11.0681 0x1428  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
19:33:11.0741 0x1428  Spooler - ok
19:33:11.0961 0x1428  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:33:12.0061 0x1428  sppsvc - ok
19:33:12.0111 0x1428  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:33:12.0131 0x1428  sppuinotify - ok
19:33:12.0211 0x1428  [ EC8F67289105BF270498095F14963464, 454031C8AE06511DD13DBAA613B983516AF937590FB2B8C6ADC273D018D30858 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:33:12.0211 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: EC8F67289105BF270498095F14963464, sha256: 454031C8AE06511DD13DBAA613B983516AF937590FB2B8C6ADC273D018D30858
19:33:12.0241 0x1428  srv - detected LockedFile.Multi.Generic ( 1 )
19:33:18.0131 0x1428  Detect skipped due to KSN trusted
19:33:18.0131 0x1428  srv - ok
19:33:18.0191 0x1428  [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:33:18.0191 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: F773D2ED090B7BAA1C1A034F3CA476C8, sha256: C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F
19:33:18.0201 0x1428  srv2 - detected LockedFile.Multi.Generic ( 1 )
19:33:28.0201 0x1428  Object is SCO, delete is not allowed
19:33:28.0201 0x1428  srv2 ( LockedFile.Multi.Generic ) - warning
19:33:34.0201 0x1428  [ 26E84D3649019C3244622E654DFCD75B, 49BD7345AF744298698629E0D7C0C373AB2F75F542281268BCF91A6D2B278AA8 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:33:34.0201 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 26E84D3649019C3244622E654DFCD75B, sha256: 49BD7345AF744298698629E0D7C0C373AB2F75F542281268BCF91A6D2B278AA8
19:33:34.0211 0x1428  srvnet - detected LockedFile.Multi.Generic ( 1 )
19:33:40.0651 0x1428  Detect skipped due to KSN trusted
19:33:40.0651 0x1428  srvnet - ok
19:33:40.0701 0x1428  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:33:40.0761 0x1428  SSDPSRV - ok
19:33:40.0781 0x1428  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:33:40.0811 0x1428  SstpSvc - ok
19:33:40.0901 0x1428  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:33:55.0961 0x1428  Steam Client Service - detected UnsignedFile.Multi.Generic ( 1 )
19:34:01.0871 0x1428  Detect skipped due to KSN trusted
19:34:01.0871 0x1428  Steam Client Service - ok
19:34:01.0941 0x1428  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:34:01.0941 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
19:34:01.0981 0x1428  stexstor - detected LockedFile.Multi.Generic ( 1 )
19:34:07.0891 0x1428  Detect skipped due to KSN trusted
19:34:07.0891 0x1428  stexstor - ok
19:34:07.0981 0x1428  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
19:34:08.0041 0x1428  stisvc - ok
19:34:08.0071 0x1428  [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:34:08.0071 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vmstorfl.sys. md5: FFD7A6F15B14234B5B0E5D49E7961895, sha256: 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7
19:34:08.0081 0x1428  storflt - detected LockedFile.Multi.Generic ( 1 )
19:34:13.0951 0x1428  Detect skipped due to KSN trusted
19:34:13.0951 0x1428  storflt - ok
19:34:13.0991 0x1428  [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
19:34:13.0991 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\storvsc.sys. md5: 8FCCBEFC5C440B3C23454656E551B09A, sha256: 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7
19:34:13.0991 0x1428  storvsc - detected LockedFile.Multi.Generic ( 1 )
19:34:19.0891 0x1428  Detect skipped due to KSN trusted
19:34:19.0891 0x1428  storvsc - ok
19:34:19.0931 0x1428  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:34:19.0931 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
19:34:19.0941 0x1428  swenum - detected LockedFile.Multi.Generic ( 1 )
19:34:25.0871 0x1428  Detect skipped due to KSN trusted
19:34:25.0871 0x1428  swenum - ok
19:34:25.0951 0x1428  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:34:25.0991 0x1428  swprv - ok
19:34:26.0111 0x1428  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
19:34:26.0181 0x1428  SysMain - ok
19:34:26.0241 0x1428  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:34:26.0291 0x1428  TabletInputService - ok
19:34:26.0331 0x1428  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:34:26.0381 0x1428  TapiSrv - ok
19:34:26.0421 0x1428  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:34:26.0441 0x1428  TBS - ok
19:34:26.0601 0x1428  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:34:26.0601 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
19:34:26.0641 0x1428  Tcpip - detected LockedFile.Multi.Generic ( 1 )
19:34:32.0621 0x1428  Detect skipped due to KSN trusted
19:34:32.0621 0x1428  Tcpip - ok
19:34:32.0721 0x1428  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:34:32.0721 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
19:34:32.0761 0x1428  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
19:34:32.0761 0x1428  Detect skipped due to KSN trusted
19:34:32.0761 0x1428  TCPIP6 - ok
19:34:32.0821 0x1428  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:34:32.0821 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 76D078AF6F587B162D50210F761EB9ED, sha256: 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9
19:34:32.0821 0x1428  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
19:34:42.0821 0x1428  Object is SCO, delete is not allowed
19:34:42.0821 0x1428  tcpipreg ( LockedFile.Multi.Generic ) - warning
19:34:42.0821 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\tcpipreg.sys
19:34:52.0651 0x1428  Object send P2P result: true
19:34:58.0561 0x1428  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:34:58.0561 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
19:34:58.0571 0x1428  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
19:35:08.0571 0x1428  Object is SCO, delete is not allowed
19:35:08.0571 0x1428  TDPIPE ( LockedFile.Multi.Generic ) - warning
19:35:08.0571 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\tdpipe.sys
19:35:18.0601 0x1428  Object send P2P result: true
19:35:24.0461 0x1428  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:35:24.0461 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: E4245BDA3190A582D55ED09E137401A9, sha256: F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116
19:35:24.0471 0x1428  TDTCP - detected LockedFile.Multi.Generic ( 1 )
19:35:30.0391 0x1428  Detect skipped due to KSN trusted
19:35:30.0391 0x1428  TDTCP - ok
19:35:30.0521 0x1428  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:35:30.0521 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 079125C4B17B01FCAEEBCE0BCB290C0F, sha256: B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437
19:35:30.0521 0x1428  tdx - detected LockedFile.Multi.Generic ( 1 )
19:35:36.0381 0x1428  Detect skipped due to KSN trusted
19:35:36.0381 0x1428  tdx - ok
19:35:36.0411 0x1428  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:35:36.0411 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\termdd.sys. md5: C448651339196C0E869A355171875522, sha256: C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4
19:35:36.0411 0x1428  TermDD - detected LockedFile.Multi.Generic ( 1 )
19:35:42.0307 0x1428  Detect skipped due to KSN trusted
19:35:42.0317 0x1428  TermDD - ok
19:35:42.0427 0x1428  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
19:35:42.0487 0x1428  TermService - ok
19:35:42.0527 0x1428  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:35:42.0537 0x1428  Themes - ok
19:35:42.0577 0x1428  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:35:42.0607 0x1428  THREADORDER - ok
19:35:42.0637 0x1428  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:35:42.0667 0x1428  TrkWks - ok
19:35:42.0927 0x1428  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:42.0947 0x1428  TrustedInstaller - ok
19:35:42.0987 0x1428  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:42.0987 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 61B96C26131E37B24E93327A0BD1FB95, sha256: 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF
19:35:43.0017 0x1428  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
19:35:53.0017 0x1428  Object is SCO, delete is not allowed
19:35:53.0017 0x1428  tssecsrv ( LockedFile.Multi.Generic ) - warning
19:35:53.0017 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:11.0306 0x1428  Object send P2P result: true
19:36:29.0249 0x1428  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:36:29.0250 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3836171A2CDF3AF8EF10856DB9835A70, sha256: 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2
19:36:29.0280 0x1428  tunnel - detected LockedFile.Multi.Generic ( 1 )
19:36:35.0224 0x1428  Detect skipped due to KSN trusted
19:36:35.0224 0x1428  tunnel - ok
19:36:35.0269 0x1428  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:36:35.0270 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
19:36:35.0280 0x1428  uagp35 - detected LockedFile.Multi.Generic ( 1 )
19:36:41.0205 0x1428  Detect skipped due to KSN trusted
19:36:41.0206 0x1428  uagp35 - ok
19:36:41.0271 0x1428  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:36:41.0272 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: D47BAEAD86C65D4F4069D7CE0A4EDCEB, sha256: DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8
19:36:41.0279 0x1428  udfs - detected LockedFile.Multi.Generic ( 1 )
19:36:47.0186 0x1428  Detect skipped due to KSN trusted
19:36:47.0186 0x1428  udfs - ok
19:36:47.0252 0x1428  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:36:47.0302 0x1428  UI0Detect - ok
19:36:47.0343 0x1428  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:36:47.0343 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
19:36:47.0349 0x1428  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
19:36:53.0245 0x1428  Detect skipped due to KSN trusted
19:36:53.0245 0x1428  uliagpkx - ok
19:36:53.0277 0x1428  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:36:53.0278 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: EAB6C35E62B1B0DB0D1B48B671D3A117, sha256: E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0
19:36:53.0283 0x1428  umbus - detected LockedFile.Multi.Generic ( 1 )
19:36:59.0179 0x1428  Detect skipped due to KSN trusted
19:36:59.0179 0x1428  umbus - ok
19:36:59.0210 0x1428  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:36:59.0210 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
19:36:59.0216 0x1428  UmPass - detected LockedFile.Multi.Generic ( 1 )
19:37:09.0217 0x1428  Object is SCO, delete is not allowed
19:37:09.0217 0x1428  UmPass ( LockedFile.Multi.Generic ) - warning
19:37:18.0146 0x1428  [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:37:18.0222 0x1428  UmRdpService - ok
19:37:18.0298 0x1428  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:37:18.0350 0x1428  upnphost - ok
19:37:18.0398 0x1428  [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:37:18.0398 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbaudio.sys. md5: 77B01BC848298223A95D4EC23E1785A1, sha256: 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2
19:37:18.0416 0x1428  usbaudio - detected LockedFile.Multi.Generic ( 1 )
19:37:24.0304 0x1428  Detect skipped due to KSN trusted
19:37:24.0304 0x1428  usbaudio - ok
19:37:24.0331 0x1428  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:24.0331 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: B26AFB54A534D634523C4FB66765B026, sha256: A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8
19:37:24.0336 0x1428  usbccgp - detected LockedFile.Multi.Generic ( 1 )
19:37:34.0336 0x1428  Object is SCO, delete is not allowed
19:37:34.0336 0x1428  usbccgp ( LockedFile.Multi.Generic ) - warning
19:37:41.0259 0x1428  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:37:41.0259 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
19:37:41.0272 0x1428  usbcir - detected LockedFile.Multi.Generic ( 1 )
19:37:47.0191 0x1428  Detect skipped due to KSN trusted
19:37:47.0191 0x1428  usbcir - ok
19:37:47.0217 0x1428  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:37:47.0218 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: 2EA4AFF7BE7EB4632E3AA8595B0803B5, sha256: CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376
19:37:47.0225 0x1428  usbehci - detected LockedFile.Multi.Generic ( 1 )
19:37:53.0129 0x1428  Detect skipped due to KSN trusted
19:37:53.0129 0x1428  usbehci - ok
19:37:53.0190 0x1428  [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:37:53.0191 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 4C9042B8DF86C1E8E6240C218B99B39B, sha256: D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292
19:37:53.0204 0x1428  usbhub - detected LockedFile.Multi.Generic ( 1 )
19:37:59.0104 0x1428  Detect skipped due to KSN trusted
19:37:59.0104 0x1428  usbhub - ok
19:37:59.0130 0x1428  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:37:59.0130 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 58E546BBAF87664FC57E0F6081E4F609, sha256: 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9
19:37:59.0137 0x1428  usbohci - detected LockedFile.Multi.Generic ( 1 )
19:38:05.0037 0x1428  Detect skipped due to KSN trusted
19:38:05.0037 0x1428  usbohci - ok
19:38:05.0072 0x1428  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:38:05.0072 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
19:38:05.0079 0x1428  usbprint - detected LockedFile.Multi.Generic ( 1 )
19:38:10.0981 0x1428  Detect skipped due to KSN trusted
19:38:10.0981 0x1428  usbprint - ok
19:38:11.0039 0x1428  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:38:11.0056 0x1428  usbscan - ok
19:38:11.0085 0x1428  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:11.0085 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: 080D3820DA6C046BE82FC8B45A893E83, sha256: EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A
19:38:11.0090 0x1428  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
19:38:16.0984 0x1428  Detect skipped due to KSN trusted
19:38:16.0985 0x1428  USBSTOR - ok
19:38:17.0018 0x1428  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:17.0018 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 81FB2216D3A60D1284455D511797DB3D, sha256: 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E
19:38:17.0024 0x1428  usbuhci - detected LockedFile.Multi.Generic ( 1 )
19:38:27.0024 0x1428  Object is SCO, delete is not allowed
19:38:27.0024 0x1428  usbuhci ( LockedFile.Multi.Generic ) - warning
19:38:32.0952 0x1428  [ 70D05EE263568A742D14E1876DF80532, D49D7B60EE30F2398B8B532F4A4C3F17535485F2BDB9B14AB600E2A4E3F12A6B ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
19:38:33.0011 0x1428  usb_rndisx - ok
19:38:33.0055 0x1428  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:38:33.0094 0x1428  UxSms - ok
19:38:33.0121 0x1428  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
19:38:33.0128 0x1428  VaultSvc - ok
19:38:33.0142 0x1428  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:38:33.0142 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
19:38:33.0147 0x1428  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
19:38:39.0000 0x1428  Detect skipped due to KSN trusted
19:38:39.0000 0x1428  vdrvroot - ok
19:38:39.0086 0x1428  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
19:38:39.0115 0x1428  vds - ok
19:38:39.0135 0x1428  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:39.0135 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
19:38:39.0145 0x1428  vga - detected LockedFile.Multi.Generic ( 1 )
19:38:49.0146 0x1428  Object is SCO, delete is not allowed
19:38:49.0146 0x1428  vga ( LockedFile.Multi.Generic ) - warning
19:38:49.0146 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:09.0148 0x1428  Object send P2P result: false
19:39:15.0054 0x1428  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:39:15.0055 0x1428  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
19:39:15.0075 0x1428  VgaSave - detected LockedFile.Multi.Generic ( 1 )
19:39:20.0990 0x1428  Detect skipped due to KSN trusted
19:39:20.0990 0x1428  VgaSave - ok
19:39:21.0034 0x1428  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:39:21.0035 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: C82E748660F62A242B2DFAC1442F22A4, sha256: 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E
19:39:21.0042 0x1428  vhdmp - detected LockedFile.Multi.Generic ( 1 )
19:39:26.0927 0x1428  Detect skipped due to KSN trusted
19:39:26.0927 0x1428  vhdmp - ok
19:39:26.0971 0x1428  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:39:26.0972 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
19:39:26.0980 0x1428  viaide - detected LockedFile.Multi.Generic ( 1 )
19:39:36.0980 0x1428  Object is SCO, delete is not allowed
19:39:36.0980 0x1428  viaide ( LockedFile.Multi.Generic ) - warning
19:39:43.0891 0x1428  [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
19:39:43.0891 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vmbus.sys. md5: 1501699D7EDA984ABC4155A7DA5738D1, sha256: 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952
19:39:43.0897 0x1428  vmbus - detected LockedFile.Multi.Generic ( 1 )
19:39:49.0806 0x1428  Detect skipped due to KSN trusted
19:39:49.0806 0x1428  vmbus - ok
19:39:49.0841 0x1428  [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
19:39:49.0842 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\VMBusHID.sys. md5: AE10C35761889E65A6F7176937C5592C, sha256: 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE
19:39:49.0849 0x1428  VMBusHID - detected LockedFile.Multi.Generic ( 1 )
19:39:55.0759 0x1428  Detect skipped due to KSN trusted
19:39:55.0759 0x1428  VMBusHID - ok
19:39:55.0812 0x1428  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:39:55.0813 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, sha256: 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2
19:39:55.0820 0x1428  volmgr - detected LockedFile.Multi.Generic ( 1 )
19:40:05.0821 0x1428  Object is SCO, delete is not allowed
19:40:05.0821 0x1428  volmgr ( LockedFile.Multi.Generic ) - warning
19:40:05.0821 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\volmgr.sys
19:40:15.0126 0x1428  Object send P2P result: true
19:40:20.0997 0x1428  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:40:20.0998 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: 99B0CBB569CA79ACAED8C91461D765FB, sha256: 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B
19:40:21.0003 0x1428  volmgrx - detected LockedFile.Multi.Generic ( 1 )
19:40:26.0889 0x1428  Detect skipped due to KSN trusted
19:40:26.0889 0x1428  volmgrx - ok
19:40:26.0933 0x1428  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
19:40:26.0934 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58F82EED8CA24B461441F9C3E4F0BF5C, sha256: 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C
19:40:26.0940 0x1428  volsnap - detected LockedFile.Multi.Generic ( 1 )
19:40:32.0841 0x1428  Detect skipped due to KSN trusted
19:40:32.0841 0x1428  volsnap - ok
19:40:32.0898 0x1428  [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61, 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
19:40:32.0899 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: ABD9B4A7E2D0AE51A3B8DF1AF3152D61, sha256: 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF
19:40:32.0906 0x1428  vpcbus - detected LockedFile.Multi.Generic ( 1 )
19:40:38.0833 0x1428  Detect skipped due to KSN trusted
19:40:38.0833 0x1428  vpcbus - ok
19:40:38.0890 0x1428  [ 8ACDA395841538CE9713A67FE8B2A3EB, D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:40:38.0890 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: 8ACDA395841538CE9713A67FE8B2A3EB, sha256: D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9
19:40:38.0905 0x1428  vpcnfltr - detected LockedFile.Multi.Generic ( 1 )
19:40:44.0788 0x1428  Detect skipped due to KSN trusted
19:40:44.0788 0x1428  vpcnfltr - ok
19:40:44.0845 0x1428  [ 31924E31BC315773E6D149B157DB46D5, 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
19:40:44.0845 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 31924E31BC315773E6D149B157DB46D5, sha256: 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2
19:40:44.0854 0x1428  vpcusb - detected LockedFile.Multi.Generic ( 1 )
19:40:54.0855 0x1428  vpcusb ( LockedFile.Multi.Generic ) - warning
19:40:54.0855 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\vpcusb.sys
19:41:02.0911 0x1428  Object send P2P result: true
19:41:08.0802 0x1428  [ C5B651E52540E6F46DA66574C74B4898, 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
19:41:08.0803 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vpcvmm.sys. md5: C5B651E52540E6F46DA66574C74B4898, sha256: 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2
19:41:08.0808 0x1428  vpcvmm - detected LockedFile.Multi.Generic ( 1 )
19:41:18.0808 0x1428  vpcvmm ( LockedFile.Multi.Generic ) - warning
19:41:18.0808 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\vpcvmm.sys
19:41:33.0171 0x1428  Object send P2P result: true
19:41:39.0021 0x1428  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:41:39.0021 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
19:41:39.0031 0x1428  vsmraid - detected LockedFile.Multi.Generic ( 1 )
19:41:44.0957 0x1428  Detect skipped due to KSN trusted
19:41:44.0957 0x1428  vsmraid - ok
19:41:45.0062 0x1428  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
19:41:45.0136 0x1428  VSS - ok
19:41:45.0202 0x1428  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:41:45.0203 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
19:41:45.0212 0x1428  vwifibus - detected LockedFile.Multi.Generic ( 1 )
19:41:51.0114 0x1428  Detect skipped due to KSN trusted
19:41:51.0114 0x1428  vwifibus - ok
19:41:51.0160 0x1428  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:41:51.0160 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
19:41:51.0168 0x1428  vwififlt - detected LockedFile.Multi.Generic ( 1 )
19:41:57.0074 0x1428  Detect skipped due to KSN trusted
19:41:57.0074 0x1428  vwififlt - ok
19:41:57.0118 0x1428  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:41:57.0118 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
19:41:57.0125 0x1428  vwifimp - detected LockedFile.Multi.Generic ( 1 )
19:42:07.0126 0x1428  vwifimp ( LockedFile.Multi.Generic ) - warning
19:42:07.0126 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\vwifimp.sys
19:42:23.0057 0x1428  Object send P2P result: true
19:42:40.0173 0x1428  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:42:40.0223 0x1428  W32Time - ok
19:42:40.0259 0x1428  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:42:40.0259 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
19:42:40.0264 0x1428  WacomPen - detected LockedFile.Multi.Generic ( 1 )
19:42:46.0156 0x1428  Detect skipped due to KSN trusted
19:42:46.0156 0x1428  WacomPen - ok
19:42:46.0178 0x1428  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:42:46.0178 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
19:42:46.0186 0x1428  WANARP - detected LockedFile.Multi.Generic ( 1 )
19:42:52.0062 0x1428  Detect skipped due to KSN trusted
19:42:52.0062 0x1428  WANARP - ok
19:42:52.0108 0x1428  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:42:52.0108 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
19:42:52.0115 0x1428  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
19:42:52.0115 0x1428  Detect skipped due to KSN trusted
19:42:52.0115 0x1428  Wanarpv6 - ok
19:42:52.0213 0x1428  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
19:42:52.0281 0x1428  wbengine - ok
19:42:52.0314 0x1428  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:42:52.0329 0x1428  WbioSrvc - ok
19:42:52.0356 0x1428  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:42:52.0375 0x1428  wcncsvc - ok
19:42:52.0414 0x1428  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:42:52.0449 0x1428  WcsPlugInService - ok
19:42:52.0499 0x1428  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:42:52.0499 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
19:42:52.0517 0x1428  Wd - detected LockedFile.Multi.Generic ( 1 )
19:42:58.0398 0x1428  Detect skipped due to KSN trusted
19:42:58.0398 0x1428  Wd - ok
19:42:58.0498 0x1428  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:42:58.0498 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
19:42:58.0504 0x1428  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
19:43:04.0379 0x1428  Detect skipped due to KSN trusted
19:43:04.0380 0x1428  Wdf01000 - ok
19:43:04.0421 0x1428  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:43:04.0456 0x1428  WdiServiceHost - ok
19:43:04.0479 0x1428  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:43:04.0491 0x1428  WdiSystemHost - ok
19:43:04.0533 0x1428  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
19:43:04.0557 0x1428  WebClient - ok
19:43:04.0608 0x1428  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:43:04.0674 0x1428  Wecsvc - ok
19:43:04.0716 0x1428  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:43:04.0775 0x1428  wercplsupport - ok
19:43:04.0824 0x1428  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:43:04.0848 0x1428  WerSvc - ok
19:43:04.0866 0x1428  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:04.0866 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
19:43:04.0884 0x1428  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
19:43:11.0058 0x1428  Detect skipped due to KSN trusted
19:43:11.0058 0x1428  WfpLwf - ok
19:43:11.0101 0x1428  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:43:11.0102 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
19:43:11.0112 0x1428  WIMMount - detected LockedFile.Multi.Generic ( 1 )
19:43:21.0112 0x1428  WIMMount ( LockedFile.Multi.Generic ) - warning
19:43:21.0112 0x1428  Force sending object to P2P due to detect: C:\Windows\system32\drivers\wimmount.sys
19:43:36.0868 0x1428  Object send P2P result: true
19:43:53.0780 0x1428  WinDefend - ok
19:43:53.0832 0x1428  WinHttpAutoProxySvc - ok
19:43:53.0938 0x1428  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:43:53.0994 0x1428  Winmgmt - ok
19:43:54.0144 0x1428  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:43:54.0234 0x1428  WinRM - ok
19:43:54.0322 0x1428  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:43:54.0370 0x1428  WinUsb - ok
19:43:54.0488 0x1428  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:43:54.0538 0x1428  Wlansvc - ok
19:43:54.0710 0x1428  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:43:54.0770 0x1428  wlidsvc - ok
19:43:54.0824 0x1428  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:43:54.0825 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
19:43:54.0846 0x1428  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
19:44:00.0988 0x1428  Detect skipped due to KSN trusted
19:44:00.0988 0x1428  WmiAcpi - ok
19:44:01.0038 0x1428  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:44:01.0081 0x1428  wmiApSrv - ok
19:44:01.0136 0x1428  WMPNetworkSvc - ok
19:44:01.0181 0x1428  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:44:01.0202 0x1428  WPCSvc - ok
19:44:01.0238 0x1428  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:44:01.0271 0x1428  WPDBusEnum - ok
19:44:01.0312 0x1428  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:44:01.0312 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
19:44:01.0320 0x1428  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
19:44:07.0201 0x1428  Detect skipped due to KSN trusted
19:44:07.0201 0x1428  ws2ifsl - ok
19:44:07.0250 0x1428  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:44:07.0288 0x1428  wscsvc - ok
19:44:07.0304 0x1428  WSearch - ok
19:44:07.0438 0x1428  [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:44:07.0525 0x1428  wuauserv - ok
19:44:07.0581 0x1428  [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:44:07.0582 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 7CADC74271DD6461C452C271B30BD378, sha256: D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861
19:44:07.0589 0x1428  WudfPf - detected LockedFile.Multi.Generic ( 1 )
19:44:13.0496 0x1428  Detect skipped due to KSN trusted
19:44:13.0496 0x1428  WudfPf - ok
19:44:13.0570 0x1428  [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:13.0570 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3B197AF0FFF08AA66B6B2241CA538D64, sha256: BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79
19:44:13.0577 0x1428  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
19:44:19.0508 0x1428  Detect skipped due to KSN trusted
19:44:19.0508 0x1428  WUDFRd - ok
19:44:19.0573 0x1428  [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:44:19.0624 0x1428  wudfsvc - ok
19:44:19.0669 0x1428  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:44:19.0704 0x1428  WwanSvc - ok
19:44:19.0767 0x1428  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
19:44:19.0768 0x1428  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\xnacc.sys. md5: 4A5CE13408945E525503B5F73D29B9C5, sha256: D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD
19:44:19.0773 0x1428  xnacc - detected LockedFile.Multi.Generic ( 1 )
19:44:25.0707 0x1428  Detect skipped due to KSN trusted
19:44:25.0707 0x1428  xnacc - ok
19:44:25.0743 0x1428  ================ Scan global ===============================
19:44:25.0803 0x1428  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:44:25.0840 0x1428  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
19:44:25.0859 0x1428  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
19:44:25.0889 0x1428  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:44:25.0934 0x1428  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:44:25.0952 0x1428  [ Global ] - ok
19:44:25.0953 0x1428  ================ Scan MBR ==================================
19:44:32.0041 0x1428  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:44:32.0192 0x1428  \Device\Harddisk0\DR0 - ok
19:44:32.0201 0x1428  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:44:32.0672 0x1428  \Device\Harddisk1\DR1 - ok
19:44:32.0698 0x1428  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:44:32.0903 0x1428  \Device\Harddisk2\DR2 - ok
19:44:32.0903 0x1428  ================ Scan VBR ==================================
19:44:32.0906 0x1428  [ B7CA045DA5355BFAF4E3D0B4BCB60A8C ] \Device\Harddisk0\DR0\Partition1
19:44:32.0954 0x1428  \Device\Harddisk0\DR0\Partition1 - ok
19:44:32.0983 0x1428  [ 43DAA32613B71A6422EE9EFD8F7DADF6 ] \Device\Harddisk1\DR1\Partition1
19:44:32.0985 0x1428  \Device\Harddisk1\DR1\Partition1 - ok
19:44:32.0989 0x1428  [ 97491B7282225EA660B0EBF7D482ECC8 ] \Device\Harddisk2\DR2\Partition1
19:44:33.0048 0x1428  \Device\Harddisk2\DR2\Partition1 - ok
19:44:33.0113 0x1428  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.3.336 ), 0x40000 ( disabled : updated )
19:44:33.0117 0x1428  Win FW state via NFP2: enabled
19:44:50.0989 0x1428  ============================================================
19:44:50.0989 0x1428  Scan finished
19:44:50.0989 0x1428  ============================================================
19:44:51.0001 0x1a5c  Detected object count: 43
19:44:51.0001 0x1a5c  Actual detected object count: 43
19:45:32.0855 0x1a5c  b06bdrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0856 0x1a5c  b06bdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0857 0x1a5c  Brserid ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0857 0x1a5c  Brserid ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0859 0x1a5c  CmBatt ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0859 0x1a5c  CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0861 0x1a5c  d9c0704a342146bd ( Rootkit.Win32.Necurs.gen ) - skipped by user
19:45:32.0861 0x1a5c  d9c0704a342146bd ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
19:45:32.0863 0x1a5c  ErrDev ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0863 0x1a5c  ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0865 0x1a5c  Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0865 0x1a5c  Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0867 0x1a5c  HidBatt ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0867 0x1a5c  HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0869 0x1a5c  hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0869 0x1a5c  hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0871 0x1a5c  IPNAT ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0871 0x1a5c  IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0873 0x1a5c  LGBusEnum ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0873 0x1a5c  LGBusEnum ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0874 0x1a5c  megasas ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0874 0x1a5c  megasas ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0876 0x1a5c  mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0876 0x1a5c  mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0878 0x1a5c  Msfs ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0878 0x1a5c  Msfs ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0880 0x1a5c  msisadrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0880 0x1a5c  msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0881 0x1a5c  MTConfig ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0881 0x1a5c  MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0882 0x1a5c  MTsensor ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0882 0x1a5c  MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0883 0x1a5c  NdisWan ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0883 0x1a5c  NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0885 0x1a5c  Ntfs ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0885 0x1a5c  Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0886 0x1a5c  Null ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0886 0x1a5c  Null ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0887 0x1a5c  pci ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0887 0x1a5c  pci ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0888 0x1a5c  pcmcia ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0888 0x1a5c  pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0889 0x1a5c  ql40xx ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0889 0x1a5c  ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0891 0x1a5c  QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0891 0x1a5c  QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0892 0x1a5c  rdbss ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0892 0x1a5c  rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0893 0x1a5c  RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0893 0x1a5c  RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0895 0x1a5c  rspndr ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0895 0x1a5c  rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0896 0x1a5c  RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0896 0x1a5c  RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0897 0x1a5c  scfilter ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0897 0x1a5c  scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0899 0x1a5c  sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0899 0x1a5c  sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0900 0x1a5c  srv2 ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0900 0x1a5c  srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0901 0x1a5c  tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0901 0x1a5c  tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0902 0x1a5c  TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0902 0x1a5c  TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0904 0x1a5c  tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0904 0x1a5c  tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0905 0x1a5c  UmPass ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0905 0x1a5c  UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0906 0x1a5c  usbccgp ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0906 0x1a5c  usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0907 0x1a5c  usbuhci ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0908 0x1a5c  usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0909 0x1a5c  vga ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0909 0x1a5c  vga ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0910 0x1a5c  viaide ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0910 0x1a5c  viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0911 0x1a5c  volmgr ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0911 0x1a5c  volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0912 0x1a5c  vpcusb ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0913 0x1a5c  vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0914 0x1a5c  vpcvmm ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0914 0x1a5c  vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0915 0x1a5c  vwifimp ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0915 0x1a5c  vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:45:32.0916 0x1a5c  WIMMount ( LockedFile.Multi.Generic ) - skipped by user
19:45:32.0916 0x1a5c  WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
         
Ich gebe das gleiche auch nochmal anschaulich anhand eines Screenshots dar:

1 Bild




2 Bild




3 Bild


Alt 14.03.2014, 17:39   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Ich seh keine Bilder

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.03.2014, 18:51   #6
Hahpuh
 
Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Lieber Schrauber,

habe alles nach deinen Anweisung getan.
Es gab keine Störungen und Komplikationen.
Den Bericht stelle ich dir zur Verfügung.

Code:
ATTFilter
ComboFix 14-03-13.01 - Kevin 14.03.2014  19:38:17.1.6 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.8191.5893 [GMT 1:00]
ausgeführt von:: c:\users\Kevin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kevin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-14 bis 2014-03-14  ))))))))))))))))))))))))))))))
.
.
2014-03-13 13:15 . 2014-03-13 13:15	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-03-13 02:18 . 2014-03-13 03:19	--------	d-----w-	C:\FRST
2014-03-13 01:14 . 2014-03-13 01:14	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Avira
2014-03-13 01:13 . 2014-02-25 10:41	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-03-13 01:13 . 2014-02-25 10:41	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-03-13 01:13 . 2014-02-25 10:41	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-03-13 01:09 . 2014-03-13 01:13	--------	d-----w-	c:\program files (x86)\Avira
2014-03-13 01:09 . 2014-03-13 01:13	--------	d-----w-	c:\programdata\Avira
2014-03-10 02:07 . 2014-03-13 05:42	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-10 02:07 . 2014-03-10 02:07	--------	d-----w-	c:\windows\system32\Macromed
2014-03-10 00:02 . 2014-03-13 00:46	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Wudenu
2014-03-10 00:02 . 2014-03-12 22:41	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Onyx
2014-03-09 00:52 . 2014-03-09 00:52	--------	d-----w-	c:\program files (x86)\Dungeon Defenders
2014-03-06 13:56 . 2013-12-18 20:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-06 13:50 . 2014-03-06 13:50	--------	d-----w-	c:\program files (x86)\Lavalys
2014-03-02 22:41 . 2014-03-02 22:41	--------	d-----w-	c:\users\Kevin\AppData\Local\Chromium
2014-03-01 04:39 . 2014-03-13 05:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-01 04:39 . 2014-03-01 04:39	--------	d-----w-	c:\windows\SysWow64\Macromed
2014-03-01 03:39 . 2014-03-01 03:39	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Awesomium
2014-03-01 03:38 . 2014-03-01 03:38	--------	d-----w-	c:\programdata\Hi-Rez Studios
2014-02-27 14:30 . 2014-02-27 14:30	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-02-25 22:05 . 2014-03-03 05:39	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Agamdu
2014-02-25 22:05 . 2014-03-03 03:50	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Epymit
2014-02-25 19:11 . 2014-02-25 19:11	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 19:11 . 2014-02-25 19:11	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-25 19:11 . 2014-02-25 19:11	--------	d-----w-	c:\programdata\Malwarebytes
2014-02-25 19:11 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-02-25 18:33 . 2014-02-25 18:40	--------	d-----w-	c:\program files (x86)\GUM9211.tmp
2014-02-25 18:33 . 2014-02-25 18:34	49940480	----a-w-	c:\program files (x86)\GUT9212.tmp
2014-02-20 12:11 . 2014-02-25 19:25	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 12:11 . 2014-02-25 19:23	--------	d-----w-	c:\users\Kevin\AppData\Roaming\Osyv
2014-02-19 11:47 . 2014-02-19 11:47	--------	d-----w-	c:\program files\Lenovo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 21:50 . 2013-12-15 17:21	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-02-16 21:50 . 2013-12-11 11:55	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-02-02 20:55 . 2013-12-11 11:55	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-01-25 05:13 . 2012-07-17 13:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-15 17:21 . 2013-12-11 11:55	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UZRmedia"="c:\users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll" [2014-01-01 16896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-07 172624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - d9c0704a342146bd
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-25 18:33	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-10 05:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-20 10151968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\d9c0704a342146bd]
"ImagePath"="\SystemRoot\System32\Drivers\d9c0704a342146bd.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\regsvr32.exe
c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-14  19:47:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-14 18:47
.
Vor Suchlauf: 9 Verzeichnis(se), 121.495.998.464 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 121.117.806.592 Bytes frei
.
- - End Of File - - 87334A3C3936AC774D769C08E5212F03
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 15.03.2014, 16:12   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.03.2014, 16:41   #8
Hahpuh
 
Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Lieber Schrauber,

ich übertrage dir nun die Logfiles:

Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.15.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Kevin :: KEVIN_S [Administrator]

15.03.2014 17:36:09
mbam-log-2014-03-15 (17-36-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240273
Laufzeit: 3 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 15/03/2014 um 17:44:29
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzername : Kevin - KEVIN_S
# Gestartet von : C:\Users\Kevin\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Users\Kevin\AppData\Local\Mobogenie
[!] Ordner Gelöscht : C:\Users\Kevin\Documents\Mobogenie

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Google Chrome v

[ Datei : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2029 octets] - [15/03/2014 17:42:53]
AdwCleaner[S0].txt - [1852 octets] - [15/03/2014 17:44:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1912 octets] ##########
         

JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Kevin on 15.03.2014 at 17:52:58,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2014 at 17:57:37,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRst:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014 01
Ran by Kevin (administrator) on KEVIN_S on 15-03-2014 17:59:34
Running from C:\Users\Kevin\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hi-Rez Studios) D:\Smite\HiPatchService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Thisisu) C:\Users\Kevin\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Valve Corporation) D:\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Nostromo Driver] - C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x05871061813DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google-Suche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-10]
CHR Extension: (Yulia Brodskaya) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
R2 HiPatchService; D:\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-15] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [227840 2009-07-14] ()
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] ()
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] ()
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] ()
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] ()
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] ()
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] ()
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] ()
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] ()
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [12534784 2013-10-08] ()
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [619008 2013-10-08] ()
R3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-14] ()
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] ()
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] ()
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] ()
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] ()
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] ()
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] ()
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] ()
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] ()
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] ()
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] ()
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] ()
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] ()
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] ()
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] ()
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] ()
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] ()
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] ()
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] ()
U5 d9c0704a342146bd; C:\Windows\System32\Drivers\d9c0704a342146bd.sys [78800 2014-01-02] () <===== ATTENTION Necurs Rootkit?
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2009-11-04] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] ()
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] ()
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] ()
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] ()
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] ()
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] ()
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2350240 2010-05-20] ()
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] ()
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] ()
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] ()
R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [22408 2009-11-24] ()
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [16008 2009-11-24] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] ()
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] ()
S3 msahci; C:\Windows\system32\DRIVERS\msahci.sys [30272 2009-07-14] ()
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
R3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] ()
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] ()
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] ()
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] ()
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] ()
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] ()
R0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] ()
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] ()
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] ()
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [347680 2010-05-20] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] ()
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] ()
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] ()
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] ()
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] ()
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [126912 2012-04-19] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] ()
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] ()
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] ()
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] ()
R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109568 2009-07-14] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] ()
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] ()
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-14] ()
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] ()
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] ()
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] ()
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] ()
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] ()
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] ()
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] ()
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [187904 2009-11-04] ()
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [66304 2009-11-04] ()
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2009-11-04] ()
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [359552 2009-11-04] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] ()
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] ()
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] ()
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:52 - 2014-03-15 17:52 - 01037734 _____ (Thisisu) C:\Users\Kevin\Downloads\JRT.exe
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:42 - 2014-03-15 17:45 - 00000000 ____D () C:\AdwCleaner
2014-03-15 17:42 - 2014-03-15 17:42 - 01950720 _____ () C:\Users\Kevin\Downloads\adwcleaner.exe
2014-03-14 23:36 - 2014-03-14 23:37 - 00017513 _____ () C:\Windows\DirectX.log
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:33 - 2014-03-14 19:47 - 00000000 ____D () C:\Qoobox
2014-03-14 19:33 - 2014-03-14 19:46 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-14 19:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-14 19:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-14 19:32 - 2014-03-14 19:32 - 05190279 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2014-03-14 04:40 - 2014-03-14 04:49 - 16016506 _____ () C:\Users\Kevin\Downloads\one_piece_nami_robi_5.7z
2014-03-14 03:49 - 2014-03-14 03:49 - 01467128 _____ () C:\Users\Kevin\Downloads\SystemCheck_deDE.exe
2014-03-13 19:01 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-03-13 18:53 - 2014-03-13 18:54 - 04110135 _____ () C:\Users\Kevin\Downloads\tdsskiller.zip
2014-03-13 18:49 - 2014-03-13 18:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Downloads\tdsskiller.exe
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-15 17:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 04:35 - 2014-03-13 04:36 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:22 - 2014-03-13 04:22 - 00380416 _____ () C:\Users\Kevin\Downloads\Gmer-19357.exe
2014-03-13 04:19 - 2014-03-13 04:19 - 00031518 _____ () C:\Users\Kevin\Downloads\Addition.txt
2014-03-13 04:17 - 2014-03-15 17:59 - 00027491 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:14 - 2014-03-13 04:15 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 04:06 - 2014-03-13 04:23 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:18 - 2014-03-15 17:59 - 00000000 ____D () C:\FRST
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-15 17:46 - 00000392 _____ () C:\Windows\setupact.log
2014-03-13 03:09 - 2014-03-14 19:43 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:05 - 2014-03-15 17:56 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-11 00:31 - 2014-02-21 10:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-03-10 22:49 - 2013-11-08 09:12 - 00000000 ____D () C:\Users\Kevin\Downloads\After.Earth.2013.BDRip.AC3.German.XviD-MB
2014-03-10 16:02 - 2014-03-10 16:06 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:40 - 2014-03-10 15:46 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:19 - 2014-03-10 04:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 03:43 - 2014-03-10 04:09 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 03:43 - 2014-03-10 04:07 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:43 - 2014-03-10 03:57 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:17 - 2014-03-10 03:34 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:16 - 2014-03-10 03:33 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:16 - 2014-03-10 03:32 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-13 06:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-10 01:02 - 2014-03-13 01:46 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-10 01:02 - 2014-03-12 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 14:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-06 14:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-06 14:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-13 06:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 23:05 - 2014-03-03 06:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-02-25 23:05 - 2014-03-03 04:50 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:33 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:33 - 2014-02-25 19:34 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-20 13:11 - 2014-02-25 20:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 13:11 - 2014-02-25 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo

==================== One Month Modified Files and Folders =======

2014-03-15 17:59 - 2014-03-13 04:17 - 00027491 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-15 17:59 - 2014-03-13 03:18 - 00000000 ____D () C:\FRST
2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:56 - 2014-03-13 02:05 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-15 17:55 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 17:55 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 17:52 - 2014-03-15 17:52 - 01037734 _____ (Thisisu) C:\Users\Kevin\Downloads\JRT.exe
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:48 - 2013-12-10 15:04 - 00000498 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-15 17:47 - 2013-12-26 02:45 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2014-03-15 17:46 - 2014-03-13 03:09 - 00000392 _____ () C:\Windows\setupact.log
2014-03-15 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 17:45 - 2014-03-15 17:42 - 00000000 ____D () C:\AdwCleaner
2014-03-15 17:43 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2014-03-15 17:42 - 2014-03-15 17:42 - 01950720 _____ () C:\Users\Kevin\Downloads\adwcleaner.exe
2014-03-15 17:40 - 2014-03-13 06:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 12:58 - 2013-12-11 00:01 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\vlc
2014-03-14 23:37 - 2014-03-14 23:36 - 00017513 _____ () C:\Windows\DirectX.log
2014-03-14 23:37 - 2013-12-29 00:48 - 00000000 ____D () C:\Users\Kevin\Documents\my games
2014-03-14 20:24 - 2009-07-14 18:58 - 00700562 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 20:24 - 2009-07-14 18:58 - 00149462 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 20:24 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 20:23 - 2013-12-10 14:42 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-14 20:22 - 2013-12-10 21:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:47 - 2014-03-14 19:33 - 00000000 ____D () C:\Qoobox
2014-03-14 19:47 - 2013-12-10 15:57 - 00000000 ____D () C:\Users\Max
2014-03-14 19:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-14 19:46 - 2014-03-14 19:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-14 19:43 - 2014-03-13 03:09 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-14 19:32 - 2014-03-14 19:32 - 05190279 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2014-03-14 19:32 - 2013-12-11 16:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2014-03-14 19:32 - 2013-12-10 15:07 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\TS3Client
2014-03-14 04:49 - 2014-03-14 04:40 - 16016506 _____ () C:\Users\Kevin\Downloads\one_piece_nami_robi_5.7z
2014-03-14 03:49 - 2014-03-14 03:49 - 01467128 _____ () C:\Users\Kevin\Downloads\SystemCheck_deDE.exe
2014-03-13 20:04 - 2013-12-10 14:49 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-13 18:54 - 2014-03-13 18:53 - 04110135 _____ () C:\Users\Kevin\Downloads\tdsskiller.zip
2014-03-13 18:49 - 2014-03-13 18:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Downloads\tdsskiller.exe
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 06:42 - 2014-03-10 03:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 06:42 - 2014-03-01 05:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 05:14 - 2013-12-10 14:31 - 00001706 _____ () C:\Users\Kevin\Desktop\W-Lan Code.txt
2014-03-13 04:36 - 2014-03-13 04:35 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:23 - 2014-03-13 04:06 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 04:22 - 2014-03-13 04:22 - 00380416 _____ () C:\Users\Kevin\Downloads\Gmer-19357.exe
2014-03-13 04:19 - 2014-03-13 04:19 - 00031518 _____ () C:\Users\Kevin\Downloads\Addition.txt
2014-03-13 04:16 - 2014-03-13 04:16 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2014-03-13 04:15 - 2014-03-13 04:14 - 00000472 _____ () C:\Users\Kevin\Downloads\defogger_disable.log
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:14 - 2013-12-10 14:26 - 00000000 ____D () C:\Users\Kevin
2014-03-13 04:12 - 2014-03-13 04:12 - 00050477 _____ () C:\Users\Kevin\Downloads\Defogger.exe
2014-03-13 03:17 - 2014-03-13 03:17 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 03:09 - 2009-07-14 01:20 - 00000000 __SHD () C:\Users\Kevin\AppData\Roaming\brjhugsc
2014-03-13 02:32 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Kevin\Desktop\Sc
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Spiele
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Programme
2014-03-13 02:30 - 2014-01-18 21:04 - 00003334 _____ () C:\Windows\System32\Tasks\{96E09B51-3767-4369-B365-95C572CD4F5D}
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2014-03-13 02:09 - 00000400 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:09 - 2013-12-10 14:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 01:58 - 2013-12-11 12:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-13 01:46 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-13 01:41 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Microsoft Games
2014-03-12 23:41 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-10 22:54 - 2013-12-27 04:57 - 00000000 ____D () C:\Users\Kevin\Downloads\2.Harry.Potter.und.die.Kammer.des.Schreckens-23thstreet
2014-03-10 16:06 - 2014-03-10 16:02 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:46 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:21 - 2014-03-10 04:19 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 04:09 - 2014-03-10 03:43 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 04:07 - 2014-03-10 03:43 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:57 - 2014-03-10 03:43 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:34 - 2014-03-10 03:17 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part2.rar
2014-03-10 03:33 - 2014-03-10 03:16 - 536870912 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part1.rar
2014-03-10 03:32 - 2014-03-10 03:16 - 405353908 _____ () C:\Users\Kevin\Downloads\After.Earth.2013-MB.part3.rar
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-07 17:31 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Battle.net
2014-03-07 05:29 - 2013-12-11 23:03 - 00000596 _____ () C:\Users\Kevin\Desktop\Neues Textdokument.txt
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-03 06:39 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-03-03 04:50 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 04:38 - 2013-12-10 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 20:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-27 15:26 - 2014-03-13 19:01 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-02-25 21:15 - 2013-12-17 01:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yjquxu
2014-02-25 20:25 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-25 20:25 - 2013-12-10 14:27 - 00000000 ___RD () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 20:23 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:40 - 2014-02-25 19:33 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-25 19:34 - 2014-02-25 19:33 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:34 - 2013-12-10 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 19:33 - 2013-12-10 14:32 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Deployment
2014-02-25 19:25 - 2014-01-21 23:30 - 00000000 ____D () C:\Windows\Minidump
2014-02-25 19:25 - 2013-12-10 14:15 - 00000000 ____D () C:\Windows\Panther
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-25 11:41 - 2014-03-13 02:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-21 10:21 - 2014-03-11 00:31 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-16 22:50 - 2013-12-15 18:21 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-16 22:50 - 2013-12-11 12:55 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\avgnt.exe
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:20] - [2009-07-14 02:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-02-28 00:40

==================== End Of Log ============================
         
--- --- ---

Geändert von Hahpuh (15.03.2014 um 17:00 Uhr)

Alt 16.03.2014, 16:06   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.03.2014, 04:52   #10
Hahpuh
 
Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=61cd62c916ee88448a3e905d5000b250
# engine=17486
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-18 04:49:31
# local_time=2014-03-18 05:49:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 94 0 1796907 8408 0
# compatibility_mode=5893 16776574 100 94 1763377 147523842 0 0
# scanned=191556
# found=4
# cleaned=0
# scan_time=4118
sh=ACC5638242CD8AAA80251438FB85428E2B02F856 ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\nhkdgbjgkphgeoplnokbdnclpbagempn\2.0.1\background.js"
sh=E7E50CD911B9451F343F1FDF57FBC0A786C9FDD1 ft=1 fh=ca3ea8d585515dc8 vn="a variant of Win32/Sefnit.CW trojan" ac=I fn="C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll"
sh=53DE1B6BD2D14254EC762EEBE9F57E79F4EBE9C8 ft=1 fh=1ec55d698fb78f56 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\JDwloader Dls\Godus.Beta.v2.0-3DM\steam_api.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Sefnit.CW trojan" ac=I fn="${Memory}"
         

SC:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7  x64 (UAC is disabled!)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Frst:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Kevin (administrator) on KEVIN_S on 18-03-2014 05:58:31
Running from C:\Users\Kevin\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hi-Rez Studios) D:\Smite\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
(Valve Corporation) D:\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
(Blizzard Entertainment) D:\Blizzard\Battle.net\Battle.net.4269\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Nostromo Driver] - C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x05871061813DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google-Suche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-10]
CHR Extension: (Yulia Brodskaya) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
U2 HiPatchService; D:\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-15] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
U5 d9c0704a342146bd; C:\Windows\System32\Drivers\d9c0704a342146bd.sys [78800 2014-01-02] () <===== ATTENTION Necurs Rootkit?
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] (Realtek Semiconductor Corporation                           )
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] ()
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] ()
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 05:58 - 2014-03-18 05:58 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-18 05:58 - 2014-03-18 05:58 - 00009481 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-18 05:53 - 2014-03-18 05:53 - 00987442 _____ () C:\Users\Kevin\Desktop\SecurityCheck.exe
2014-03-18 04:38 - 2014-03-18 04:38 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu (1).exe
2014-03-18 04:38 - 2014-03-18 04:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-17 04:24 - 2014-03-17 04:24 - 00185001 _____ () C:\Users\Kevin\Desktop\gfh.xps
2014-03-16 18:27 - 2014-03-16 18:28 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu.exe
2014-03-16 00:57 - 2014-03-16 00:57 - 710317926 _____ () C:\Windows\MEMORY.DMP
2014-03-16 00:57 - 2014-03-16 00:57 - 00276200 _____ () C:\Windows\Minidump\031614-24148-01.dmp
2014-03-15 18:29 - 2014-03-15 18:29 - 04479832 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x86.exe
2014-03-15 18:27 - 2014-03-15 18:28 - 10274136 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x64.exe
2014-03-15 18:27 - 2014-03-15 18:27 - 04657496 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_IA64.exe
2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:42 - 2014-03-15 17:45 - 00000000 ____D () C:\AdwCleaner
2014-03-14 23:36 - 2014-03-15 23:54 - 00035026 _____ () C:\Windows\DirectX.log
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:33 - 2014-03-14 19:47 - 00000000 ____D () C:\Qoobox
2014-03-14 19:33 - 2014-03-14 19:46 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-14 19:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-14 19:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-14 19:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-13 19:01 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-18 05:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 04:35 - 2014-03-13 04:36 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:06 - 2014-03-13 04:23 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 03:18 - 2014-03-18 05:58 - 00000000 ____D () C:\FRST
2014-03-13 03:09 - 2014-03-16 17:24 - 00003183 _____ () C:\Windows\setupact.log
2014-03-13 03:09 - 2014-03-14 19:43 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 02:13 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 02:09 - 2014-03-15 23:23 - 00002556 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:09 - 2014-03-13 02:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:05 - 2014-03-18 05:45 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-11 00:31 - 2014-02-21 10:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-03-10 22:49 - 2013-11-08 09:12 - 00000000 ____D () C:\Users\Kevin\Downloads\After.Earth.2013.BDRip.AC3.German.XviD-MB
2014-03-10 16:02 - 2014-03-10 16:06 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:02 - 2014-03-10 16:06 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:43 - 2014-03-10 15:48 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:40 - 2014-03-10 15:47 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:40 - 2014-03-10 15:46 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:19 - 2014-03-10 04:21 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 03:43 - 2014-03-10 04:09 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 03:43 - 2014-03-10 04:09 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 03:43 - 2014-03-10 04:07 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:43 - 2014-03-10 03:57 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:07 - 2014-03-13 06:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-10 01:02 - 2014-03-13 01:46 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-10 01:02 - 2014-03-12 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 14:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-06 14:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-06 14:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-13 06:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-25 23:05 - 2014-03-03 06:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-02-25 23:05 - 2014-03-03 04:50 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:33 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:33 - 2014-02-25 19:34 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-20 13:11 - 2014-02-25 20:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-20 13:11 - 2014-02-25 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo

==================== One Month Modified Files and Folders =======

2014-03-18 05:58 - 2014-03-18 05:58 - 02157056 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2014-03-18 05:58 - 2014-03-18 05:58 - 00009481 _____ () C:\Users\Kevin\Downloads\FRST.txt
2014-03-18 05:58 - 2014-03-13 03:18 - 00000000 ____D () C:\FRST
2014-03-18 05:55 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2014-03-18 05:53 - 2014-03-18 05:53 - 00987442 _____ () C:\Users\Kevin\Desktop\SecurityCheck.exe
2014-03-18 05:45 - 2014-03-13 02:05 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F869E1D1-5B82-488D-9FEB-12FCC8122624}
2014-03-18 05:40 - 2014-03-13 06:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 05:39 - 2013-12-11 16:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2014-03-18 04:43 - 2013-12-10 15:07 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\TS3Client
2014-03-18 04:38 - 2014-03-18 04:38 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu (1).exe
2014-03-18 04:38 - 2014-03-18 04:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-17 21:50 - 2013-12-11 00:01 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\vlc
2014-03-17 05:19 - 2013-12-26 02:45 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
2014-03-17 04:24 - 2014-03-17 04:24 - 00185001 _____ () C:\Users\Kevin\Desktop\gfh.xps
2014-03-16 18:28 - 2014-03-16 18:27 - 02347384 _____ (ESET) C:\Users\Kevin\Downloads\esetsmartinstaller_enu.exe
2014-03-16 17:27 - 2009-07-14 18:58 - 00700562 _____ () C:\Windows\system32\perfh007.dat
2014-03-16 17:27 - 2009-07-14 18:58 - 00149462 _____ () C:\Windows\system32\perfc007.dat
2014-03-16 17:27 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 17:24 - 2014-03-13 03:09 - 00003183 _____ () C:\Windows\setupact.log
2014-03-16 08:43 - 2013-12-10 14:42 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-16 08:32 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 08:32 - 2009-07-14 05:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 08:25 - 2013-12-10 15:04 - 00000497 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-16 08:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 01:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 00:57 - 2014-03-16 00:57 - 710317926 _____ () C:\Windows\MEMORY.DMP
2014-03-16 00:57 - 2014-03-16 00:57 - 00276200 _____ () C:\Windows\Minidump\031614-24148-01.dmp
2014-03-16 00:57 - 2014-01-21 23:30 - 00000000 ____D () C:\Windows\Minidump
2014-03-15 23:54 - 2014-03-14 23:36 - 00035026 _____ () C:\Windows\DirectX.log
2014-03-15 23:23 - 2014-03-13 02:09 - 00002556 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 18:29 - 2014-03-15 18:29 - 04479832 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x86.exe
2014-03-15 18:28 - 2014-03-15 18:27 - 10274136 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_x64.exe
2014-03-15 18:27 - 2014-03-15 18:27 - 04657496 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\vcredist_IA64.exe
2014-03-15 17:57 - 2014-03-15 17:57 - 00000621 _____ () C:\Users\Kevin\Desktop\JRT.txt
2014-03-15 17:52 - 2014-03-15 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-15 17:45 - 2014-03-15 17:42 - 00000000 ____D () C:\AdwCleaner
2014-03-14 23:37 - 2013-12-29 00:48 - 00000000 ____D () C:\Users\Kevin\Documents\my games
2014-03-14 20:22 - 2013-12-10 21:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-14 19:47 - 2014-03-14 19:47 - 00014990 _____ () C:\ComboFix.txt
2014-03-14 19:47 - 2014-03-14 19:33 - 00000000 ____D () C:\Qoobox
2014-03-14 19:47 - 2013-12-10 15:57 - 00000000 ____D () C:\Users\Max
2014-03-14 19:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-14 19:46 - 2014-03-14 19:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 19:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-14 19:43 - 2014-03-13 03:09 - 00085586 _____ () C:\Windows\PFRO.log
2014-03-13 20:04 - 2013-12-10 14:49 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-13 14:15 - 2014-03-13 14:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 06:42 - 2014-03-13 06:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 06:42 - 2014-03-10 03:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 06:42 - 2014-03-01 05:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 05:14 - 2013-12-10 14:31 - 00001706 _____ () C:\Users\Kevin\Desktop\W-Lan Code.txt
2014-03-13 04:36 - 2014-03-13 04:35 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (4).bmp
2014-03-13 04:25 - 2014-03-13 04:25 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap (2).bmp
2014-03-13 04:24 - 2014-03-13 04:24 - 06220854 _____ () C:\Users\Kevin\Desktop\Neue Bitmap.bmp
2014-03-13 04:23 - 2014-03-13 04:06 - 00081928 _____ () C:\Users\Kevin\Desktop\Neues Textdokument (2).txt
2014-03-13 04:14 - 2014-03-13 04:14 - 00000000 _____ () C:\Users\Kevin\defogger_reenable
2014-03-13 04:14 - 2013-12-10 14:26 - 00000000 ____D () C:\Users\Kevin
2014-03-13 03:09 - 2014-03-13 03:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 03:09 - 2009-07-14 01:20 - 00000000 __SHD () C:\Users\Kevin\AppData\Roaming\brjhugsc
2014-03-13 02:32 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Kevin\Desktop\Sc
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Spiele
2014-03-13 02:32 - 2013-12-10 14:51 - 00000000 ____D () C:\Users\Kevin\Desktop\Programme
2014-03-13 02:30 - 2014-01-18 21:04 - 00003334 _____ () C:\Windows\System32\Tasks\{96E09B51-3767-4369-B365-95C572CD4F5D}
2014-03-13 02:14 - 2014-03-13 02:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 02:13 - 2014-03-13 02:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 02:09 - 2013-12-10 14:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 01:58 - 2013-12-11 12:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-13 01:46 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Wudenu
2014-03-13 01:41 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Microsoft Games
2014-03-12 23:41 - 2014-03-10 01:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Onyx
2014-03-10 22:54 - 2013-12-27 04:57 - 00000000 ____D () C:\Users\Kevin\Downloads\2.Harry.Potter.und.die.Kammer.des.Schreckens-23thstreet
2014-03-10 16:06 - 2014-03-10 16:02 - 86944409 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part11.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part10.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part09.rar
2014-03-10 16:06 - 2014-03-10 16:02 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part08.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part07.rar
2014-03-10 15:48 - 2014-03-10 15:43 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part06.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part05.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part04.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part03.rar
2014-03-10 15:47 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part02.rar
2014-03-10 15:46 - 2014-03-10 15:40 - 105906279 _____ () C:\Users\Kevin\Downloads\aoe-gravity_dvdscr.part01.rar
2014-03-10 04:21 - 2014-03-10 04:19 - 00000000 ____D () C:\Users\Kevin\Downloads\Der.Butler.German.DL.2013.AC3.BDRiP.XViD-KOC
2014-03-10 04:09 - 2014-03-10 03:43 - 524288093 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part4.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288081 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part3.rar
2014-03-10 04:09 - 2014-03-10 03:43 - 524288057 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part2.rar
2014-03-10 04:07 - 2014-03-10 03:43 - 524288034 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part1.rar
2014-03-10 03:57 - 2014-03-10 03:43 - 222763023 _____ () C:\Users\Kevin\Downloads\DBG21A3BRXO.part5.rar
2014-03-10 03:07 - 2014-03-10 03:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-09 20:47 - 2014-03-09 20:47 - 00000000 ____D () C:\Users\Kevin\Documents\Thief
2014-03-09 01:52 - 2014-03-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2014-03-07 17:31 - 2013-12-10 15:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Battle.net
2014-03-07 05:29 - 2013-12-11 23:03 - 00000596 _____ () C:\Users\Kevin\Desktop\Neues Textdokument.txt
2014-03-06 14:56 - 2014-03-06 14:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 14:56 - 2013-12-10 21:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 14:50 - 2014-03-06 14:50 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-03-03 06:39 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Agamdu
2014-03-03 04:50 - 2014-02-25 23:05 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Epymit
2014-03-02 23:41 - 2014-03-02 23:41 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Chromium
2014-03-01 05:39 - 2014-03-01 05:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-01 04:39 - 2014-03-01 04:39 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Awesomium
2014-03-01 04:38 - 2014-03-01 04:38 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-01 04:38 - 2013-12-10 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 01:02 - 2014-03-01 01:02 - 00003020 _____ () C:\Windows\System32\Tasks\{0AB74374-0385-0807-B05D-5863E26D732D}
2014-02-27 15:30 - 2014-02-27 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-27 15:26 - 2014-03-13 19:01 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Kevin\Desktop\TDSSKiller.exe
2014-02-25 21:15 - 2013-12-17 01:14 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yjquxu
2014-02-25 20:25 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yfucvo
2014-02-25 20:25 - 2013-12-10 14:27 - 00000000 ___RD () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 20:23 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Osyv
2014-02-25 20:11 - 2014-02-25 20:11 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 20:11 - 2014-02-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 20:00 - 2014-02-25 20:00 - 00013787 _____ () C:\Windows\SysWOW64\hs_err_pid3156.log
2014-02-25 19:40 - 2014-02-25 19:33 - 00000000 ____D () C:\Program Files (x86)\GUM9211.tmp
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-25 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-25 19:34 - 2014-02-25 19:33 - 49940480 _____ () C:\Program Files (x86)\GUT9212.tmp
2014-02-25 19:34 - 2013-12-10 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-25 19:33 - 2014-02-25 19:33 - 00019841 _____ () C:\Windows\SysWOW64\hs_err_pid200.log
2014-02-25 19:33 - 2013-12-10 14:32 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Deployment
2014-02-25 19:25 - 2013-12-10 14:15 - 00000000 ____D () C:\Windows\Panther
2014-02-25 17:47 - 2014-02-25 17:47 - 00019830 _____ () C:\Windows\SysWOW64\hs_err_pid1280.log
2014-02-25 11:41 - 2014-03-13 02:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 02:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-21 10:21 - 2014-03-11 00:31 - 00000000 ____D () C:\Users\Kevin\Downloads\Plague.Inc.Evolved.Early.Access.Cracked-3DM
2014-02-19 12:47 - 2014-02-19 12:47 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-16 22:50 - 2013-12-15 18:21 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-16 22:50 - 2013-12-11 12:55 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\avgnt.exe
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:20] - [2009-07-14 02:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-03-15 19:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Bis auf eine bestimmte Sache soweit schon:

Zwischendurch öffnet sich manchmal ganz schnell ein kleines weißes Fenster und ich hab im Task-Manager auf einmal den I-Net Explorer auf.
Jedoch nur unter "Prozesse". Zudem bekomme ich in Spielen unheimliche Spikes und die Verbindung bricht öfters ab.

Ansonsten super Arbeit.

Geändert von Hahpuh (18.03.2014 um 05:02 Uhr)

Alt 18.03.2014, 11:23   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Standard

Windows 7: Verdacht auf Trojaner (Probleme über Probleme)



Adobe updaten, unbedingt Windows updaten, da fehlt ein ganzes Servicepack.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Kevin\AppData\Local\UZRmedia
HKU\S-1-5-21-2747213580-207876330-2301896138-1000\...\Run: [UZRmedia] - regsvr32.exe C:\Users\Kevin\AppData\Local\UZRmedia\Hidnet24.dll <===== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Verdacht auf Trojaner (Probleme über Probleme)
4d36e972-e325-11ce-bfc1-08002be10318, antivirus, branding, computer, desktop, dxgkrnl, fehler, flash player, help, homepage, installation, langsam, launch, mobogenie, mobogenie entfernen, realtek, registry, rootkit, scan, security, software, spielen, svchost.exe, system, taskmanager, teamspeak, tunnel, usb, win32/boaxxe.be, win32/packed.vmprotect.abd, win32/sefnit.cw



Ähnliche Themen: Windows 7: Verdacht auf Trojaner (Probleme über Probleme)


  1. Malwarebytes zeigt über 20 Probleme an
    Log-Analyse und Auswertung - 18.08.2015 (9)
  2. Win 7 / Verdacht auf Virus / Probleme mit Benutzerprofildienst /
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (16)
  3. PC lahmt, Spiele hacken, stürzen ab, Verdacht: Winmsg Balloon und andere Probleme
    Log-Analyse und Auswertung - 11.12.2014 (8)
  4. Zahlreiche Probleme mit Win 7 Explorer, Booten, Maus, Tastatur - Malware-Verdacht
    Log-Analyse und Auswertung - 14.07.2014 (17)
  5. Verdacht auf Trojaner > Java Probleme?
    Log-Analyse und Auswertung - 22.05.2014 (4)
  6. Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)
    Log-Analyse und Auswertung - 09.11.2013 (12)
  7. Probleme java über Secunia PSI zu updaten
    Diskussionsforum - 01.04.2013 (0)
  8. Probleme java über Secunia PSI zu updaten
    Antiviren-, Firewall- und andere Schutzprogramme - 17.03.2013 (0)
  9. Seid Win 7 Update Extreme Ping Probleme. Verdacht auf Virus
    Log-Analyse und Auswertung - 21.01.2010 (0)
  10. Probleme mit Programmen und CDs(starker Verdacht auf Virus)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2009 (0)
  11. trojaner über studivz-nachricht erhalten, sowie diverse andere probleme
    Log-Analyse und Auswertung - 19.03.2009 (4)
  12. Probleme beim Entfernen von Minibug und Verdacht auf Verseuchung
    Log-Analyse und Auswertung - 06.02.2008 (1)
  13. Tojaner Verdacht - probleme mit Outlook
    Log-Analyse und Auswertung - 04.09.2007 (1)
  14. Need Help! Probleme über Probleme ...
    Log-Analyse und Auswertung - 22.12.2006 (5)
  15. Probleme mit windows? wegen trojaner??
    Plagegeister aller Art und deren Bekämpfung - 02.02.2005 (11)
  16. Probleme mit Internetverbindung über DSL-Router
    Log-Analyse und Auswertung - 13.11.2004 (19)
  17. Trojaner in Quarantäne und Probleme mit Windows XP
    Log-Analyse und Auswertung - 31.10.2004 (2)

Zum Thema Windows 7: Verdacht auf Trojaner (Probleme über Probleme) - Sehr geehrtes Team vom Trojaner-Board, mein Computer spackt seit einer geraumen Zeit völlig rum. Normalerweise versuche ich meine Probleme einfach mir einer neu aufsetzten zu beheben, jedoch bin ich es - Windows 7: Verdacht auf Trojaner (Probleme über Probleme)...
Archiv
Du betrachtest: Windows 7: Verdacht auf Trojaner (Probleme über Probleme) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.