Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 05.07.2014, 20:30   #1
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Einen schönen guten Abend!

Auch ich bin neu hier und hoffe, dass ich nicht allzuviel falsch mache. Man möge es mir verzeihen, ich tu mein bestes.

Eine kurze Schilderung meines Problems:
Seit ein paar Tagen bekomme ich von Antivir folgende Fundmeldung: TR/Crypt.EPack.20167
Ausserdem wurde der Echtzeit-Scanner von Antivir einfach lahm gelegt Der Schirm ist geschlossen und ich habe keine Möglichkeit diesen wieder aufzubekommen.

Die File von Avira
Code:
ATTFilter
Exportierte Ereignisse:

05.07.2014 20:07 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.20167' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei konnte nicht gelöscht werden!
      Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche 
      Ursache: Zugriff verweigert
      .
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

04.07.2014 22:48 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.20167' 
      [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
      Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche 
      Ursache: Die Syntax für den Dateinamen, Verzeichnisnamen oder die 
      Datenträgerbezeichnung ist falsch.
      .
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

04.07.2014 22:01 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.20167' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei konnte nicht gelöscht werden!
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
      Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche 
      Ursache: Die Syntax für den Dateinamen, Verzeichnisnamen oder die 
      Datenträgerbezeichnung ist falsch.
      .
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
         

die Logfile von Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 05.07.2014
Scan Time: 20:37:03
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.05.09
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Petra

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271492
Time Elapsed: 7 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.FakeMS.ED, C:\Windows\Installer\{FD96938D-59C0-7E40-DB99-7C55344713F7}\syshost.exe, Quarantined, [faf348531f5c5cdaad92048540c16d93], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
Ich habe OTL mal durchlaufenlassen.
Code:
ATTFilter
OTL logfile created on: 05.07.2014 20:48:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Petra\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,72% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 110,68 Gb Free Space | 74,38% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 140,42 Gb Free Space | 94,31% Space Free | Partition Type: NTFS
 
Computer Name: PETRA-TOSH | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Petra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll ()
MOD - C:\Users\Petra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\de8525cc2e6327337e1c6917352bfe16\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e791f7aea04b8d379f6dbaadb5fdeb96\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e1adf6b481f5120153829fa54ee8a041\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\81282964925798589021d3e0e6de779f\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c69c5877e9c9033a6dc6dd35ef20a896\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (cfc5f97f2a26d049) -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fptb) -- C:\Windows\SysNative\drivers\jhbwb.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (cfc5f97f2a26d049) -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\DRIVERS\rtl8192se.sys ()
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys ()
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\DRIVERS\stexstor.sys ()
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {13BDDD78-C0FD-4305-B88B-FB85774CD20E}
IE:64bit: - HKLM\..\SearchScopes\{13BDDD78-C0FD-4305-B88B-FB85774CD20E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0903EB8A-909A-424D-8AEE-1F3A4190026B}
IE - HKLM\..\SearchScopes\{0903EB8A-909A-424D-8AEE-1F3A4190026B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes,DefaultScope = {0903EB8A-909A-424D-8AEE-1F3A4190026B}
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes\{88E2EDE3-79A1-41F8-873F-FCDEB8B3656F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes\{B994B10A-6731-49FB-B606-B5D30A86B333}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\..\SearchScopes\{CE5073C8-54DA-4E33-B360-4C75035313C7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {0903EB8A-909A-424D-8AEE-1F3A4190026B}
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{88E2EDE3-79A1-41F8-873F-FCDEB8B3656F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{B994B10A-6731-49FB-B606-B5D30A86B333}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{CE5073C8-54DA-4E33-B360-4C75035313C7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010.05.10 12:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.05.10 12:24:14 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-624067999-1713132423-900167343-1000..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5811A37-8141-4A57-B3AE-DDEAFABD2AB7}: DhcpNameServer = 192.168.10.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD67CB74-22FD-4DAE-887A-E076197FFC8A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.07.05 20:45:23 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\jhbwb.sys
[2014.07.05 20:36:00 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.05 20:35:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2014.07.05 20:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.07.05 20:30:50 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.07.05 20:30:50 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.07.05 20:30:50 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.07.05 20:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.07.05 20:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.07.05 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Programs
[2014.07.04 21:12:03 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.07.04 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Avira
[2014.07.04 21:09:24 | 000,130,584 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.07.04 21:09:24 | 000,117,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.07.04 21:09:24 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.07.04 21:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.07.04 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.07.04 21:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.07.04 21:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.07.03 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\Petra\Desktop\Unterlagen
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.07.05 20:45:23 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\jhbwb.sys
[2014.07.05 20:36:15 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.05 20:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2014.07.05 20:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.05 20:30:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.07.05 20:21:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.05 20:21:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.05 20:20:42 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.07.05 20:20:42 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.07.05 20:20:42 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.07.05 20:20:42 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.07.05 20:20:42 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.07.05 20:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.05 20:13:15 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.04 21:10:46 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.07.04 21:07:16 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.06.24 20:39:06 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.06.24 20:39:06 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.06.24 20:39:06 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.06.23 19:18:10 | 000,042,944 | ---- | M] () -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys
[2014.06.16 08:08:34 | 443,683,667 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.07.05 20:30:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.07.04 21:07:16 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.06.23 19:18:10 | 000,042,944 | ---- | C] () -- C:\Windows\SysNative\drivers\cfc5f97f2a26d049.sys
[2012.08.26 16:00:12 | 000,004,096 | -H-- | C] () -- C:\Users\Petra\AppData\Local\keyfile3.drm
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.02.18 10:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.03 09:26:15 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Toshiba
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 05.07.2014 20:48:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Petra\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,72% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 110,68 Gb Free Space | 74,38% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 140,42 Gb Free Space | 94,31% Space Free | Partition Type: NTFS
 
Computer Name: PETRA-TOSH | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{109B2C6C-AB7F-443C-8E3E-7A434D2C9955}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{276A1D66-C895-4206-B097-2D96039CFF38}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2DAC4AB2-DEA7-47E6-AB78-C6C1E6D19D04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E667582-C38C-4DDE-965B-4B793FABF16B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3FEC5994-BAB2-40DA-8E7C-F01EAC6F2504}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{53635898-6D8F-4537-B448-1B0756D0ED15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{602E4E88-B29A-4528-B324-2149657E288E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{64F068D4-593B-4063-A418-734046617E11}" = rport=137 | protocol=17 | dir=out | app=system | 
"{873051A5-FF79-4119-B8A1-F1CD35BD07F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8809638D-8BFF-4E5E-8426-2E740195BE1D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9C9CFCD7-4EA5-421B-B316-796F62C6F44C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A025E06D-4B1B-45FD-B5CD-1B7A372970E4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A676B5C7-6B83-443B-8BB3-0B6C7B4FB159}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AAB3A406-B493-4D1D-88C0-1F5CC9296CD2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD55B909-D6FF-4059-93A7-1F2750E4C207}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B63DC4A8-8F3D-4F83-B349-ACF17CF1CA34}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B892C93C-C85C-4067-B1BA-055319B8985D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C2910B00-6A9F-4D4C-99AD-DE094656917E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D11AEF6B-F864-4E79-BE5A-543D7D117598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D56541F3-C524-4552-BE75-FB429A0CB469}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D6B08C18-6BAD-4B6C-8FF8-76A9C86A5F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E319E632-8AF1-48E9-AA66-DE1408E3E554}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E6648022-02B6-49CF-9CD9-EB5EE5C6120A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F14BCC1B-FDED-45A5-9A10-075800ACEBF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE23F89F-EC21-40B0-B135-12619A497178}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE883B3-4B7C-4CC6-9D5F-9DB8C439EBFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{104F8583-FC33-4A0F-AD3B-21A07A3FFB2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10912587-6A6B-476E-96B8-0CB66A531C38}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{24C31B07-D943-4C8F-BB28-558A0C804B9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{30719CDF-EE6E-4FB8-9BED-D9E1D9275BFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3FA4838E-48F7-47BC-A7E8-35E694405C0F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{486ADA0E-5FA4-4C00-BA8E-4B91CD91D841}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{5511310E-F968-4BC3-9F73-468D98E2A6EB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CE520AD-6076-4352-89B5-F8111BB6E7E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{888CBF6E-8FFB-42D3-896A-94315AF9620E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9039DCE0-4CDB-402D-8D2E-C8A8C851793A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9EC4F112-0C4D-4332-B15A-2F6CBF7C5DA9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A8FCF0F8-D2DB-488C-82A0-A613563956F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1C1FCB2-527F-4595-8393-F0349181289D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2497EF8-3948-46B3-A9B4-3041F75C2479}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C50ED391-CD10-4B7F-AC14-5563CD6A1F6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBD58DA6-69E5-40E3-B812-E29C8E0F0AC2}" = dir=out | name=core networking - system ip core | 
"{D6B7A3FB-A3C7-4E29-BEA7-09196C9F8BF0}" = dir=in | name=core networking - system ip core | 
"{D79186DE-CDAB-43CC-9E83-C93BC379EE39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3B14D8C-A422-4561-9C7F-DF85FA5D685B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB26434B-88D7-4B16-AD13-32941CF129E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EF494F9F-404E-42B2-BFAA-D64F98F58FA4}" = protocol=6 | dir=out | app=system | 
"{F44875D8-E5D5-48D5-93C6-40DD3423DE81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F527B875-C53D-42BD-B179-E886C2FCE362}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{F692D3B6-6178-491F-B4D6-127291FA14D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61D4B846-49F8-2639-A4EB-977875265F37}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89505FE0-A07E-928A-42F4-DA1B2788C01B}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}" = CCC Help Korean
"{04DE4606-6C76-A25C-BD13-646479CE1A5C}" = CCC Help Russian
"{058E65E2-AFC2-8974-43A2-1EA5A4A53471}" = ccc-core-static
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A81056-303F-A212-191D-35310DE5759F}" = CCC Help English
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0AA381AC-7BBB-5B29-836C-5E13BB91154A}" = CCC Help Hungarian
"{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}" = Catalyst Control Center Localization All
"{162E46EB-F7C6-4B01-2384-349980B3F1BF}" = Catalyst Control Center Core Implementation
"{16622EEF-D159-3EB8-0EE3-F01B98317CED}" = CCC Help Swedish
"{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}" = TOSHIBA ConfigFree
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C0526C4-478A-9066-F37A-E58F08A21FE9}" = Catalyst Control Center Graphics Full New
"{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}" = CCC Help Danish
"{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}" = CCC Help French
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24642C6B-1F1F-362F-6A7F-14C75C9EE603}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{313B4B6B-61B3-5F70-647B-E6285A9D81DF}" = CCC Help Spanish
"{3264BE02-6AC0-96B3-A212-392A850D58CA}" = CCC Help German
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{356ECF26-71E8-4F4A-A197-59C91657DD43}" = Avira
"{35a33a96-0edd-4bcb-ab72-e736eb49ef5d}" = Nero 9 Essentials
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CB58AB7-6750-F510-F055-27FA68D77472}" = CCC Help Dutch
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{53007195-C491-23E9-D420-EDAB61E57609}" = CCC Help Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}" = Catalyst Control Center Graphics Full Existing
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A8941B-6E97-B11C-1B10-C3370E4CC885}" = Catalyst Control Center Graphics Previews Common
"{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}" = CCC Help Chinese Traditional
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6CDB6681-B777-4DAD-412E-7933B9296850}" = CCC Help Greek
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}" = Catalyst Control Center InstallProxy
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85010422-4932-6A9E-C222-A994DA299C81}" = CCC Help Portuguese
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}" = Avira
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}" = CCC Help Norwegian
"{9C6210BC-CF1C-E637-C74D-28612585CAD9}" = CCC Help Chinese Standard
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}" = CCC Help Italian
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BA28817B-738A-9284-D3D6-E973982AEF3B}" = Catalyst Control Center Graphics Previews Vista
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C58362EF-CABB-B475-065B-FD07C0D49770}" = CCC Help Czech
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}" = CCC Help Japanese
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E616437B-CE55-B463-ED6B-408E29A073CB}" = CCC Help Finnish
"{E718AAF4-CB80-9649-347E-C9A9803BE6D0}" = CCC Help Thai
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}" = Catalyst Control Center Graphics Light
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FF2609E3-194C-44DB-A34F-20D02103B5F1}" = Bing Bar Platform
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083890" = Zuma Deluxe
"WT083910" = Jewel Quest II
"WT083916" = Diner Dash 2 Restaurant Rescue
"WT083925" = Plants vs. Zombies
"WT083929" = Bejeweled 2 Deluxe
"WT083945" = FATE
"WT083958" = Penguins!
"WT083959" = Polar Bowler
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.04.2013 09:24:10 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 28.04.2013 08:09:29 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000773f
ID
 des fehlerhaften Prozesses: 0x3d4  Startzeit der fehlerhaften Anwendung: 0x01ce4307958fdbc1
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 79ff4f82-affc-11e2-9d74-00266c936d90
 
Error - 28.04.2013 23:54:17 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001909a
ID
 des fehlerhaften Prozesses: 0x4ec  Startzeit der fehlerhaften Anwendung: 0x01ce44093d3d3f78
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 76ac84b5-b080-11e2-9d74-00266c936d90
 
Error - 29.04.2013 00:56:37 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000016092
ID
 des fehlerhaften Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01ce448d397d8072
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 2bdd5b51-b089-11e2-9d74-00266c936d90
 
Error - 06.05.2013 06:56:18 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.6568.0,
 Zeitstempel: 0x42e178a5  Name des fehlerhaften Moduls: mso.dll, Version: 11.0.6568.0,
 Zeitstempel: 0x42e18ef6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0020cc83  ID des fehlerhaften
 Prozesses: 0x1a68  Startzeit der fehlerhaften Anwendung: 0x01ce4a4843bccbbf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Microsoft Shared\office11\mso.dll
Berichtskennung:
 93a6995f-b63b-11e2-8689-00266c936d90
 
Error - 06.05.2013 06:57:37 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.6568.0,
 Zeitstempel: 0x42e178a5  Name des fehlerhaften Moduls: mso.dll, Version: 11.0.6568.0,
 Zeitstempel: 0x42e18ef6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00038dac  ID des fehlerhaften
 Prozesses: 0x18ac  Startzeit der fehlerhaften Anwendung: 0x01ce4a485e91b4bf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Microsoft Shared\office11\mso.dll
Berichtskennung:
 c3140af6-b63b-11e2-8689-00266c936d90
 
Error - 06.05.2013 07:37:32 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.6565.0,
 Zeitstempel: 0x42cacc7d  Name des fehlerhaften Moduls: OUTLLIB.dll, Version: 11.0.6568.0,
 Zeitstempel: 0x42e176f8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025c6b  ID des fehlerhaften
 Prozesses: 0x19e8  Startzeit der fehlerhaften Anwendung: 0x01ce4a4cc39b2412  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLLIB.dll
Berichtskennung:
 5697a163-b641-11e2-8689-00266c936d90
 
Error - 08.05.2013 09:05:17 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.05.2013 09:05:40 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 08.05.2013 09:05:58 | Computer Name = Petra-TOSH | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 10.05.2013 00:47:46 | Computer Name = Petra-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000016092
ID
 des fehlerhaften Prozesses: 0x3ac  Startzeit der fehlerhaften Anwendung: 0x01ce4d312a50e64b
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: c1ada33f-b92c-11e2-a899-00266c936d90
 
[ System Events ]
Error - 05.07.2014 13:35:33 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 05.07.2014 13:35:33 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 05.07.2014 13:35:33 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 05.07.2014 13:36:51 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 05.07.2014 13:37:08 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 05.07.2014 14:09:07 | Computer Name = Petra-TOSH | Source = DCOM | ID = 10005
Description = 
 
Error - 05.07.2014 14:13:21 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 05.07.2014 14:14:05 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avipbb  avkmgr
 
Error - 05.07.2014 14:36:00 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%31
 
Error - 05.07.2014 14:36:15 | Computer Name = Petra-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%31
 
 
< End of report >
         

Alt 05.07.2014, 21:06   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.07.2014, 21:29   #3
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



So ich habe deine Anweisungen befolgt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Petra (administrator) on PETRA-TOSH on 05-07-2014 22:24:51
Running from C:\Users\Petra\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe [243032 2010-03-04] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-624067999-1713132423-900167343-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-624067999-1713132423-900167343-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = 
SearchScopes: HKCU - {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = 
SearchScopes: HKCU - {88E2EDE3-79A1-41F8-873F-FCDEB8B3656F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {B994B10A-6731-49FB-B606-B5D30A86B333} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-05-10]

==================== Services (Whitelisted) =================

Locked "cfc5f97f2a26d049" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\Windows\system32\DRIVERS\1394ohci.sys [227840 2009-07-14] () [File not signed]
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] () [File not signed]
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] () [File not signed]
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] () [File not signed]
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] () [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] () [File not signed]
S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] () [File not signed]
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] () [File not signed]
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] () [File not signed]
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] () [File not signed]
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6659072 2010-04-27] () [File not signed]
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [195584 2010-04-26] () [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] () [File not signed]
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] () [File not signed]
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6659072 2010-04-27] () [File not signed]
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] () [File not signed]
U5 cfc5f97f2a26d049; C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys [42944 2014-06-23] () <===== ATTENTION Necurs Rootkit?
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] () [File not signed]
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT64.sys [724536 2010-03-31] () [File not signed]
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\system32\DRIVERS\CompositeBus.sys [38912 2009-07-14] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2009-10-02] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] () [File not signed]
U0 fptb; C:\Windows\System32\drivers\jhbwb.sys [79064 2014-07-05] (Malwarebytes Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] () [File not signed]
R3 FwLnk; C:\Windows\system32\DRIVERS\FwLnk.sys [9216 2009-07-07] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] () [File not signed]
R3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] () [File not signed]
R3 i8042prt; C:\Windows\system32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [538136 2010-01-15] () [File not signed]
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153160 2009-12-11] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [75304 2010-02-22] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2010-02-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [286720 2010-02-27] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2010-02-27] () [File not signed]
R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-14] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\system32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] () [File not signed]
R0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [35008 2009-06-22] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [232992 2010-02-01] () [File not signed]
R3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1103904 2010-04-27] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-10-10] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [464896 2009-12-08] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162304 2009-12-08] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [316464 2010-03-10] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] () [File not signed]
R3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [27784 2009-07-30] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\system32\DRIVERS\termdd.sys [62544 2009-07-14] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] () [File not signed]
R0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] () [File not signed]
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [14472 2009-06-19] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51712 2009-12-04] () [File not signed]
R3 usbhub; C:\Windows\system32\DRIVERS\usbhub.sys [343040 2009-12-04] () [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [25600 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] () [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184576 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
R0 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-05 22:24 - 2014-07-05 22:25 - 00039848 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-05 22:24 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 21:11 - 2014-07-05 21:24 - 00004312 _____ () C:\Users\Petra\Desktop\AviraEreignisse.txt
2014-07-05 20:55 - 2014-07-05 20:55 - 00062576 _____ () C:\Users\Petra\Desktop\Extras2.Txt
2014-07-05 20:54 - 2014-07-05 20:54 - 00073740 _____ () C:\Users\Petra\Desktop\OTL2.Txt
2014-07-05 20:53 - 2014-07-05 20:53 - 00062576 _____ () C:\Users\Petra\Desktop\Extras.Txt
2014-07-05 20:52 - 2014-07-05 20:52 - 00073740 _____ () C:\Users\Petra\Desktop\OTL.Txt
2014-07-05 20:46 - 2014-07-05 20:46 - 00001151 _____ () C:\Users\Petra\Desktop\mbam.txt
2014-07-05 20:45 - 2014-07-05 20:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jhbwb.sys
2014-07-05 20:36 - 2014-07-05 20:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 20:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 20:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 21:12 - 2014-07-04 21:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:09 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 21:07 - 2014-07-04 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:05 - 2014-07-03 09:15 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-23 19:18 - 2014-06-23 19:18 - 00042944 _____ () C:\Windows\system32\Drivers\cfc5f97f2a26d049.sys
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp

==================== One Month Modified Files and Folders =======

2014-07-05 22:25 - 2014-07-05 22:24 - 00039848 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-05 22:24 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 22:20 - 2009-07-14 06:51 - 00319380 _____ () C:\Windows\setupact.log
2014-07-05 21:32 - 2012-06-18 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 21:24 - 2014-07-05 21:11 - 00004312 _____ () C:\Users\Petra\Desktop\AviraEreignisse.txt
2014-07-05 21:05 - 2011-12-02 06:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C71483C9-395E-4E5F-99DC-10583995EFF5}
2014-07-05 20:55 - 2014-07-05 20:55 - 00062576 _____ () C:\Users\Petra\Desktop\Extras2.Txt
2014-07-05 20:54 - 2014-07-05 20:54 - 00073740 _____ () C:\Users\Petra\Desktop\OTL2.Txt
2014-07-05 20:53 - 2014-07-05 20:53 - 00062576 _____ () C:\Users\Petra\Desktop\Extras.Txt
2014-07-05 20:52 - 2014-07-05 20:52 - 00073740 _____ () C:\Users\Petra\Desktop\OTL.Txt
2014-07-05 20:46 - 2014-07-05 20:46 - 00001151 _____ () C:\Users\Petra\Desktop\mbam.txt
2014-07-05 20:45 - 2014-07-05 20:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jhbwb.sys
2014-07-05 20:45 - 2010-11-12 19:32 - 00000000 ____D () C:\Windows\OemDrv
2014-07-05 20:36 - 2014-07-05 20:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-05 20:21 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 20:21 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 20:20 - 2009-07-14 19:58 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-07-05 20:20 - 2009-07-14 19:58 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-07-05 20:20 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 20:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 22:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 22:02 - 2011-12-02 06:30 - 00252320 _____ () C:\Windows\PFRO.log
2014-07-04 21:15 - 2010-11-12 19:11 - 01251337 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:10 - 2014-07-04 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:10 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:15 - 2014-07-03 09:05 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-24 20:39 - 2014-07-04 21:09 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-23 19:18 - 2014-06-23 19:18 - 00042944 _____ () C:\Windows\system32\Drivers\cfc5f97f2a26d049.sys
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp
2014-06-16 08:08 - 2011-12-11 19:40 - 443683667 _____ () C:\Windows\MEMORY.DMP
2014-06-16 08:08 - 2011-12-11 19:40 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\AskSLib.dll
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate11.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 01:20] - [2009-07-14 03:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-01 10:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Petra at 2014-07-05 22:25:16
Running from C:\Users\Petra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version:  - Amazon EU S.a.r.L.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1401.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 5.0.1399.0 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0426.2136.36953 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help English (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help French (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help German (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0426.2136.36953 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 2.0.271.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Nero 9 Essentials (HKLM-x32\...\{35a33a96-0edd-4bcb-ab72-e736eb49ef5d}) (Version:  - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero Express Help (x32 Version: 9.4.34.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.25002 - Nero AG)
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.34.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Photo Service - powered by myphotobook (x32 Version: 1.0.7 - myphotobook GmbH) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.152 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}) (Version: 8.0.29 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {27C27DD4-C68A-4ED0-86E0-52EB04A61BC2} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {DEB799E3-76C2-4E97-9052-3A6C656EEC58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-07-14 01:19 - 2009-07-14 03:40 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-03-17 17:01 - 2010-03-17 17:01 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-03-09 14:31 - 2010-03-09 14:31 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-10 12:06 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-12 19:16 - 2010-11-12 19:16 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-30 12:05 - 2014-06-30 12:05 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-04 21:10 - 2014-06-30 12:08 - 00049744 _____ () C:\Users\Petra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: avkmgr
Description: avkmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avkmgr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7600.16385

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x13f4
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3

Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (07/05/2014 10:21:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (07/05/2014 08:36:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/05/2014 08:36:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/05/2014 08:14:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb
avkmgr

Error: (07/05/2014 08:13:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/05/2014 08:09:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MDM{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (07/05/2014 07:37:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/05/2014 07:36:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/05/2014 07:35:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/05/2014 07:35:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7600.16385

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d6e801cf988e8aa72017C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc908938c-0481-11e4-acf2-00266c936d90

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d13f401cf988e8a9d9a95C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc906322b-0481-11e4-acf2-00266c936d90

Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2

Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2

Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 19:17:42.923
  Description: N/A

  Date: 2014-06-23 19:17:42.912
  Description: N/A


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3958.84 MB
Available physical RAM: 2282.5 MB
Total Pagefile: 7915.83 MB
Available Pagefile: 5910 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:148.81 GB) (Free:110.64 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.88 GB) (Free:140.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 316FAB32)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 05.07.2014, 21:37   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Hi,

Code:
ATTFilter
Locked "cfc5f97f2a26d049" service could not be unlocked. 
U5 cfc5f97f2a26d049; C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys [42944 2014-06-23]
         
Du hast Necurs auf der Platte. Kein Grund zur Panik, wohl aber sind ab jetzt sensible Logins von diesem PC bis zum >clean< "untersagt". Wenn Du online-Banking, paypal etc. mit diesem PC gemacht hast, dann würde ich die Passwörter von einem anderen (sauberen) PC, Handy ändern.

Wir machen so weiter:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 05.07.2014, 22:00   #5
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Hi,

leider kann ich den scan nicht durchführen. Ich bekomme die Meldung: DDA Driver is not active.


Alt 05.07.2014, 22:11   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Mhmmm....

Wir haben noch mehr Pfeile im Köcher

Lade Dir bitte die exe-Datei runter. Evtl. Funde erstmal bitte "skippen".

Rootkit-Entfernung mit TDSSiller


Schritt 1
Lade Dir von hier TDSSKiller herunter und speichere die TDSSKiller.exe auf dem Desktop.


Schritt 2
Starte TDSSKiller mit einem Doppelklick und bestätige die Meldung der Benutzerkontensteuerung mit "Ja". TDSSKiller startet nun und sucht nach Updates. Sollte ein Update zur Verfügung stehen, klicke auf "Load Update".



Es wird die neueste Version heruntergeladen. Entpacke die Archivdatei auf dem Desktop. Öffne den Ordner und starte die TDSSKiller.exe (Analog Schritt 2)

Schritt 3
Bestätige die nachfolgenden Vereinbarungen mit "Accept" bis Du zur Programmoberfläche gelangst.




Klicke nun auf der Programmoberfläche auf "Change parameters" und setze die Haken unter "Additional options" wie auf dem Bild gezeigt und bestätige mit OK.



Schritt 4

Klicke nun auf "Start scan" und der Suchlauf wird gestartet.



Szenario 1: TDSSKiller findet keine Rootkits
In diesem Fall oben rechts auf "Report" klicken.
Den Inhalt des Textdateifensters mit "STRG+A" markieren, "STRG+C" kopiert den Text in den Zwischenspeicher.
Mit "STRG+V" kann der Text dann in Code-Tags als Antwort in den Thread gepostet werden.



Szenario 2: TDSSKiller findet Rootkits
In diesem Fall bitte unbedingt die Anweisungen der Helfer beachten.
In der Regel wird nach dem ersten Scan immer "Skip" ausgewählt und mit "Continue" bestätigt.
Anschließend dem Helfer über "Report" den Scanbericht posten.

__________________
--> Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167

Alt 05.07.2014, 22:45   #7
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Teil1
Code:
ATTFilter
23:15:27.0286 0x0ce8  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
23:15:27.0473 0x0ce8  ============================================================
23:15:27.0473 0x0ce8  Current date / time: 2014/07/05 23:15:27.0473
23:15:27.0473 0x0ce8  SystemInfo:
23:15:27.0473 0x0ce8  
23:15:27.0473 0x0ce8  OS Version: 6.1.7600 ServicePack: 0.0
23:15:27.0473 0x0ce8  Product type: Workstation
23:15:27.0473 0x0ce8  ComputerName: PETRA-TOSH
23:15:27.0473 0x0ce8  UserName: Petra
23:15:27.0473 0x0ce8  Windows directory: C:\Windows
23:15:27.0473 0x0ce8  System windows directory: C:\Windows
23:15:27.0473 0x0ce8  Running under WOW64
23:15:27.0473 0x0ce8  Processor architecture: Intel x64
23:15:27.0473 0x0ce8  Number of processors: 2
23:15:27.0473 0x0ce8  Page size: 0x1000
23:15:27.0473 0x0ce8  Boot type: Normal boot
23:15:27.0473 0x0ce8  ============================================================
23:15:27.0489 0x0ce8  BG loaded
23:15:28.0831 0x0ce8  System UUID: {9F2D0982-1853-3994-21CC-0E64B3CCC0DB}
23:15:31.0602 0x0ce8  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:15:31.0602 0x0ce8  ============================================================
23:15:31.0602 0x0ce8  \Device\Harddisk0\DR0:
23:15:31.0602 0x0ce8  MBR partitions:
23:15:31.0602 0x0ce8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x129A1000
23:15:31.0602 0x0ce8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A69800, BlocksNum 0x129C4AB0
23:15:31.0602 0x0ce8  ============================================================
23:15:32.0086 0x0ce8  C: <-> \Device\Harddisk0\DR0\Partition1
23:15:37.0015 0x0ce8  D: <-> \Device\Harddisk0\DR0\Partition2
23:15:37.0015 0x0ce8  ============================================================
23:15:37.0015 0x0ce8  Initialize success
23:15:37.0015 0x0ce8  ============================================================
23:17:19.0452 0x07b0  ============================================================
23:17:19.0452 0x07b0  Scan started
23:17:19.0452 0x07b0  Mode: Manual; SigCheck; TDLFS; 
23:17:19.0452 0x07b0  ============================================================
23:17:19.0452 0x07b0  KSN ping started
23:17:22.0072 0x07b0  KSN ping finished: true
23:17:24.0038 0x07b0  ================ Scan system memory ========================
23:17:24.0038 0x07b0  System memory - ok
23:17:24.0054 0x07b0  ================ Scan services =============================
23:17:24.0272 0x07b0  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:17:24.0366 0x07b0  1394ohci - ok
23:17:24.0412 0x07b0  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:17:24.0444 0x07b0  ACPI - ok
23:17:24.0475 0x07b0  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:17:24.0568 0x07b0  AcpiPmi - ok
23:17:24.0724 0x07b0  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:17:24.0756 0x07b0  AdobeFlashPlayerUpdateSvc - ok
23:17:24.0818 0x07b0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:17:24.0849 0x07b0  adp94xx - ok
23:17:24.0880 0x07b0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:17:24.0912 0x07b0  adpahci - ok
23:17:24.0927 0x07b0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:17:24.0943 0x07b0  adpu320 - ok
23:17:24.0990 0x07b0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:17:25.0114 0x07b0  AeLookupSvc - ok
23:17:25.0192 0x07b0  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
23:17:25.0270 0x07b0  AFD - ok
23:17:25.0348 0x07b0  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
23:17:25.0426 0x07b0  AgereSoftModem - ok
23:17:25.0458 0x07b0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:17:25.0473 0x07b0  agp440 - ok
23:17:25.0504 0x07b0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:17:25.0551 0x07b0  ALG - ok
23:17:25.0582 0x07b0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:17:25.0582 0x07b0  aliide - ok
23:17:25.0645 0x07b0  [ 61A18BCAF557CD6614309E4978B81056, 4481B4276E7F6790D7BF4D9DC3C172BCA037BF6A30D5CE4E0190585F669FA4EC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:17:25.0707 0x07b0  AMD External Events Utility - ok
23:17:25.0754 0x07b0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:17:25.0770 0x07b0  amdide - ok
23:17:25.0832 0x07b0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:17:25.0894 0x07b0  AmdK8 - ok
23:17:26.0191 0x07b0  [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:26.0503 0x07b0  amdkmdag - ok
23:17:26.0550 0x07b0  [ ED25D58581B5A28593C277F482FCCD62, EC20DF155BA3814A052DD4DB1B5C220A75E68B9D88518ED676A12CF70AF619F5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:17:26.0596 0x07b0  amdkmdap - ok
23:17:26.0612 0x07b0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:17:26.0659 0x07b0  AmdPPM - ok
23:17:26.0721 0x07b0  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
23:17:26.0737 0x07b0  amdsata - ok
23:17:26.0768 0x07b0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:17:26.0784 0x07b0  amdsbs - ok
23:17:26.0815 0x07b0  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
23:17:26.0830 0x07b0  amdxata - ok
23:17:27.0080 0x07b0  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:17:27.0111 0x07b0  AntiVirSchedulerService - ok
23:17:27.0174 0x07b0  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:17:27.0189 0x07b0  AntiVirService - ok
23:17:27.0236 0x07b0  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
23:17:27.0330 0x07b0  AppID - ok
23:17:27.0361 0x07b0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:17:27.0454 0x07b0  AppIDSvc - ok
23:17:27.0486 0x07b0  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
23:17:27.0564 0x07b0  Appinfo - ok
23:17:27.0595 0x07b0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:17:27.0610 0x07b0  arc - ok
23:17:27.0673 0x07b0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:17:27.0704 0x07b0  arcsas - ok
23:17:27.0720 0x07b0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:17:27.0798 0x07b0  AsyncMac - ok
23:17:27.0844 0x07b0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:17:27.0844 0x07b0  atapi - ok
23:17:28.0266 0x07b0  [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:28.0531 0x07b0  atikmdag - ok
23:17:29.0358 0x07b0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:17:29.0701 0x07b0  AudioEndpointBuilder - ok
23:17:30.0855 0x07b0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:17:30.0949 0x07b0  AudioSrv - ok
23:17:30.0996 0x07b0  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:17:31.0027 0x07b0  avgntflt - ok
23:17:31.0058 0x07b0  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:17:31.0074 0x07b0  avipbb - ok
23:17:31.0276 0x07b0  [ BC38AB90A166625BA160941D64906A65, 005E3CBB6F3ED8748B6A69DD5D0A8894973344F603CB6E46B551AB028119D8DC ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
23:17:31.0292 0x07b0  Avira.OE.ServiceHost - ok
23:17:31.0323 0x07b0  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:17:31.0339 0x07b0  avkmgr - ok
23:17:31.0370 0x07b0  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:17:31.0432 0x07b0  AxInstSV - ok
23:17:31.0495 0x07b0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:17:31.0557 0x07b0  b06bdrv - ok
23:17:31.0588 0x07b0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:17:31.0620 0x07b0  b57nd60a - ok
23:17:31.0666 0x07b0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:17:31.0713 0x07b0  BDESVC - ok
23:17:31.0744 0x07b0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:17:31.0807 0x07b0  Beep - ok
23:17:31.0900 0x07b0  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
23:17:31.0963 0x07b0  BFE - ok
23:17:32.0025 0x07b0  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
23:17:32.0119 0x07b0  BITS - ok
23:17:32.0150 0x07b0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:17:32.0181 0x07b0  blbdrive - ok
23:17:32.0197 0x07b0  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:17:32.0259 0x07b0  bowser - ok
23:17:32.0290 0x07b0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:17:32.0322 0x07b0  BrFiltLo - ok
23:17:32.0337 0x07b0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:17:32.0353 0x07b0  BrFiltUp - ok
23:17:32.0368 0x07b0  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
23:17:32.0446 0x07b0  Browser - ok
23:17:32.0462 0x07b0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:17:32.0493 0x07b0  Brserid - ok
23:17:32.0509 0x07b0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:17:32.0540 0x07b0  BrSerWdm - ok
23:17:32.0571 0x07b0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:17:32.0602 0x07b0  BrUsbMdm - ok
23:17:32.0602 0x07b0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:17:32.0634 0x07b0  BrUsbSer - ok
23:17:32.0649 0x07b0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:17:32.0696 0x07b0  BTHMODEM - ok
23:17:32.0727 0x07b0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:17:32.0790 0x07b0  bthserv - ok
23:17:32.0821 0x07b0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:17:32.0868 0x07b0  cdfs - ok
23:17:32.0899 0x07b0  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:17:32.0930 0x07b0  cdrom - ok
23:17:32.0961 0x07b0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:17:33.0024 0x07b0  CertPropSvc - ok
23:17:33.0039 0x07b0  Suspicious service (NoAccess): cfc5f97f2a26d049
23:17:33.0055 0x07b0  [ FDD39022F97C37337AEFE97E23BB0B7F, 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5 ] cfc5f97f2a26d049 C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys
23:17:33.0055 0x07b0  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys. md5: FDD39022F97C37337AEFE97E23BB0B7F, sha256: 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5
23:17:33.0070 0x07b0  cfc5f97f2a26d049 - detected Rootkit.Win32.Necurs.gen ( 0 )
23:17:35.0598 0x07b0  cfc5f97f2a26d049 ( Rootkit.Win32.Necurs.gen ) - infected
23:17:35.0598 0x07b0  Force sending object to P2P due to detect: cfc5f97f2a26d049
23:17:38.0156 0x07b0  Object send P2P result: true
23:17:40.0870 0x07b0  [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:17:40.0902 0x07b0  cfWiMAXService - ok
23:17:40.0933 0x07b0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:17:40.0980 0x07b0  circlass - ok
23:17:41.0042 0x07b0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:17:41.0089 0x07b0  CLFS - ok
23:17:41.0151 0x07b0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:41.0167 0x07b0  clr_optimization_v2.0.50727_32 - ok
23:17:41.0214 0x07b0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:17:41.0229 0x07b0  clr_optimization_v2.0.50727_64 - ok
23:17:41.0276 0x07b0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:17:41.0292 0x07b0  CmBatt - ok
23:17:41.0307 0x07b0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:17:41.0323 0x07b0  cmdide - ok
23:17:41.0370 0x07b0  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:17:41.0401 0x07b0  CNG - ok
23:17:41.0479 0x07b0  [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:17:41.0510 0x07b0  CnxtHdAudService - ok
23:17:41.0541 0x07b0  [ 89C99AB4AE9535F727791592D84D4821, 4DE537467CC39BF3532EDDA3FE0F054654B369D8BBA8B3356FA7D2E8CB374493 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys
23:17:41.0572 0x07b0  CnxtHdmiAudService - ok
23:17:41.0604 0x07b0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:17:41.0619 0x07b0  Compbatt - ok
23:17:41.0650 0x07b0  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:17:41.0682 0x07b0  CompositeBus - ok
23:17:41.0682 0x07b0  COMSysApp - ok
23:17:41.0728 0x07b0  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:17:41.0728 0x07b0  ConfigFree Service - ok
23:17:41.0744 0x07b0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:17:41.0760 0x07b0  crcdisk - ok
23:17:41.0806 0x07b0  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:17:41.0869 0x07b0  CryptSvc - ok
23:17:41.0916 0x07b0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:17:41.0994 0x07b0  DcomLaunch - ok
23:17:42.0040 0x07b0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:17:42.0103 0x07b0  defragsvc - ok
23:17:42.0134 0x07b0  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:17:42.0196 0x07b0  DfsC - ok
23:17:42.0243 0x07b0  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:17:42.0306 0x07b0  Dhcp - ok
23:17:42.0337 0x07b0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:17:42.0384 0x07b0  discache - ok
23:17:42.0415 0x07b0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:17:42.0446 0x07b0  Disk - ok
23:17:42.0493 0x07b0  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:17:42.0571 0x07b0  Dnscache - ok
23:17:42.0618 0x07b0  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:17:42.0680 0x07b0  dot3svc - ok
23:17:42.0696 0x07b0  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
23:17:42.0742 0x07b0  DPS - ok
23:17:42.0789 0x07b0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:17:42.0820 0x07b0  drmkaud - ok
23:17:42.0883 0x07b0  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:17:42.0914 0x07b0  DXGKrnl - ok
23:17:42.0961 0x07b0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:17:43.0023 0x07b0  EapHost - ok
23:17:43.0164 0x07b0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:17:43.0413 0x07b0  ebdrv - ok
23:17:43.0444 0x07b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
23:17:43.0476 0x07b0  EFS - ok
23:17:43.0538 0x07b0  [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:17:43.0616 0x07b0  ehRecvr - ok
23:17:43.0663 0x07b0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:17:43.0694 0x07b0  ehSched - ok
23:17:43.0741 0x07b0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:17:43.0772 0x07b0  elxstor - ok
23:17:43.0788 0x07b0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:17:43.0834 0x07b0  ErrDev - ok
23:17:43.0959 0x07b0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:17:44.0037 0x07b0  EventSystem - ok
23:17:44.0053 0x07b0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:17:44.0115 0x07b0  exfat - ok
23:17:44.0131 0x07b0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:17:44.0193 0x07b0  fastfat - ok
23:17:44.0271 0x07b0  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
23:17:44.0334 0x07b0  Fax - ok
23:17:44.0349 0x07b0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:17:44.0365 0x07b0  fdc - ok
23:17:44.0380 0x07b0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:17:44.0443 0x07b0  fdPHost - ok
23:17:44.0458 0x07b0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:17:44.0490 0x07b0  FDResPub - ok
23:17:44.0521 0x07b0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:17:44.0521 0x07b0  FileInfo - ok
23:17:44.0536 0x07b0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:17:44.0583 0x07b0  Filetrace - ok
23:17:44.0614 0x07b0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:17:44.0630 0x07b0  flpydisk - ok
23:17:44.0661 0x07b0  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:17:44.0677 0x07b0  FltMgr - ok
23:17:44.0739 0x07b0  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
23:17:44.0848 0x07b0  FontCache - ok
23:17:44.0911 0x07b0  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:17:44.0911 0x07b0  FontCache3.0.0.0 - ok
23:17:44.0926 0x07b0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:17:44.0942 0x07b0  FsDepends - ok
23:17:44.0973 0x07b0  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:17:44.0989 0x07b0  Fs_Rec - ok
23:17:45.0004 0x07b0  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:17:45.0004 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: B8B2A6E1558F8F5DE5CE431C5B2C7B09, sha256: 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3
23:17:45.0004 0x07b0  fvevol - detected LockedFile.Multi.Generic ( 1 )
23:17:47.0454 0x07b0  Detect skipped due to KSN trusted
23:17:47.0454 0x07b0  fvevol - ok
23:17:47.0532 0x07b0  [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
23:17:47.0563 0x07b0  FwLnk - ok
23:17:47.0594 0x07b0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:17:47.0594 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
23:17:47.0594 0x07b0  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
23:17:50.0043 0x07b0  Detect skipped due to KSN trusted
23:17:50.0043 0x07b0  gagp30kx - ok
23:17:50.0168 0x07b0  [ 1A0B9D84BEB3306F728BC3009D432F5C, 66BCE24D679A312148141F55D0F10BD0F771261CC481B81D6921448CA77F0974 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
23:17:50.0199 0x07b0  GameConsoleService - ok
23:17:50.0246 0x07b0  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:17:50.0308 0x07b0  gpsvc - ok
23:17:50.0340 0x07b0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:17:50.0386 0x07b0  hcw85cir - ok
23:17:50.0433 0x07b0  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:17:50.0433 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12, sha256: 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5
23:17:50.0433 0x07b0  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
23:17:52.0882 0x07b0  Detect skipped due to KSN trusted
23:17:52.0882 0x07b0  HdAudAddService - ok
23:17:52.0960 0x07b0  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:17:52.0960 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0A49913402747A0B67DE940FB42CBDBB, sha256: 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83
23:17:52.0960 0x07b0  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
23:17:55.0394 0x07b0  Detect skipped due to KSN trusted
23:17:55.0394 0x07b0  HDAudBus - ok
23:17:55.0488 0x07b0  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:17:55.0488 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
23:17:55.0488 0x07b0  HECIx64 - detected LockedFile.Multi.Generic ( 1 )
23:17:57.0953 0x07b0  Detect skipped due to KSN trusted
23:17:57.0953 0x07b0  HECIx64 - ok
23:17:58.0015 0x07b0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:17:58.0015 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
23:17:58.0015 0x07b0  HidBatt - detected LockedFile.Multi.Generic ( 1 )
23:18:00.0449 0x07b0  Detect skipped due to KSN trusted
23:18:00.0449 0x07b0  HidBatt - ok
23:18:00.0495 0x07b0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:18:00.0495 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
23:18:00.0495 0x07b0  HidBth - detected LockedFile.Multi.Generic ( 1 )
23:18:02.0929 0x07b0  Detect skipped due to KSN trusted
23:18:02.0929 0x07b0  HidBth - ok
23:18:02.0976 0x07b0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:18:02.0976 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
23:18:02.0976 0x07b0  HidIr - detected LockedFile.Multi.Generic ( 1 )
23:18:05.0425 0x07b0  Detect skipped due to KSN trusted
23:18:05.0425 0x07b0  HidIr - ok
23:18:05.0472 0x07b0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:18:05.0550 0x07b0  hidserv - ok
23:18:05.0581 0x07b0  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:18:05.0581 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: B3BF6B5B50006DEF50B66306D99FCF6F, sha256: D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417
23:18:05.0581 0x07b0  HidUsb - detected LockedFile.Multi.Generic ( 1 )
23:18:08.0030 0x07b0  Detect skipped due to KSN trusted
23:18:08.0030 0x07b0  HidUsb - ok
23:18:08.0077 0x07b0  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:18:08.0155 0x07b0  hkmsvc - ok
23:18:08.0186 0x07b0  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:18:08.0217 0x07b0  HomeGroupListener - ok
23:18:08.0249 0x07b0  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:18:08.0280 0x07b0  HomeGroupProvider - ok
23:18:08.0342 0x07b0  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:18:08.0342 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886D440058F203EBA0E1825E4355914, sha256: BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070
23:18:08.0342 0x07b0  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
23:18:10.0791 0x07b0  Detect skipped due to KSN trusted
23:18:10.0791 0x07b0  HpSAMD - ok
23:18:10.0901 0x07b0  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:18:10.0901 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: CEE049CAC4EFA7F4E1E4AD014414A5D4, sha256: 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D
23:18:10.0901 0x07b0  HTTP - detected LockedFile.Multi.Generic ( 1 )
23:18:13.0334 0x07b0  Detect skipped due to KSN trusted
23:18:13.0334 0x07b0  HTTP - ok
23:18:13.0381 0x07b0  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:18:13.0381 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: F17766A19145F111856378DF337A5D79, sha256: FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62
23:18:13.0381 0x07b0  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
23:18:15.0846 0x07b0  Detect skipped due to KSN trusted
23:18:15.0846 0x07b0  hwpolicy - ok
23:18:15.0893 0x07b0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:18:15.0893 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
23:18:15.0893 0x07b0  i8042prt - detected LockedFile.Multi.Generic ( 1 )
23:18:19.0371 0x07b0  Detect skipped due to KSN trusted
23:18:19.0371 0x07b0  i8042prt - ok
23:18:19.0465 0x07b0  [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:18:19.0465 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 85977CD13FC16069CE0AF7943A811775, sha256: 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990
23:18:19.0481 0x07b0  iaStor - detected LockedFile.Multi.Generic ( 1 )
23:18:21.0930 0x07b0  Detect skipped due to KSN trusted
23:18:21.0930 0x07b0  iaStor - ok
23:18:21.0992 0x07b0  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
23:18:21.0992 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorV.sys. md5: D83EFB6FD45DF9D55E9A1AFC63640D50, sha256: 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B
23:18:22.0008 0x07b0  iaStorV - detected LockedFile.Multi.Generic ( 1 )
23:18:24.0551 0x07b0  Detect skipped due to KSN trusted
23:18:24.0551 0x07b0  iaStorV - ok
23:18:24.0644 0x07b0  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:18:24.0675 0x07b0  idsvc - ok
23:18:24.0707 0x07b0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:18:24.0707 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
23:18:24.0707 0x07b0  iirsp - detected LockedFile.Multi.Generic ( 1 )
23:18:27.0140 0x07b0  Detect skipped due to KSN trusted
23:18:27.0140 0x07b0  iirsp - ok
23:18:27.0249 0x07b0  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:18:27.0327 0x07b0  IKEEXT - ok
23:18:27.0343 0x07b0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:18:27.0343 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
23:18:27.0359 0x07b0  intelide - detected LockedFile.Multi.Generic ( 1 )
23:18:29.0792 0x07b0  Detect skipped due to KSN trusted
23:18:29.0792 0x07b0  intelide - ok
23:18:29.0855 0x07b0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:18:29.0855 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
23:18:29.0855 0x07b0  intelppm - detected LockedFile.Multi.Generic ( 1 )
23:18:32.0304 0x07b0  Detect skipped due to KSN trusted
23:18:32.0304 0x07b0  intelppm - ok
23:18:32.0351 0x07b0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:18:32.0429 0x07b0  IPBusEnum - ok
23:18:32.0444 0x07b0  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:32.0444 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722DD294DF62483CECAAE6E094B4D695, sha256: 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0
23:18:32.0444 0x07b0  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
23:18:34.0909 0x07b0  Detect skipped due to KSN trusted
23:18:34.0909 0x07b0  IpFilterDriver - ok
23:18:34.0987 0x07b0  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:18:35.0049 0x07b0  iphlpsvc - ok
23:18:35.0081 0x07b0  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:18:35.0081 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: E2B4A4494DB7CB9B89B55CA268C337C5, sha256: C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB
23:18:35.0081 0x07b0  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
23:18:37.0514 0x07b0  Detect skipped due to KSN trusted
23:18:37.0514 0x07b0  IPMIDRV - ok
23:18:37.0577 0x07b0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:18:37.0577 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
23:18:37.0577 0x07b0  IPNAT - detected LockedFile.Multi.Generic ( 1 )
23:18:40.0026 0x07b0  Detect skipped due to KSN trusted
23:18:40.0026 0x07b0  IPNAT - ok
23:18:40.0088 0x07b0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:18:40.0088 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
23:18:40.0088 0x07b0  IRENUM - detected LockedFile.Multi.Generic ( 1 )
23:18:42.0537 0x07b0  Detect skipped due to KSN trusted
23:18:42.0537 0x07b0  IRENUM - ok
23:18:42.0584 0x07b0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:18:42.0584 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
23:18:42.0584 0x07b0  isapnp - detected LockedFile.Multi.Generic ( 1 )
23:18:45.0033 0x07b0  Detect skipped due to KSN trusted
23:18:45.0033 0x07b0  isapnp - ok
23:18:45.0111 0x07b0  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:18:45.0111 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: FA4D2557DE56D45B0A346F93564BE6E1, sha256: 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C
23:18:45.0111 0x07b0  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
23:18:47.0561 0x07b0  Detect skipped due to KSN trusted
23:18:47.0561 0x07b0  iScsiPrt - ok
23:18:47.0623 0x07b0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:18:47.0623 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
23:18:47.0623 0x07b0  kbdclass - detected LockedFile.Multi.Generic ( 1 )
23:18:50.0197 0x07b0  Detect skipped due to KSN trusted
23:18:50.0197 0x07b0  kbdclass - ok
23:18:50.0259 0x07b0  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:18:50.0259 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6DEF98F8541E1B5DCEB2C822A11F7323, sha256: F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D
23:18:50.0259 0x07b0  kbdhid - detected LockedFile.Multi.Generic ( 1 )
23:18:52.0709 0x07b0  Detect skipped due to KSN trusted
23:18:52.0709 0x07b0  kbdhid - ok
23:18:52.0755 0x07b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
23:18:52.0787 0x07b0  KeyIso - ok
23:18:52.0833 0x07b0  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:18:52.0833 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: E8B6FCC9C83535C67F835D407620BD27, sha256: 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870
23:18:52.0833 0x07b0  KSecDD - detected LockedFile.Multi.Generic ( 1 )
23:18:55.0267 0x07b0  Detect skipped due to KSN trusted
23:18:55.0267 0x07b0  KSecDD - ok
23:18:55.0361 0x07b0  [ A8C63880EF6F4D3FEC7B616B9C060215, 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:18:55.0361 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: A8C63880EF6F4D3FEC7B616B9C060215, sha256: 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA
23:18:55.0361 0x07b0  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
23:18:57.0794 0x07b0  Detect skipped due to KSN trusted
23:18:57.0794 0x07b0  KSecPkg - ok
23:18:57.0810 0x07b0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:18:57.0810 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
23:18:57.0810 0x07b0  ksthunk - detected LockedFile.Multi.Generic ( 1 )
23:19:00.0243 0x07b0  Detect skipped due to KSN trusted
23:19:00.0243 0x07b0  ksthunk - ok
23:19:00.0337 0x07b0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:19:00.0415 0x07b0  KtmRm - ok
23:19:00.0462 0x07b0  [ 55480B9C63F3F91A8EBBADCBF28FE581, 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:19:00.0462 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\L1C62x64.sys. md5: 55480B9C63F3F91A8EBBADCBF28FE581, sha256: 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293
23:19:00.0462 0x07b0  L1C - detected LockedFile.Multi.Generic ( 1 )
23:19:02.0895 0x07b0  Detect skipped due to KSN trusted
23:19:02.0895 0x07b0  L1C - ok
23:19:02.0973 0x07b0  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:19:03.0051 0x07b0  LanmanServer - ok
23:19:03.0083 0x07b0  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:19:03.0129 0x07b0  LanmanWorkstation - ok
23:19:03.0161 0x07b0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:19:03.0161 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
23:19:03.0161 0x07b0  lltdio - detected LockedFile.Multi.Generic ( 1 )
23:19:05.0594 0x07b0  Detect skipped due to KSN trusted
23:19:05.0594 0x07b0  lltdio - ok
23:19:05.0688 0x07b0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:19:05.0766 0x07b0  lltdsvc - ok
23:19:05.0781 0x07b0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:19:05.0813 0x07b0  lmhosts - ok
23:19:05.0891 0x07b0  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:19:05.0891 0x07b0  LMS - ok
23:19:05.0953 0x07b0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:05.0953 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
23:19:05.0953 0x07b0  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
23:19:08.0387 0x07b0  Detect skipped due to KSN trusted
23:19:08.0387 0x07b0  LSI_FC - ok
23:19:08.0433 0x07b0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:08.0433 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
23:19:08.0433 0x07b0  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
23:19:10.0883 0x07b0  Detect skipped due to KSN trusted
23:19:10.0883 0x07b0  LSI_SAS - ok
23:19:10.0945 0x07b0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:10.0945 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
23:19:10.0945 0x07b0  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
23:19:13.0394 0x07b0  Detect skipped due to KSN trusted
23:19:13.0394 0x07b0  LSI_SAS2 - ok
23:19:13.0457 0x07b0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:13.0457 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
23:19:13.0457 0x07b0  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
23:19:15.0906 0x07b0  Detect skipped due to KSN trusted
23:19:15.0906 0x07b0  LSI_SCSI - ok
23:19:15.0968 0x07b0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:19:15.0968 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
23:19:15.0968 0x07b0  luafv - detected LockedFile.Multi.Generic ( 1 )
23:19:18.0417 0x07b0  Detect skipped due to KSN trusted
23:19:18.0417 0x07b0  luafv - ok
23:19:18.0511 0x07b0  [ B96CE1C01E17DA93AE6831587700B04B, 1C188D843A9A3DD87954494A6E57830FC6A413F587FC3DD7727368122126ADF1 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:19:18.0527 0x07b0  MBAMSwissArmy - ok
23:19:18.0558 0x07b0  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:19:18.0605 0x07b0  Mcx2Svc - ok
23:19:18.0698 0x07b0  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:19:18.0729 0x07b0  MDM - ok
23:19:18.0745 0x07b0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:19:18.0745 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
23:19:18.0745 0x07b0  megasas - detected LockedFile.Multi.Generic ( 1 )
23:19:21.0179 0x07b0  Detect skipped due to KSN trusted
23:19:21.0179 0x07b0  megasas - ok
23:19:21.0241 0x07b0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:21.0241 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
23:19:21.0241 0x07b0  MegaSR - detected LockedFile.Multi.Generic ( 1 )
23:19:23.0690 0x07b0  Detect skipped due to KSN trusted
23:19:23.0690 0x07b0  MegaSR - ok
23:19:23.0721 0x07b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:19:23.0784 0x07b0  MMCSS - ok
23:19:23.0799 0x07b0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:19:23.0799 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
23:19:23.0799 0x07b0  Modem - detected LockedFile.Multi.Generic ( 1 )
23:19:26.0514 0x07b0  Detect skipped due to KSN trusted
23:19:26.0514 0x07b0  Modem - ok
23:19:26.0576 0x07b0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:19:26.0576 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
23:19:26.0576 0x07b0  monitor - detected LockedFile.Multi.Generic ( 1 )
23:19:29.0025 0x07b0  Detect skipped due to KSN trusted
23:19:29.0025 0x07b0  monitor - ok
23:19:29.0088 0x07b0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:19:29.0088 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
23:19:29.0088 0x07b0  mouclass - detected LockedFile.Multi.Generic ( 1 )
23:19:31.0537 0x07b0  Detect skipped due to KSN trusted
23:19:31.0537 0x07b0  mouclass - ok
23:19:31.0584 0x07b0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:19:31.0584 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
23:19:31.0584 0x07b0  mouhid - detected LockedFile.Multi.Generic ( 1 )
23:19:34.0033 0x07b0  Detect skipped due to KSN trusted
23:19:34.0033 0x07b0  mouhid - ok
23:19:34.0095 0x07b0  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:19:34.0095 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 791AF66C4D0E7C90A3646066386FB571, sha256: BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42
23:19:34.0095 0x07b0  mountmgr - detected LockedFile.Multi.Generic ( 1 )
23:19:36.0529 0x07b0  Detect skipped due to KSN trusted
23:19:36.0529 0x07b0  mountmgr - ok
23:19:36.0576 0x07b0  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:19:36.0576 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609D1D87649ECC19796F4D76D4C15CEA, sha256: 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00
23:19:36.0576 0x07b0  mpio - detected LockedFile.Multi.Generic ( 1 )
23:19:39.0025 0x07b0  Detect skipped due to KSN trusted
23:19:39.0025 0x07b0  mpio - ok
23:19:39.0087 0x07b0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:19:39.0087 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
23:19:39.0087 0x07b0  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
23:19:41.0521 0x07b0  Detect skipped due to KSN trusted
23:19:41.0521 0x07b0  mpsdrv - ok
23:19:41.0630 0x07b0  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:19:41.0708 0x07b0  MpsSvc - ok
23:19:41.0724 0x07b0  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:19:41.0724 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261BB51D96D6FCBAC20C810183C, sha256: 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D
23:19:41.0724 0x07b0  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
23:19:44.0157 0x07b0  Detect skipped due to KSN trusted
23:19:44.0157 0x07b0  MRxDAV - ok
23:19:44.0204 0x07b0  [ 767A4C3BCF9410C286CED15A2DB17108, D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:44.0220 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 767A4C3BCF9410C286CED15A2DB17108, sha256: D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79
23:19:44.0220 0x07b0  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
23:19:46.0669 0x07b0  Detect skipped due to KSN trusted
23:19:46.0669 0x07b0  mrxsmb - ok
23:19:46.0747 0x07b0  [ 920EE0FF995FCFDEB08C41605A959E1C, 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:46.0747 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 920EE0FF995FCFDEB08C41605A959E1C, sha256: 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C
23:19:46.0747 0x07b0  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
23:19:49.0165 0x07b0  Detect skipped due to KSN trusted
23:19:49.0165 0x07b0  mrxsmb10 - ok
23:19:49.0212 0x07b0  [ 740D7EA9D72C981510A5292CF6ADC941, C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:49.0212 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 740D7EA9D72C981510A5292CF6ADC941, sha256: C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE
23:19:49.0212 0x07b0  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
23:19:51.0661 0x07b0  Detect skipped due to KSN trusted
23:19:51.0661 0x07b0  mrxsmb20 - ok
23:19:51.0677 0x07b0  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:19:51.0677 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5C37497276E3B3A5488B23A326A754B7, sha256: 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967
23:19:51.0677 0x07b0  msahci - detected LockedFile.Multi.Generic ( 1 )
23:19:54.0126 0x07b0  Detect skipped due to KSN trusted
23:19:54.0126 0x07b0  msahci - ok
23:19:54.0188 0x07b0  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:19:54.0188 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8D27B597229AED79430FB9DB3BCBFBD0, sha256: 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248
23:19:54.0188 0x07b0  msdsm - detected LockedFile.Multi.Generic ( 1 )
23:19:56.0638 0x07b0  Detect skipped due to KSN trusted
23:19:56.0638 0x07b0  msdsm - ok
23:19:56.0684 0x07b0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:19:56.0731 0x07b0  MSDTC - ok
23:19:56.0747 0x07b0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:19:56.0747 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
23:19:56.0747 0x07b0  Msfs - detected LockedFile.Multi.Generic ( 1 )
23:19:59.0196 0x07b0  Detect skipped due to KSN trusted
23:19:59.0196 0x07b0  Msfs - ok
23:19:59.0243 0x07b0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:19:59.0258 0x07b0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
23:19:59.0258 0x07b0  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
23:20:01.0708 0x07b0  Detect skipped due to KSN trusted
23:20:01.0708 0x07b0  mshidkmdf - ok
23:20:01.0739 0x07b0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:20:01.0739 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
23:20:01.0739 0x07b0  msisadrv - detected LockedFile.Multi.Generic ( 1 )
23:20:04.0188 0x07b0  Detect skipped due to KSN trusted
23:20:04.0188 0x07b0  msisadrv - ok
23:20:04.0266 0x07b0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:20:04.0328 0x07b0  MSiSCSI - ok
23:20:04.0344 0x07b0  msiserver - ok
23:20:04.0360 0x07b0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:20:04.0360 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
23:20:04.0360 0x07b0  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
23:20:06.0809 0x07b0  Detect skipped due to KSN trusted
23:20:06.0809 0x07b0  MSKSSRV - ok
23:20:06.0871 0x07b0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:20:06.0871 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
23:20:06.0871 0x07b0  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
23:20:09.0320 0x07b0  Detect skipped due to KSN trusted
23:20:09.0320 0x07b0  MSPCLOCK - ok
23:20:09.0367 0x07b0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:20:09.0367 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
23:20:09.0367 0x07b0  MSPQM - detected LockedFile.Multi.Generic ( 1 )
23:20:11.0816 0x07b0  Detect skipped due to KSN trusted
23:20:11.0816 0x07b0  MSPQM - ok
23:20:11.0894 0x07b0  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:20:11.0894 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 89CB141AA8616D8C6A4610FA26C60964, sha256: 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC
23:20:11.0894 0x07b0  MsRPC - detected LockedFile.Multi.Generic ( 1 )
23:20:14.0422 0x07b0  Detect skipped due to KSN trusted
23:20:14.0422 0x07b0  MsRPC - ok
23:20:14.0468 0x07b0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:20:14.0468 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
23:20:14.0468 0x07b0  mssmbios - detected LockedFile.Multi.Generic ( 1 )
23:20:16.0918 0x07b0  Detect skipped due to KSN trusted
23:20:16.0918 0x07b0  mssmbios - ok
23:20:16.0980 0x07b0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:20:16.0980 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
23:20:16.0980 0x07b0  MSTEE - detected LockedFile.Multi.Generic ( 1 )
23:20:19.0429 0x07b0  Detect skipped due to KSN trusted
23:20:19.0429 0x07b0  MSTEE - ok
23:20:19.0460 0x07b0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:20:19.0460 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
23:20:19.0460 0x07b0  MTConfig - detected LockedFile.Multi.Generic ( 1 )
23:20:21.0925 0x07b0  Detect skipped due to KSN trusted
23:20:21.0925 0x07b0  MTConfig - ok
23:20:21.0988 0x07b0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:20:21.0988 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
23:20:21.0988 0x07b0  Mup - detected LockedFile.Multi.Generic ( 1 )
23:20:24.0437 0x07b0  Detect skipped due to KSN trusted
23:20:24.0437 0x07b0  Mup - ok
23:20:24.0515 0x07b0  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
23:20:24.0593 0x07b0  napagent - ok
23:20:24.0640 0x07b0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:20:24.0640 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
23:20:24.0655 0x07b0  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
23:20:27.0104 0x07b0  Detect skipped due to KSN trusted
23:20:27.0104 0x07b0  NativeWifiP - ok
23:20:27.0198 0x07b0  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:20:27.0198 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: CAD515DBD07D082BB317D9928CE8962C, sha256: 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E
23:20:27.0198 0x07b0  NDIS - detected LockedFile.Multi.Generic ( 1 )
23:20:29.0663 0x07b0  Detect skipped due to KSN trusted
23:20:29.0663 0x07b0  NDIS - ok
23:20:29.0694 0x07b0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:20:29.0694 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
23:20:29.0694 0x07b0  NdisCap - detected LockedFile.Multi.Generic ( 1 )
23:20:32.0159 0x07b0  Detect skipped due to KSN trusted
23:20:32.0159 0x07b0  NdisCap - ok
23:20:32.0206 0x07b0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:20:32.0206 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
23:20:32.0206 0x07b0  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
23:20:34.0655 0x07b0  Detect skipped due to KSN trusted
23:20:34.0655 0x07b0  NdisTapi - ok
23:20:34.0733 0x07b0  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:20:34.0733 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: F105BA1E22BF1F2EE8F005D4305E4BEC, sha256: 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F
23:20:34.0733 0x07b0  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
23:20:37.0182 0x07b0  Detect skipped due to KSN trusted
23:20:37.0182 0x07b0  Ndisuio - ok
23:20:37.0244 0x07b0  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:20:37.0244 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557DFAB9CA1FCB036AC77564C010DAD3, sha256: 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29
23:20:37.0260 0x07b0  NdisWan - detected LockedFile.Multi.Generic ( 1 )
23:20:39.0709 0x07b0  Detect skipped due to KSN trusted
23:20:39.0709 0x07b0  NdisWan - ok
23:20:39.0740 0x07b0  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:20:39.0740 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 659B74FB74B86228D6338D643CD3E3CF, sha256: 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80
23:20:39.0740 0x07b0  NDProxy - detected LockedFile.Multi.Generic ( 1 )
23:20:42.0174 0x07b0  Detect skipped due to KSN trusted
23:20:42.0174 0x07b0  NDProxy - ok
23:20:42.0283 0x07b0  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:20:42.0314 0x07b0  Nero BackItUp Scheduler 4.0 - ok
23:20:42.0346 0x07b0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:20:42.0346 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
23:20:42.0346 0x07b0  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
23:20:44.0795 0x07b0  Detect skipped due to KSN trusted
23:20:44.0795 0x07b0  NetBIOS - ok
23:20:44.0842 0x07b0  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:20:44.0842 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162B273A44AB9DCE5B44362731D062A, sha256: 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39
23:20:44.0857 0x07b0  NetBT - detected LockedFile.Multi.Generic ( 1 )
23:20:47.0275 0x07b0  Detect skipped due to KSN trusted
23:20:47.0275 0x07b0  NetBT - ok
23:20:47.0306 0x07b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
23:20:47.0322 0x07b0  Netlogon - ok
23:20:47.0369 0x07b0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:20:47.0431 0x07b0  Netman - ok
23:20:47.0462 0x07b0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:20:47.0540 0x07b0  netprofm - ok
23:20:47.0572 0x07b0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:20:47.0572 0x07b0  NetTcpPortSharing - ok
23:20:47.0603 0x07b0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:20:47.0603 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
23:20:47.0603 0x07b0  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
23:20:50.0036 0x07b0  Detect skipped due to KSN trusted
23:20:50.0036 0x07b0  nfrd960 - ok
23:20:50.0099 0x07b0  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:20:50.0177 0x07b0  NlaSvc - ok
23:20:50.0208 0x07b0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:20:50.0208 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
23:20:50.0208 0x07b0  Npfs - detected LockedFile.Multi.Generic ( 1 )
23:20:52.0626 0x07b0  Detect skipped due to KSN trusted
23:20:52.0626 0x07b0  Npfs - ok
23:20:52.0688 0x07b0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:20:52.0766 0x07b0  nsi - ok
23:20:52.0782 0x07b0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:20:52.0782 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
23:20:52.0782 0x07b0  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
23:20:55.0231 0x07b0  Detect skipped due to KSN trusted
23:20:55.0231 0x07b0  nsiproxy - ok
23:20:55.0356 0x07b0  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:20:55.0356 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 356698A13C4630D5B31C37378D469196, sha256: BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B
23:20:55.0356 0x07b0  Ntfs - detected LockedFile.Multi.Generic ( 1 )
23:20:57.0805 0x07b0  Detect skipped due to KSN trusted
23:20:57.0805 0x07b0  Ntfs - ok
23:20:57.0836 0x07b0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:20:57.0836 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
23:20:57.0836 0x07b0  Null - detected LockedFile.Multi.Generic ( 1 )
23:21:00.0286 0x07b0  Detect skipped due to KSN trusted
23:21:00.0286 0x07b0  Null - ok
23:21:00.0364 0x07b0  [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
23:21:00.0364 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvraid.sys. md5: 3E38712941E9BB4DDBEE00AFFE3FED3D, sha256: 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7
23:21:00.0379 0x07b0  nvraid - detected LockedFile.Multi.Generic ( 1 )
23:21:02.0828 0x07b0  Detect skipped due to KSN trusted
23:21:02.0828 0x07b0  nvraid - ok
23:21:02.0891 0x07b0  [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
23:21:02.0891 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvstor.sys. md5: 477DC4D6DEB99BE37084C9AC6D013DA1, sha256: E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E
23:21:02.0891 0x07b0  nvstor - detected LockedFile.Multi.Generic ( 1 )
23:21:05.0324 0x07b0  Detect skipped due to KSN trusted
23:21:05.0324 0x07b0  nvstor - ok
23:21:05.0387 0x07b0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:21:05.0387 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
23:21:05.0387 0x07b0  nv_agp - detected LockedFile.Multi.Generic ( 1 )
23:21:07.0836 0x07b0  Detect skipped due to KSN trusted
23:21:07.0836 0x07b0  nv_agp - ok
23:21:07.0883 0x07b0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:21:07.0883 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
23:21:07.0883 0x07b0  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
23:21:10.0316 0x07b0  Detect skipped due to KSN trusted
23:21:10.0316 0x07b0  ohci1394 - ok
23:21:10.0379 0x07b0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:21:10.0394 0x07b0  ose - ok
23:21:10.0457 0x07b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:21:10.0519 0x07b0  p2pimsvc - ok
23:21:10.0566 0x07b0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:21:10.0597 0x07b0  p2psvc - ok
23:21:10.0613 0x07b0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:21:10.0613 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
23:21:10.0628 0x07b0  Parport - detected LockedFile.Multi.Generic ( 1 )
23:21:13.0062 0x07b0  Detect skipped due to KSN trusted
23:21:13.0062 0x07b0  Parport - ok
23:21:13.0109 0x07b0  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:21:13.0109 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 7DAA117143316C4A1537E074A5A9EAF0, sha256: D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B
23:21:13.0109 0x07b0  partmgr - detected LockedFile.Multi.Generic ( 1 )
23:21:15.0558 0x07b0  Detect skipped due to KSN trusted
23:21:15.0558 0x07b0  partmgr - ok
23:21:15.0620 0x07b0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:21:15.0667 0x07b0  PcaSvc - ok
23:21:15.0714 0x07b0  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:21:15.0714 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pci.sys. md5: F36F6504009F2FB0DFD1B17A116AD74B, sha256: 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918
23:21:15.0714 0x07b0  pci - detected LockedFile.Multi.Generic ( 1 )
23:21:18.0163 0x07b0  Detect skipped due to KSN trusted
23:21:18.0163 0x07b0  pci - ok
23:21:18.0194 0x07b0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:21:18.0194 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
23:21:18.0194 0x07b0  pciide - detected LockedFile.Multi.Generic ( 1 )
23:21:20.0644 0x07b0  Detect skipped due to KSN trusted
23:21:20.0644 0x07b0  pciide - ok
23:21:20.0706 0x07b0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:21:20.0706 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
23:21:20.0706 0x07b0  pcmcia - detected LockedFile.Multi.Generic ( 1 )
23:21:23.0155 0x07b0  Detect skipped due to KSN trusted
23:21:23.0155 0x07b0  pcmcia - ok
         

Alt 05.07.2014, 22:46   #8
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Teil2
Code:
ATTFilter
23:21:23.0218 0x07b0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:21:23.0218 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
23:21:23.0218 0x07b0  pcw - detected LockedFile.Multi.Generic ( 1 )
23:21:25.0667 0x07b0  Detect skipped due to KSN trusted
23:21:25.0667 0x07b0  pcw - ok
23:21:25.0729 0x07b0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:21:25.0729 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
23:21:25.0729 0x07b0  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
23:21:28.0178 0x07b0  Detect skipped due to KSN trusted
23:21:28.0178 0x07b0  PEAUTH - ok
23:21:28.0241 0x07b0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:21:28.0288 0x07b0  PerfHost - ok
23:21:28.0319 0x07b0  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
23:21:28.0319 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pgeffect.sys. md5: 663962900E7FEA522126BA287715BB4A, sha256: 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1
23:21:28.0319 0x07b0  PGEffect - detected LockedFile.Multi.Generic ( 1 )
23:21:30.0908 0x07b0  Detect skipped due to KSN trusted
23:21:30.0908 0x07b0  PGEffect - ok
23:21:31.0018 0x07b0  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
23:21:31.0127 0x07b0  pla - ok
23:21:31.0174 0x07b0  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:21:31.0236 0x07b0  PlugPlay - ok
23:21:31.0252 0x07b0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:21:31.0283 0x07b0  PNRPAutoReg - ok
23:21:31.0298 0x07b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:21:31.0330 0x07b0  PNRPsvc - ok
23:21:31.0376 0x07b0  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:21:31.0439 0x07b0  PolicyAgent - ok
23:21:31.0486 0x07b0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:21:31.0532 0x07b0  Power - ok
23:21:31.0579 0x07b0  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:21:31.0579 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27CC19E81BA5E3403C48302127BDA717, sha256: C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40
23:21:31.0579 0x07b0  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
23:21:34.0028 0x07b0  Detect skipped due to KSN trusted
23:21:34.0028 0x07b0  PptpMiniport - ok
23:21:34.0091 0x07b0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:21:34.0091 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
23:21:34.0091 0x07b0  Processor - detected LockedFile.Multi.Generic ( 1 )
23:21:36.0540 0x07b0  Detect skipped due to KSN trusted
23:21:36.0540 0x07b0  Processor - ok
23:21:36.0602 0x07b0  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
23:21:36.0696 0x07b0  ProfSvc - ok
23:21:36.0696 0x07b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:21:36.0712 0x07b0  ProtectedStorage - ok
23:21:36.0743 0x07b0  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:21:36.0743 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: EE992183BD8EAEFD9973F352E587A299, sha256: 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043
23:21:36.0743 0x07b0  Psched - detected LockedFile.Multi.Generic ( 1 )
23:21:39.0192 0x07b0  Detect skipped due to KSN trusted
23:21:39.0192 0x07b0  Psched - ok
23:21:39.0301 0x07b0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:21:39.0301 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
23:21:39.0301 0x07b0  ql2300 - detected LockedFile.Multi.Generic ( 1 )
23:21:41.0750 0x07b0  Detect skipped due to KSN trusted
23:21:41.0750 0x07b0  ql2300 - ok
23:21:41.0782 0x07b0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:21:41.0782 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
23:21:41.0782 0x07b0  ql40xx - detected LockedFile.Multi.Generic ( 1 )
23:21:44.0215 0x07b0  Detect skipped due to KSN trusted
23:21:44.0215 0x07b0  ql40xx - ok
23:21:44.0278 0x07b0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:21:44.0324 0x07b0  QWAVE - ok
23:21:44.0340 0x07b0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:21:44.0340 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
23:21:44.0340 0x07b0  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
23:21:46.0789 0x07b0  Detect skipped due to KSN trusted
23:21:46.0789 0x07b0  QWAVEdrv - ok
23:21:46.0836 0x07b0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:21:46.0836 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
23:21:46.0836 0x07b0  RasAcd - detected LockedFile.Multi.Generic ( 1 )
23:21:49.0285 0x07b0  Detect skipped due to KSN trusted
23:21:49.0285 0x07b0  RasAcd - ok
23:21:49.0332 0x07b0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:21:49.0332 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
23:21:49.0332 0x07b0  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
23:21:51.0781 0x07b0  Detect skipped due to KSN trusted
23:21:51.0781 0x07b0  RasAgileVpn - ok
23:21:51.0828 0x07b0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:21:51.0906 0x07b0  RasAuto - ok
23:21:51.0937 0x07b0  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:21:51.0937 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 87A6E852A22991580D6D39ADC4790463, sha256: 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642
23:21:51.0937 0x07b0  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
23:21:54.0355 0x07b0  Detect skipped due to KSN trusted
23:21:54.0355 0x07b0  Rasl2tp - ok
23:21:54.0433 0x07b0  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
23:21:54.0511 0x07b0  RasMan - ok
23:21:54.0543 0x07b0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:21:54.0543 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
23:21:54.0543 0x07b0  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
23:21:56.0961 0x07b0  Detect skipped due to KSN trusted
23:21:56.0961 0x07b0  RasPppoe - ok
23:21:57.0007 0x07b0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:21:57.0007 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
23:21:57.0007 0x07b0  RasSstp - detected LockedFile.Multi.Generic ( 1 )
23:21:59.0472 0x07b0  Detect skipped due to KSN trusted
23:21:59.0472 0x07b0  RasSstp - ok
23:21:59.0535 0x07b0  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:21:59.0535 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 3BAC8142102C15D59A87757C1D41DCE5, sha256: C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C
23:21:59.0535 0x07b0  rdbss - detected LockedFile.Multi.Generic ( 1 )
23:22:01.0984 0x07b0  Detect skipped due to KSN trusted
23:22:01.0984 0x07b0  rdbss - ok
23:22:02.0015 0x07b0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:22:02.0015 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
23:22:02.0015 0x07b0  rdpbus - detected LockedFile.Multi.Generic ( 1 )
23:22:04.0464 0x07b0  Detect skipped due to KSN trusted
23:22:04.0464 0x07b0  rdpbus - ok
23:22:04.0511 0x07b0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:22:04.0511 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
23:22:04.0511 0x07b0  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
23:22:06.0976 0x07b0  Detect skipped due to KSN trusted
23:22:06.0976 0x07b0  RDPCDD - ok
23:22:07.0023 0x07b0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:22:07.0023 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
23:22:07.0023 0x07b0  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
23:22:09.0472 0x07b0  Detect skipped due to KSN trusted
23:22:09.0472 0x07b0  RDPENCDD - ok
23:22:09.0519 0x07b0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:22:09.0519 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
23:22:09.0519 0x07b0  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
23:22:11.0968 0x07b0  Detect skipped due to KSN trusted
23:22:11.0968 0x07b0  RDPREFMP - ok
23:22:12.0015 0x07b0  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:22:12.0015 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, sha256: 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48
23:22:12.0015 0x07b0  RDPWD - detected LockedFile.Multi.Generic ( 1 )
23:22:14.0448 0x07b0  Detect skipped due to KSN trusted
23:22:14.0448 0x07b0  RDPWD - ok
23:22:14.0526 0x07b0  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:22:14.0526 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 634B9A2181D98F15941236886164EC8B, sha256: 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8
23:22:14.0542 0x07b0  rdyboost - detected LockedFile.Multi.Generic ( 1 )
23:22:16.0991 0x07b0  Detect skipped due to KSN trusted
23:22:16.0991 0x07b0  rdyboost - ok
23:22:17.0053 0x07b0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:22:17.0131 0x07b0  RemoteAccess - ok
23:22:17.0147 0x07b0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:22:17.0209 0x07b0  RemoteRegistry - ok
23:22:17.0225 0x07b0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:22:17.0287 0x07b0  RpcEptMapper - ok
23:22:17.0319 0x07b0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:22:17.0334 0x07b0  RpcLocator - ok
23:22:17.0381 0x07b0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
23:22:17.0443 0x07b0  RpcSs - ok
23:22:17.0475 0x07b0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:22:17.0475 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
23:22:17.0475 0x07b0  rspndr - detected LockedFile.Multi.Generic ( 1 )
23:22:19.0908 0x07b0  Detect skipped due to KSN trusted
23:22:19.0908 0x07b0  rspndr - ok
23:22:20.0002 0x07b0  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
23:22:20.0002 0x07b0  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\RtsUStor.sys. md5: 907C4464381B5EBDFDC60F6C7D0DEDFC, sha256: A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89
23:22:20.0002 0x07b0  RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
23:22:22.0435 0x07b0  Detect skipped due to KSN trusted
23:22:22.0435 0x07b0  RSUSBSTOR - ok
23:22:22.0545 0x07b0  [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
23:22:22.0545 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rtl8192se.sys. md5: 7475548B0BA58EBA4D12414FC9E9DFE6, sha256: 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F
23:22:22.0545 0x07b0  rtl8192se - detected LockedFile.Multi.Generic ( 1 )
23:22:24.0978 0x07b0  Detect skipped due to KSN trusted
23:22:24.0978 0x07b0  rtl8192se - ok
23:22:25.0025 0x07b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
23:22:25.0041 0x07b0  SamSs - ok
23:22:25.0072 0x07b0  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:22:25.0072 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: E3BBB89983DAF5622C1D50CF49F28227, sha256: 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07
23:22:25.0072 0x07b0  sbp2port - detected LockedFile.Multi.Generic ( 1 )
23:22:27.0505 0x07b0  Detect skipped due to KSN trusted
23:22:27.0505 0x07b0  sbp2port - ok
23:22:27.0568 0x07b0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:22:27.0646 0x07b0  SCardSvr - ok
23:22:27.0677 0x07b0  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:22:27.0677 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: C94DA20C7E3BA1DCA269BC8460D98387, sha256: E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61
23:22:27.0677 0x07b0  scfilter - detected LockedFile.Multi.Generic ( 1 )
23:22:30.0095 0x07b0  Detect skipped due to KSN trusted
23:22:30.0095 0x07b0  scfilter - ok
23:22:30.0204 0x07b0  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
23:22:30.0282 0x07b0  Schedule - ok
23:22:30.0329 0x07b0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:22:30.0360 0x07b0  SCPolicySvc - ok
23:22:30.0391 0x07b0  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:22:30.0438 0x07b0  SDRSVC - ok
23:22:30.0516 0x07b0  [ 3E0CFF5F0A9D23E327703D72CEA5253F, AC307AB7E9A2B7E078DE5AC4CD9EA00F159BB07605410B8C0DBC046ABBB5C654 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:22:30.0532 0x07b0  SeaPort - ok
23:22:30.0563 0x07b0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:22:30.0563 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
23:22:30.0563 0x07b0  secdrv - detected LockedFile.Multi.Generic ( 1 )
23:22:33.0028 0x07b0  Detect skipped due to KSN trusted
23:22:33.0028 0x07b0  secdrv - ok
23:22:33.0090 0x07b0  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
23:22:33.0153 0x07b0  seclogon - ok
23:22:33.0168 0x07b0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:22:33.0215 0x07b0  SENS - ok
23:22:33.0246 0x07b0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:22:33.0277 0x07b0  SensrSvc - ok
23:22:33.0324 0x07b0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:22:33.0324 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
23:22:33.0324 0x07b0  Serenum - detected LockedFile.Multi.Generic ( 1 )
23:22:35.0758 0x07b0  Detect skipped due to KSN trusted
23:22:35.0758 0x07b0  Serenum - ok
23:22:35.0789 0x07b0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:22:35.0789 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
23:22:35.0789 0x07b0  Serial - detected LockedFile.Multi.Generic ( 1 )
23:22:38.0238 0x07b0  Detect skipped due to KSN trusted
23:22:38.0238 0x07b0  Serial - ok
23:22:38.0285 0x07b0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:22:38.0285 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
23:22:38.0285 0x07b0  sermouse - detected LockedFile.Multi.Generic ( 1 )
23:22:40.0734 0x07b0  Detect skipped due to KSN trusted
23:22:40.0734 0x07b0  sermouse - ok
23:22:40.0797 0x07b0  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:22:40.0890 0x07b0  SessionEnv - ok
23:22:40.0906 0x07b0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:22:40.0906 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
23:22:40.0906 0x07b0  sffdisk - detected LockedFile.Multi.Generic ( 1 )
23:22:43.0355 0x07b0  Detect skipped due to KSN trusted
23:22:43.0355 0x07b0  sffdisk - ok
23:22:43.0417 0x07b0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:22:43.0417 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
23:22:43.0417 0x07b0  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
23:22:45.0867 0x07b0  Detect skipped due to KSN trusted
23:22:45.0867 0x07b0  sffp_mmc - ok
23:22:45.0913 0x07b0  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:22:45.0913 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_sd.sys. md5: 178298F767FE638C9FEDCBDEF58BB5E4, sha256: 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7
23:22:45.0913 0x07b0  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
23:22:48.0347 0x07b0  Detect skipped due to KSN trusted
23:22:48.0347 0x07b0  sffp_sd - ok
23:22:48.0394 0x07b0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:22:48.0394 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
23:22:48.0394 0x07b0  sfloppy - detected LockedFile.Multi.Generic ( 1 )
23:22:50.0843 0x07b0  Detect skipped due to KSN trusted
23:22:50.0843 0x07b0  sfloppy - ok
23:22:50.0921 0x07b0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:22:50.0999 0x07b0  SharedAccess - ok
23:22:51.0030 0x07b0  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:22:51.0077 0x07b0  ShellHWDetection - ok
23:22:51.0108 0x07b0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:22:51.0108 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
23:22:51.0108 0x07b0  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
23:22:53.0542 0x07b0  Detect skipped due to KSN trusted
23:22:53.0542 0x07b0  SiSRaid2 - ok
23:22:53.0604 0x07b0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:22:53.0604 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
23:22:53.0604 0x07b0  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
23:22:56.0053 0x07b0  Detect skipped due to KSN trusted
23:22:56.0053 0x07b0  SiSRaid4 - ok
23:22:56.0116 0x07b0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:22:56.0116 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
23:22:56.0116 0x07b0  Smb - detected LockedFile.Multi.Generic ( 1 )
23:22:58.0549 0x07b0  Detect skipped due to KSN trusted
23:22:58.0549 0x07b0  Smb - ok
23:22:58.0612 0x07b0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:22:58.0659 0x07b0  SNMPTRAP - ok
23:22:58.0690 0x07b0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:22:58.0690 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
23:22:58.0690 0x07b0  spldr - detected LockedFile.Multi.Generic ( 1 )
23:23:01.0123 0x07b0  Detect skipped due to KSN trusted
23:23:01.0123 0x07b0  spldr - ok
23:23:01.0201 0x07b0  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
23:23:01.0248 0x07b0  Spooler - ok
23:23:01.0389 0x07b0  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:23:01.0560 0x07b0  sppsvc - ok
23:23:01.0576 0x07b0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:23:01.0623 0x07b0  sppuinotify - ok
23:23:01.0669 0x07b0  [ 37C3ABC2338010E110D2A6A3930F3149, EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:23:01.0669 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 37C3ABC2338010E110D2A6A3930F3149, sha256: EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9
23:23:01.0669 0x07b0  srv - detected LockedFile.Multi.Generic ( 1 )
23:23:04.0119 0x07b0  Detect skipped due to KSN trusted
23:23:04.0119 0x07b0  srv - ok
23:23:04.0181 0x07b0  [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:23:04.0181 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: F773D2ED090B7BAA1C1A034F3CA476C8, sha256: C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F
23:23:04.0181 0x07b0  srv2 - detected LockedFile.Multi.Generic ( 1 )
23:23:06.0599 0x07b0  Detect skipped due to KSN trusted
23:23:06.0599 0x07b0  srv2 - ok
23:23:06.0646 0x07b0  [ CCE32BB223E9FF55D241099A858FA889, A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:23:06.0646 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: CCE32BB223E9FF55D241099A858FA889, sha256: A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F
23:23:06.0646 0x07b0  srvnet - detected LockedFile.Multi.Generic ( 1 )
23:23:09.0095 0x07b0  Detect skipped due to KSN trusted
23:23:09.0095 0x07b0  srvnet - ok
23:23:09.0157 0x07b0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:23:09.0235 0x07b0  SSDPSRV - ok
23:23:09.0235 0x07b0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:23:09.0298 0x07b0  SstpSvc - ok
23:23:09.0329 0x07b0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:23:09.0329 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
23:23:09.0329 0x07b0  stexstor - detected LockedFile.Multi.Generic ( 1 )
23:23:11.0763 0x07b0  Detect skipped due to KSN trusted
23:23:11.0763 0x07b0  stexstor - ok
23:23:11.0856 0x07b0  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
23:23:11.0903 0x07b0  stisvc - ok
23:23:11.0934 0x07b0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:23:11.0934 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
23:23:11.0934 0x07b0  swenum - detected LockedFile.Multi.Generic ( 1 )
23:23:14.0383 0x07b0  Detect skipped due to KSN trusted
23:23:14.0383 0x07b0  swenum - ok
23:23:14.0461 0x07b0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:23:14.0524 0x07b0  swprv - ok
23:23:14.0571 0x07b0  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:23:14.0571 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 470C47DABA9CA3966F0AB3F835D7D135, sha256: BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5
23:23:14.0571 0x07b0  SynTP - detected LockedFile.Multi.Generic ( 1 )
23:23:17.0004 0x07b0  Detect skipped due to KSN trusted
23:23:17.0004 0x07b0  SynTP - ok
23:23:17.0129 0x07b0  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
23:23:17.0223 0x07b0  SysMain - ok
23:23:17.0254 0x07b0  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:23:17.0285 0x07b0  TabletInputService - ok
23:23:17.0301 0x07b0  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:23:17.0363 0x07b0  TapiSrv - ok
23:23:17.0394 0x07b0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:23:17.0441 0x07b0  TBS - ok
23:23:17.0550 0x07b0  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:23:17.0566 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
23:23:17.0566 0x07b0  Tcpip - detected LockedFile.Multi.Generic ( 1 )
23:23:19.0999 0x07b0  Detect skipped due to KSN trusted
23:23:19.0999 0x07b0  Tcpip - ok
23:23:20.0140 0x07b0  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:23:20.0140 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 912107716BAB424C7870E8E6AF5E07E1, sha256: BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9
23:23:20.0155 0x07b0  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
23:23:20.0155 0x07b0  Detect skipped due to KSN trusted
23:23:20.0155 0x07b0  TCPIP6 - ok
23:23:20.0187 0x07b0  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:23:20.0187 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 76D078AF6F587B162D50210F761EB9ED, sha256: 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9
23:23:20.0187 0x07b0  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
23:23:22.0636 0x07b0  Detect skipped due to KSN trusted
23:23:22.0636 0x07b0  tcpipreg - ok
23:23:22.0698 0x07b0  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:23:22.0714 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdcmdpst.sys. md5: FD542B661BD22FA69CA789AD0AC58C29, sha256: 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C
23:23:22.0714 0x07b0  tdcmdpst - detected LockedFile.Multi.Generic ( 1 )
23:23:25.0163 0x07b0  Detect skipped due to KSN trusted
23:23:25.0163 0x07b0  tdcmdpst - ok
23:23:25.0210 0x07b0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:23:25.0210 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
23:23:25.0210 0x07b0  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
23:23:27.0659 0x07b0  Detect skipped due to KSN trusted
23:23:27.0659 0x07b0  TDPIPE - ok
23:23:27.0690 0x07b0  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:23:27.0690 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: E4245BDA3190A582D55ED09E137401A9, sha256: F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116
23:23:27.0690 0x07b0  TDTCP - detected LockedFile.Multi.Generic ( 1 )
23:23:30.0249 0x07b0  Detect skipped due to KSN trusted
23:23:30.0249 0x07b0  TDTCP - ok
23:23:30.0311 0x07b0  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:23:30.0311 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 079125C4B17B01FCAEEBCE0BCB290C0F, sha256: B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437
23:23:30.0311 0x07b0  tdx - detected LockedFile.Multi.Generic ( 1 )
23:23:32.0760 0x07b0  Detect skipped due to KSN trusted
23:23:32.0760 0x07b0  tdx - ok
23:23:32.0885 0x07b0  [ 1B43FDBFE5A98F6B3D90595C6B2E5277, B13068E99FD301887C12EACDB94DB0B87F1186569AEAD65C1553E74B462EE972 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
23:23:32.0901 0x07b0  TemproMonitoringService - ok
23:23:32.0932 0x07b0  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:23:32.0932 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\termdd.sys. md5: C448651339196C0E869A355171875522, sha256: C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4
23:23:32.0932 0x07b0  TermDD - detected LockedFile.Multi.Generic ( 1 )
23:23:35.0833 0x07b0  Detect skipped due to KSN trusted
23:23:35.0833 0x07b0  TermDD - ok
23:23:35.0911 0x07b0  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
23:23:36.0005 0x07b0  TermService - ok
23:23:36.0021 0x07b0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:23:36.0052 0x07b0  Themes - ok
23:23:36.0067 0x07b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:23:36.0114 0x07b0  THREADORDER - ok
23:23:36.0161 0x07b0  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:23:36.0177 0x07b0  TMachInfo - ok
23:23:36.0223 0x07b0  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
23:23:36.0239 0x07b0  TODDSrv - ok
23:23:36.0333 0x07b0  [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:23:36.0348 0x07b0  TosCoSrv - ok
23:23:36.0442 0x07b0  [ 3E6756677E16532D235C6CB20614F369, 97CA12C3B7B535307EADA0093394BF1682BDD10A14D392BD187BD3E7B9A19B93 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
23:23:36.0473 0x07b0  TOSHIBA eco Utility Service - ok
23:23:36.0551 0x07b0  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:23:36.0567 0x07b0  TOSHIBA HDD SSD Alert Service - ok
23:23:36.0629 0x07b0  [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
23:23:36.0660 0x07b0  TPCHSrv - ok
23:23:36.0691 0x07b0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:23:36.0754 0x07b0  TrkWks - ok
23:23:36.0801 0x07b0  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:23:36.0847 0x07b0  TrustedInstaller - ok
23:23:36.0863 0x07b0  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:23:36.0863 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 61B96C26131E37B24E93327A0BD1FB95, sha256: 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF
23:23:36.0863 0x07b0  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
23:23:39.0297 0x07b0  Detect skipped due to KSN trusted
23:23:39.0297 0x07b0  tssecsrv - ok
23:23:39.0375 0x07b0  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:23:39.0375 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3836171A2CDF3AF8EF10856DB9835A70, sha256: 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2
23:23:39.0375 0x07b0  tunnel - detected LockedFile.Multi.Generic ( 1 )
23:23:41.0824 0x07b0  Detect skipped due to KSN trusted
23:23:41.0824 0x07b0  tunnel - ok
23:23:41.0902 0x07b0  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:23:41.0902 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\TVALZ_O.SYS. md5: 550B567F9364D8F7684C3FB3EA665A72, sha256: A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933
23:23:41.0902 0x07b0  TVALZ - detected LockedFile.Multi.Generic ( 1 )
23:23:44.0336 0x07b0  Detect skipped due to KSN trusted
23:23:44.0336 0x07b0  TVALZ - ok
23:23:44.0429 0x07b0  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
23:23:44.0429 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\TVALZFL.sys. md5: 9C7191F4B2E49BFF47A6C1144B5923FA, sha256: DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E
23:23:44.0429 0x07b0  TVALZFL - detected LockedFile.Multi.Generic ( 1 )
23:23:46.0878 0x07b0  Detect skipped due to KSN trusted
23:23:46.0878 0x07b0  TVALZFL - ok
23:23:46.0941 0x07b0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:23:46.0941 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
23:23:46.0941 0x07b0  uagp35 - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0390 0x07b0  Detect skipped due to KSN trusted
23:23:49.0390 0x07b0  uagp35 - ok
23:23:49.0452 0x07b0  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:23:49.0452 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: D47BAEAD86C65D4F4069D7CE0A4EDCEB, sha256: DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8
23:23:49.0452 0x07b0  udfs - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0886 0x07b0  Detect skipped due to KSN trusted
23:23:51.0886 0x07b0  udfs - ok
23:23:51.0933 0x07b0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:23:51.0980 0x07b0  UI0Detect - ok
23:23:52.0011 0x07b0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:23:52.0011 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
23:23:52.0011 0x07b0  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
23:23:54.0460 0x07b0  Detect skipped due to KSN trusted
23:23:54.0460 0x07b0  uliagpkx - ok
23:23:54.0507 0x07b0  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:23:54.0507 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: EAB6C35E62B1B0DB0D1B48B671D3A117, sha256: E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0
23:23:54.0507 0x07b0  umbus - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0956 0x07b0  Detect skipped due to KSN trusted
23:23:56.0956 0x07b0  umbus - ok
23:23:56.0987 0x07b0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:23:56.0987 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
23:23:56.0987 0x07b0  UmPass - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0436 0x07b0  Detect skipped due to KSN trusted
23:23:59.0436 0x07b0  UmPass - ok
23:23:59.0639 0x07b0  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:23:59.0717 0x07b0  UNS - ok
23:23:59.0748 0x07b0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:23:59.0826 0x07b0  upnphost - ok
23:23:59.0889 0x07b0  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:23:59.0889 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: B26AFB54A534D634523C4FB66765B026, sha256: A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8
23:23:59.0889 0x07b0  usbccgp - detected LockedFile.Multi.Generic ( 1 )
23:24:02.0322 0x07b0  Detect skipped due to KSN trusted
23:24:02.0322 0x07b0  usbccgp - ok
23:24:02.0385 0x07b0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:24:02.0385 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
23:24:02.0385 0x07b0  usbcir - detected LockedFile.Multi.Generic ( 1 )
23:24:04.0834 0x07b0  Detect skipped due to KSN trusted
23:24:04.0834 0x07b0  usbcir - ok
23:24:04.0912 0x07b0  [ CB490987A7F6928A04BB838E3BD8A936, 51D1E6A6F17A8482B526668032CC9F563F655C2EC413101566187CE8D7B6B5F4 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:24:04.0912 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: CB490987A7F6928A04BB838E3BD8A936, sha256: 51D1E6A6F17A8482B526668032CC9F563F655C2EC413101566187CE8D7B6B5F4
23:24:04.0912 0x07b0  usbehci - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0346 0x07b0  Detect skipped due to KSN trusted
23:24:07.0346 0x07b0  usbehci - ok
23:24:07.0424 0x07b0  [ 18124EF0A881A00EE222D02A3EE30270, 8FBD652F03C5F114BD3661BFA9A5D2A56CE5F5C8D67A5876409E0B055D97D038 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:24:07.0424 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 18124EF0A881A00EE222D02A3EE30270, sha256: 8FBD652F03C5F114BD3661BFA9A5D2A56CE5F5C8D67A5876409E0B055D97D038
23:24:07.0424 0x07b0  usbhub - detected LockedFile.Multi.Generic ( 1 )
23:24:09.0873 0x07b0  Detect skipped due to KSN trusted
23:24:09.0873 0x07b0  usbhub - ok
23:24:09.0920 0x07b0  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:24:09.0920 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 58E546BBAF87664FC57E0F6081E4F609, sha256: 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9
23:24:09.0920 0x07b0  usbohci - detected LockedFile.Multi.Generic ( 1 )
23:24:12.0353 0x07b0  Detect skipped due to KSN trusted
23:24:12.0353 0x07b0  usbohci - ok
23:24:12.0400 0x07b0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:24:12.0400 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
23:24:12.0400 0x07b0  usbprint - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0865 0x07b0  Detect skipped due to KSN trusted
23:24:14.0865 0x07b0  usbprint - ok
23:24:14.0912 0x07b0  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:24:14.0927 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0, sha256: 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42
23:24:14.0927 0x07b0  usbscan - detected LockedFile.Multi.Generic ( 1 )
23:24:17.0376 0x07b0  Detect skipped due to KSN trusted
23:24:17.0376 0x07b0  usbscan - ok
23:24:17.0408 0x07b0  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:24:17.0408 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: 080D3820DA6C046BE82FC8B45A893E83, sha256: EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A
23:24:17.0408 0x07b0  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
23:24:19.0857 0x07b0  Detect skipped due to KSN trusted
23:24:19.0857 0x07b0  USBSTOR - ok
23:24:19.0919 0x07b0  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:24:19.0919 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 81FB2216D3A60D1284455D511797DB3D, sha256: 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E
23:24:19.0919 0x07b0  usbuhci - detected LockedFile.Multi.Generic ( 1 )
23:24:22.0368 0x07b0  Detect skipped due to KSN trusted
23:24:22.0368 0x07b0  usbuhci - ok
23:24:22.0431 0x07b0  [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:24:22.0431 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbvideo.sys. md5: D501E12614B00A3252073101D6A1A74B, sha256: DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C
23:24:22.0431 0x07b0  usbvideo - detected LockedFile.Multi.Generic ( 1 )
23:24:24.0880 0x07b0  Detect skipped due to KSN trusted
23:24:24.0880 0x07b0  usbvideo - ok
23:24:24.0927 0x07b0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:24:25.0020 0x07b0  UxSms - ok
23:24:25.0036 0x07b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
23:24:25.0052 0x07b0  VaultSvc - ok
23:24:25.0083 0x07b0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:24:25.0083 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
23:24:25.0083 0x07b0  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
23:24:27.0532 0x07b0  Detect skipped due to KSN trusted
23:24:27.0532 0x07b0  vdrvroot - ok
23:24:27.0594 0x07b0  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
23:24:27.0657 0x07b0  vds - ok
23:24:27.0688 0x07b0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:27.0688 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
23:24:27.0704 0x07b0  vga - detected LockedFile.Multi.Generic ( 1 )
23:24:30.0137 0x07b0  Detect skipped due to KSN trusted
23:24:30.0137 0x07b0  vga - ok
23:24:30.0184 0x07b0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:24:30.0184 0x07b0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
23:24:30.0184 0x07b0  VgaSave - detected LockedFile.Multi.Generic ( 1 )
23:24:32.0618 0x07b0  Detect skipped due to KSN trusted
23:24:32.0618 0x07b0  VgaSave - ok
23:24:32.0664 0x07b0  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:24:32.0664 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: C82E748660F62A242B2DFAC1442F22A4, sha256: 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E
23:24:32.0664 0x07b0  vhdmp - detected LockedFile.Multi.Generic ( 1 )
23:24:35.0114 0x07b0  Detect skipped due to KSN trusted
23:24:35.0114 0x07b0  vhdmp - ok
23:24:35.0160 0x07b0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:24:35.0160 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
23:24:35.0160 0x07b0  viaide - detected LockedFile.Multi.Generic ( 1 )
23:24:37.0812 0x07b0  Detect skipped due to KSN trusted
23:24:37.0812 0x07b0  viaide - ok
23:24:37.0844 0x07b0  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:24:37.0844 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, sha256: 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2
23:24:37.0844 0x07b0  volmgr - detected LockedFile.Multi.Generic ( 1 )
23:24:40.0293 0x07b0  Detect skipped due to KSN trusted
23:24:40.0293 0x07b0  volmgr - ok
23:24:40.0355 0x07b0  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:24:40.0355 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: 99B0CBB569CA79ACAED8C91461D765FB, sha256: 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B
23:24:40.0355 0x07b0  volmgrx - detected LockedFile.Multi.Generic ( 1 )
23:24:42.0804 0x07b0  Detect skipped due to KSN trusted
23:24:42.0804 0x07b0  volmgrx - ok
23:24:42.0882 0x07b0  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
23:24:42.0882 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58F82EED8CA24B461441F9C3E4F0BF5C, sha256: 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C
23:24:42.0882 0x07b0  volsnap - detected LockedFile.Multi.Generic ( 1 )
23:24:45.0332 0x07b0  Detect skipped due to KSN trusted
23:24:45.0332 0x07b0  volsnap - ok
23:24:45.0394 0x07b0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:24:45.0394 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
23:24:45.0394 0x07b0  vsmraid - detected LockedFile.Multi.Generic ( 1 )
23:24:47.0843 0x07b0  Detect skipped due to KSN trusted
23:24:47.0843 0x07b0  vsmraid - ok
23:24:48.0046 0x07b0  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
23:24:48.0155 0x07b0  VSS - ok
23:24:48.0186 0x07b0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:24:48.0186 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
23:24:48.0186 0x07b0  vwifibus - detected LockedFile.Multi.Generic ( 1 )
23:24:50.0620 0x07b0  Detect skipped due to KSN trusted
23:24:50.0620 0x07b0  vwifibus - ok
23:24:50.0682 0x07b0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:24:50.0682 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
23:24:50.0682 0x07b0  vwififlt - detected LockedFile.Multi.Generic ( 1 )
23:24:53.0132 0x07b0  Detect skipped due to KSN trusted
23:24:53.0132 0x07b0  vwififlt - ok
23:24:53.0194 0x07b0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:24:53.0194 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
23:24:53.0194 0x07b0  vwifimp - detected LockedFile.Multi.Generic ( 1 )
23:24:55.0643 0x07b0  Detect skipped due to KSN trusted
23:24:55.0643 0x07b0  vwifimp - ok
23:24:55.0674 0x07b0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:24:55.0752 0x07b0  W32Time - ok
23:24:55.0784 0x07b0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:24:55.0784 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
23:24:55.0784 0x07b0  WacomPen - detected LockedFile.Multi.Generic ( 1 )
23:24:58.0217 0x07b0  Detect skipped due to KSN trusted
23:24:58.0217 0x07b0  WacomPen - ok
23:24:58.0280 0x07b0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:24:58.0280 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
23:24:58.0280 0x07b0  WANARP - detected LockedFile.Multi.Generic ( 1 )
23:25:00.0713 0x07b0  Detect skipped due to KSN trusted
23:25:00.0713 0x07b0  WANARP - ok
23:25:00.0760 0x07b0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:25:00.0760 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
23:25:00.0760 0x07b0  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
23:25:00.0760 0x07b0  Detect skipped due to KSN trusted
23:25:00.0760 0x07b0  Wanarpv6 - ok
23:25:00.0838 0x07b0  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
23:25:00.0947 0x07b0  wbengine - ok
23:25:00.0978 0x07b0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:25:01.0010 0x07b0  WbioSrvc - ok
23:25:01.0025 0x07b0  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:25:01.0072 0x07b0  wcncsvc - ok
23:25:01.0088 0x07b0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:01.0119 0x07b0  WcsPlugInService - ok
23:25:01.0150 0x07b0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:25:01.0150 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
23:25:01.0150 0x07b0  Wd - detected LockedFile.Multi.Generic ( 1 )
23:25:03.0584 0x07b0  Detect skipped due to KSN trusted
23:25:03.0584 0x07b0  Wd - ok
23:25:03.0662 0x07b0  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:25:03.0662 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
23:25:03.0662 0x07b0  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
23:25:06.0111 0x07b0  Detect skipped due to KSN trusted
23:25:06.0111 0x07b0  Wdf01000 - ok
23:25:06.0158 0x07b0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:25:06.0220 0x07b0  WdiServiceHost - ok
23:25:06.0220 0x07b0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:25:06.0236 0x07b0  WdiSystemHost - ok
23:25:06.0267 0x07b0  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
23:25:06.0314 0x07b0  WebClient - ok
23:25:06.0345 0x07b0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:25:06.0407 0x07b0  Wecsvc - ok
23:25:06.0423 0x07b0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:25:06.0470 0x07b0  wercplsupport - ok
23:25:06.0516 0x07b0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:25:06.0548 0x07b0  WerSvc - ok
23:25:06.0594 0x07b0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:06.0594 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
23:25:06.0594 0x07b0  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
23:25:09.0044 0x07b0  Detect skipped due to KSN trusted
23:25:09.0044 0x07b0  WfpLwf - ok
23:25:09.0090 0x07b0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:25:09.0090 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
23:25:09.0090 0x07b0  WIMMount - detected LockedFile.Multi.Generic ( 1 )
23:25:11.0524 0x07b0  Detect skipped due to KSN trusted
23:25:11.0524 0x07b0  WIMMount - ok
23:25:11.0571 0x07b0  WinDefend - ok
23:25:11.0571 0x07b0  WinHttpAutoProxySvc - ok
23:25:11.0618 0x07b0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:25:11.0696 0x07b0  Winmgmt - ok
23:25:11.0820 0x07b0  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:25:11.0976 0x07b0  WinRM - ok
23:25:12.0039 0x07b0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:25:12.0101 0x07b0  Wlansvc - ok
23:25:12.0257 0x07b0  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:25:12.0335 0x07b0  wlidsvc - ok
23:25:12.0382 0x07b0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:25:12.0398 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
23:25:12.0398 0x07b0  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
23:25:14.0847 0x07b0  Detect skipped due to KSN trusted
23:25:14.0847 0x07b0  WmiAcpi - ok
23:25:14.0909 0x07b0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:25:14.0956 0x07b0  wmiApSrv - ok
23:25:14.0987 0x07b0  WMPNetworkSvc - ok
23:25:15.0003 0x07b0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:25:15.0034 0x07b0  WPCSvc - ok
23:25:15.0050 0x07b0  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:25:15.0081 0x07b0  WPDBusEnum - ok
23:25:15.0112 0x07b0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:25:15.0112 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
23:25:15.0112 0x07b0  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
23:25:17.0561 0x07b0  Detect skipped due to KSN trusted
23:25:17.0561 0x07b0  ws2ifsl - ok
23:25:17.0624 0x07b0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:25:17.0670 0x07b0  wscsvc - ok
23:25:17.0670 0x07b0  WSearch - ok
23:25:17.0795 0x07b0  [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:25:17.0951 0x07b0  wuauserv - ok
23:25:17.0982 0x07b0  [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:25:17.0982 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 7CADC74271DD6461C452C271B30BD378, sha256: D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861
23:25:17.0982 0x07b0  WudfPf - detected LockedFile.Multi.Generic ( 1 )
23:25:20.0416 0x07b0  Detect skipped due to KSN trusted
23:25:20.0416 0x07b0  WudfPf - ok
23:25:20.0478 0x07b0  [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:20.0494 0x07b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3B197AF0FFF08AA66B6B2241CA538D64, sha256: BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79
23:25:20.0494 0x07b0  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
23:25:22.0943 0x07b0  Detect skipped due to KSN trusted
23:25:22.0943 0x07b0  WUDFRd - ok
23:25:22.0990 0x07b0  [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:25:23.0068 0x07b0  wudfsvc - ok
23:25:23.0099 0x07b0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:25:23.0130 0x07b0  WwanSvc - ok
23:25:23.0146 0x07b0  ================ Scan global ===============================
23:25:23.0177 0x07b0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:25:23.0193 0x07b0  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:25:23.0208 0x07b0  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:25:23.0240 0x07b0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:25:23.0286 0x07b0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:25:23.0302 0x07b0  [ Global ] - ok
23:25:23.0302 0x07b0  ================ Scan MBR ==================================
23:25:23.0302 0x07b0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:24.0472 0x07b0  \Device\Harddisk0\DR0 - ok
23:25:24.0472 0x07b0  ================ Scan VBR ==================================
23:25:24.0488 0x07b0  [ C502F4BB1CE2A15E2F3DA9B076B8C751 ] \Device\Harddisk0\DR0\Partition1
23:25:24.0488 0x07b0  \Device\Harddisk0\DR0\Partition1 - ok
23:25:24.0519 0x07b0  [ 8EDDCD5EF53B12440ED58D2DCABDA2AB ] \Device\Harddisk0\DR0\Partition2
23:25:24.0519 0x07b0  \Device\Harddisk0\DR0\Partition2 - ok
23:25:24.0519 0x07b0  ================ Scan generic autorun ======================
23:25:24.0519 0x07b0  SynTPEnh - ok
23:25:24.0597 0x07b0  [ F9EF20F6FDA1444C0864BD7AEDC10CAF, E6A18BD7200E7DE7599753DA27469AEC479A315931956D457547F243FCB92C2A ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
23:25:24.0628 0x07b0  TosSENotify - ok
23:25:24.0644 0x07b0  TosReelTimeMonitor - ok
23:25:24.0644 0x07b0  TosNC - ok
23:25:24.0706 0x07b0  [ BACA0077A128322183F1A323A51EF7E4, 21C72EC574B7C2DD1480036CAD2C5DA15CACE2123A0608AD779292A94EACF39F ] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
23:25:24.0737 0x07b0  Toshiba TEMPRO - ok
23:25:24.0800 0x07b0  [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
23:25:24.0800 0x07b0  SmartAudio - ok
23:25:24.0846 0x07b0  [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
23:25:24.0862 0x07b0  cAudioFilterAgent - ok
23:25:24.0862 0x07b0  TPwrMain - ok
23:25:24.0862 0x07b0  HSON - ok
23:25:24.0862 0x07b0  SmoothView - ok
23:25:24.0878 0x07b0  00TCrdMain - ok
23:25:24.0878 0x07b0  SmartFaceVWatcher - ok
23:25:24.0878 0x07b0  Teco - ok
23:25:24.0878 0x07b0  TosWaitSrv - ok
23:25:24.0909 0x07b0  [ F82483A80D49ACCA81193A294FB233CD, 7EEA9E7F62A92AD98569B1A4F4809D91D7ED671821A738EB75BC6E469DB44494 ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
23:25:24.0909 0x07b0  TosVolRegulator - ok
23:25:24.0956 0x07b0  [ 104A28EA683C17D5470B3934D158142D, 286E7AF73C94D5CCD9F84C83C5343F385290D786D130701C367E56D5681A751C ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
23:25:24.0971 0x07b0  Toshiba Registration - ok
23:25:25.0034 0x07b0  [ 80A02F5ADDDF2D615B85A4F19424DCBB, BBAC2A551CE02625FD7F3944D4EBDC7EF5C9F2C9D698449D77695C2B1DC1CE45 ] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
23:25:25.0065 0x07b0  NBAgent - ok
23:25:25.0112 0x07b0  [ 1846FCC3B3640682C5EAC1B1A42F10F3, 579B94A6CD52DC419C90398512E535FA5097BB4F757EDF171AC1B0EB7742E3FC ] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
23:25:25.0127 0x07b0  Bing Bar - ok
23:25:25.0174 0x07b0  [ 9ED4F1D990A3D16112155EA2D50E7975, D2BAA0ACE51286774D9BC622FEE650AD918DF44AEC0BA1E43D28C1E70408FCBF ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
23:25:25.0190 0x07b0  Microsoft Default Manager - ok
23:25:25.0236 0x07b0  [ 21EE540CC1AC0F16E34BE3D84BF93269, 1A4F67879043DCD622F9280E359D9BB189EF1C2FF23FB101606808740EA25B42 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:25:25.0236 0x07b0  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
23:25:27.0654 0x07b0  Detect skipped due to KSN trusted
23:25:27.0654 0x07b0  StartCCC - ok
23:25:27.0795 0x07b0  [ F7E0783DA9043BC131BB37C77EDB04DF, CD24E9B89789BE57230C52B24E63F29C6E650876E5FB0CB1304390B7E698FF93 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
23:25:27.0873 0x07b0  TWebCamera - ok
23:25:27.0966 0x07b0  [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
23:25:28.0013 0x07b0  ToshibaServiceStation - ok
23:25:28.0060 0x07b0  [ 0600CB2613BEA0C6C0987B58D56D77B9, BFA2AC5BBC90E49A7A1C4D890C79ED4A757CB4C9C8215174F51430962BF346F4 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:25:28.0076 0x07b0  Adobe Reader Speed Launcher - ok
23:25:28.0185 0x07b0  [ B63E5C7807334A3A8F731062F15462CC, F4E501F749C10C44E8F501A34D8DD309892968BE70DA17734267BBCDDC351444 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:25:28.0216 0x07b0  Adobe ARM - ok
23:25:28.0278 0x07b0  [ CA1F035A177457B47F9B7D669FE3E91A, ACA93529F3AFD1F9B51B51A192D69321095465321E4382DD857138F45F37C5F7 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
23:25:28.0278 0x07b0  Avira Systray - ok
23:25:28.0512 0x07b0  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
23:25:28.0528 0x07b0  avgnt - ok
23:25:28.0637 0x07b0  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:25:28.0700 0x07b0  Sidebar - ok
23:25:28.0731 0x07b0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:25:28.0762 0x07b0  mctadmin - ok
23:25:28.0809 0x07b0  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:25:28.0871 0x07b0  Sidebar - ok
23:25:28.0887 0x07b0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:25:28.0902 0x07b0  mctadmin - ok
23:25:29.0121 0x07b0  [ 05973FB5F863CDB65852D88ADB383A33, BD10E37E9B42D03719AA4FE595F44FEB75E0D598E7E36480506AF18D8236F21F ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
23:25:29.0246 0x07b0  TOSHIBA Online Product Information - ok
23:25:29.0261 0x07b0  Waiting for KSN requests completion. In queue: 22
23:25:30.0275 0x07b0  Waiting for KSN requests completion. In queue: 22
23:25:31.0289 0x07b0  Waiting for KSN requests completion. In queue: 22
23:25:32.0381 0x07b0  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
23:25:32.0397 0x07b0  Win FW state via NFP2: enabled
23:25:34.0846 0x07b0  ============================================================
23:25:34.0846 0x07b0  Scan finished
23:25:34.0846 0x07b0  ============================================================
23:25:34.0862 0x06fc  Detected object count: 1
23:25:34.0862 0x06fc  Actual detected object count: 1
23:26:28.0120 0x06fc  C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys - copied to quarantine
23:26:28.0136 0x06fc  HKLM\SYSTEM\ControlSet001\services\cfc5f97f2a26d049 - will be deleted on reboot
23:26:28.0151 0x06fc  HKLM\SYSTEM\ControlSet002\services\cfc5f97f2a26d049 - will be deleted on reboot
23:26:28.0276 0x06fc  C:\Windows\System32\Drivers\cfc5f97f2a26d049.sys - will be deleted on reboot
23:26:28.0276 0x06fc  cfc5f97f2a26d049 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
23:26:28.0370 0x06fc  KLMD registered as C:\Windows\system32\drivers\30251845.sys
23:31:43.0526 0x0cbc  Deinitialize success
         

Alt 05.07.2014, 22:50   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Hast Du die Funde gleich gelöscht? Die Anweisung besagt aber was anderes...

Mach mal bitte ein frisches FRST-Log...

Schritt 1



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 05.07.2014, 22:54   #10
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Code:
ATTFilter
23:52:08.0644 0x0a3c  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
23:52:10.0219 0x0a3c  ============================================================
23:52:10.0219 0x0a3c  Current date / time: 2014/07/05 23:52:10.0219
23:52:10.0219 0x0a3c  SystemInfo:
23:52:10.0219 0x0a3c  
23:52:10.0219 0x0a3c  OS Version: 6.1.7600 ServicePack: 0.0
23:52:10.0219 0x0a3c  Product type: Workstation
23:52:10.0219 0x0a3c  ComputerName: PETRA-TOSH
23:52:10.0219 0x0a3c  UserName: Petra
23:52:10.0219 0x0a3c  Windows directory: C:\Windows
23:52:10.0219 0x0a3c  System windows directory: C:\Windows
23:52:10.0219 0x0a3c  Running under WOW64
23:52:10.0219 0x0a3c  Processor architecture: Intel x64
23:52:10.0219 0x0a3c  Number of processors: 2
23:52:10.0219 0x0a3c  Page size: 0x1000
23:52:10.0219 0x0a3c  Boot type: Normal boot
23:52:10.0219 0x0a3c  ============================================================
23:52:10.0219 0x0a3c  BG loaded
23:52:10.0547 0x0a3c  System UUID: {9F2D0982-1853-3994-21CC-0E64B3CCC0DB}
23:52:11.0062 0x0a3c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:52:11.0062 0x0a3c  ============================================================
23:52:11.0062 0x0a3c  \Device\Harddisk0\DR0:
23:52:11.0062 0x0a3c  MBR partitions:
23:52:11.0062 0x0a3c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x129A1000
23:52:11.0062 0x0a3c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A69800, BlocksNum 0x129C4AB0
23:52:11.0062 0x0a3c  ============================================================
23:52:11.0093 0x0a3c  C: <-> \Device\Harddisk0\DR0\Partition1
23:52:11.0124 0x0a3c  D: <-> \Device\Harddisk0\DR0\Partition2
23:52:11.0124 0x0a3c  ============================================================
23:52:11.0124 0x0a3c  Initialize success
23:52:11.0124 0x0a3c  ============================================================
23:52:14.0026 0x0dbc  ============================================================
23:52:14.0026 0x0dbc  Scan started
23:52:14.0026 0x0dbc  Mode: Manual; 
23:52:14.0026 0x0dbc  ============================================================
23:52:14.0026 0x0dbc  KSN ping started
23:52:16.0896 0x0dbc  KSN ping finished: true
23:52:19.0080 0x0dbc  ================ Scan system memory ========================
23:52:19.0080 0x0dbc  System memory - ok
23:52:19.0080 0x0dbc  ================ Scan services =============================
23:52:19.0299 0x0dbc  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:52:19.0314 0x0dbc  1394ohci - ok
23:52:19.0392 0x0dbc  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:52:19.0408 0x0dbc  ACPI - ok
23:52:19.0455 0x0dbc  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:52:19.0455 0x0dbc  AcpiPmi - ok
23:52:19.0969 0x0dbc  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:52:19.0985 0x0dbc  AdobeFlashPlayerUpdateSvc - ok
23:52:20.0047 0x0dbc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:52:20.0063 0x0dbc  adp94xx - ok
23:52:20.0110 0x0dbc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:52:20.0125 0x0dbc  adpahci - ok
23:52:20.0141 0x0dbc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:52:20.0141 0x0dbc  adpu320 - ok
23:52:20.0188 0x0dbc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:52:20.0188 0x0dbc  AeLookupSvc - ok
23:52:20.0250 0x0dbc  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
23:52:20.0266 0x0dbc  AFD - ok
23:52:20.0344 0x0dbc  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
23:52:20.0375 0x0dbc  AgereSoftModem - ok
23:52:20.0406 0x0dbc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:52:20.0406 0x0dbc  agp440 - ok
23:52:20.0437 0x0dbc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:52:20.0437 0x0dbc  ALG - ok
23:52:20.0453 0x0dbc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:52:20.0453 0x0dbc  aliide - ok
23:52:20.0515 0x0dbc  [ 61A18BCAF557CD6614309E4978B81056, 4481B4276E7F6790D7BF4D9DC3C172BCA037BF6A30D5CE4E0190585F669FA4EC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:52:20.0531 0x0dbc  AMD External Events Utility - ok
23:52:20.0562 0x0dbc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:52:20.0562 0x0dbc  amdide - ok
23:52:20.0593 0x0dbc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:52:20.0593 0x0dbc  AmdK8 - ok
23:52:20.0905 0x0dbc  [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:21.0155 0x0dbc  amdkmdag - ok
23:52:21.0217 0x0dbc  [ ED25D58581B5A28593C277F482FCCD62, EC20DF155BA3814A052DD4DB1B5C220A75E68B9D88518ED676A12CF70AF619F5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:52:21.0217 0x0dbc  amdkmdap - ok
23:52:21.0233 0x0dbc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:52:21.0233 0x0dbc  AmdPPM - ok
23:52:21.0249 0x0dbc  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
23:52:21.0264 0x0dbc  amdsata - ok
23:52:21.0311 0x0dbc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:52:21.0311 0x0dbc  amdsbs - ok
23:52:21.0327 0x0dbc  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
23:52:21.0342 0x0dbc  amdxata - ok
23:52:21.0576 0x0dbc  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:52:21.0592 0x0dbc  AntiVirSchedulerService - ok
23:52:21.0654 0x0dbc  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:52:21.0670 0x0dbc  AntiVirService - ok
23:52:21.0717 0x0dbc  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
23:52:21.0717 0x0dbc  AppID - ok
23:52:21.0763 0x0dbc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:52:21.0763 0x0dbc  AppIDSvc - ok
23:52:21.0795 0x0dbc  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
23:52:21.0795 0x0dbc  Appinfo - ok
23:52:21.0826 0x0dbc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:52:21.0826 0x0dbc  arc - ok
23:52:21.0857 0x0dbc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:52:21.0857 0x0dbc  arcsas - ok
23:52:21.0888 0x0dbc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:52:21.0888 0x0dbc  AsyncMac - ok
23:52:21.0935 0x0dbc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:52:21.0935 0x0dbc  atapi - ok
23:52:22.0231 0x0dbc  [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:22.0387 0x0dbc  atikmdag - ok
23:52:22.0434 0x0dbc  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:52:22.0465 0x0dbc  AudioEndpointBuilder - ok
23:52:22.0497 0x0dbc  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:52:22.0512 0x0dbc  AudioSrv - ok
23:52:22.0559 0x0dbc  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:52:22.0559 0x0dbc  avgntflt - ok
23:52:22.0590 0x0dbc  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:52:22.0606 0x0dbc  avipbb - ok
23:52:22.0699 0x0dbc  [ BC38AB90A166625BA160941D64906A65, 005E3CBB6F3ED8748B6A69DD5D0A8894973344F603CB6E46B551AB028119D8DC ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
23:52:22.0699 0x0dbc  Avira.OE.ServiceHost - ok
23:52:22.0715 0x0dbc  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:52:22.0715 0x0dbc  avkmgr - ok
23:52:22.0746 0x0dbc  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:52:22.0762 0x0dbc  AxInstSV - ok
23:52:22.0793 0x0dbc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:52:22.0809 0x0dbc  b06bdrv - ok
23:52:22.0855 0x0dbc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:52:22.0855 0x0dbc  b57nd60a - ok
23:52:22.0902 0x0dbc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:52:22.0918 0x0dbc  BDESVC - ok
23:52:22.0933 0x0dbc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:52:22.0933 0x0dbc  Beep - ok
23:52:23.0027 0x0dbc  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
23:52:23.0043 0x0dbc  BFE - ok
23:52:23.0089 0x0dbc  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
23:52:23.0121 0x0dbc  BITS - ok
23:52:23.0152 0x0dbc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:52:23.0152 0x0dbc  blbdrive - ok
23:52:23.0167 0x0dbc  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:52:23.0167 0x0dbc  bowser - ok
23:52:23.0183 0x0dbc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:52:23.0183 0x0dbc  BrFiltLo - ok
23:52:23.0183 0x0dbc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:52:23.0183 0x0dbc  BrFiltUp - ok
23:52:23.0245 0x0dbc  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
23:52:23.0245 0x0dbc  Browser - ok
23:52:23.0277 0x0dbc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:52:23.0292 0x0dbc  Brserid - ok
23:52:23.0308 0x0dbc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:52:23.0308 0x0dbc  BrSerWdm - ok
23:52:23.0323 0x0dbc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:52:23.0323 0x0dbc  BrUsbMdm - ok
23:52:23.0339 0x0dbc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:52:23.0339 0x0dbc  BrUsbSer - ok
23:52:23.0355 0x0dbc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:52:23.0355 0x0dbc  BTHMODEM - ok
23:52:23.0386 0x0dbc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:52:23.0386 0x0dbc  bthserv - ok
23:52:23.0433 0x0dbc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:52:23.0433 0x0dbc  cdfs - ok
23:52:23.0464 0x0dbc  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:52:23.0464 0x0dbc  cdrom - ok
23:52:23.0495 0x0dbc  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:52:23.0511 0x0dbc  CertPropSvc - ok
23:52:23.0604 0x0dbc  [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:52:23.0620 0x0dbc  cfWiMAXService - ok
23:52:23.0651 0x0dbc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:52:23.0651 0x0dbc  circlass - ok
23:52:23.0698 0x0dbc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:52:23.0713 0x0dbc  CLFS - ok
23:52:23.0791 0x0dbc  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:52:23.0791 0x0dbc  clr_optimization_v2.0.50727_32 - ok
23:52:23.0823 0x0dbc  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:52:23.0838 0x0dbc  clr_optimization_v2.0.50727_64 - ok
23:52:23.0869 0x0dbc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:52:23.0869 0x0dbc  CmBatt - ok
23:52:23.0869 0x0dbc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:52:23.0869 0x0dbc  cmdide - ok
23:52:23.0947 0x0dbc  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:52:23.0979 0x0dbc  CNG - ok
23:52:24.0072 0x0dbc  [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:52:24.0088 0x0dbc  CnxtHdAudService - ok
23:52:24.0119 0x0dbc  [ 89C99AB4AE9535F727791592D84D4821, 4DE537467CC39BF3532EDDA3FE0F054654B369D8BBA8B3356FA7D2E8CB374493 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys
23:52:24.0135 0x0dbc  CnxtHdmiAudService - ok
23:52:24.0166 0x0dbc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:52:24.0166 0x0dbc  Compbatt - ok
23:52:24.0197 0x0dbc  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:52:24.0197 0x0dbc  CompositeBus - ok
23:52:24.0213 0x0dbc  COMSysApp - ok
23:52:24.0244 0x0dbc  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:52:24.0244 0x0dbc  ConfigFree Service - ok
23:52:24.0259 0x0dbc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:52:24.0259 0x0dbc  crcdisk - ok
23:52:24.0322 0x0dbc  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:52:24.0322 0x0dbc  CryptSvc - ok
23:52:24.0369 0x0dbc  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:52:24.0384 0x0dbc  DcomLaunch - ok
23:52:24.0431 0x0dbc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:52:24.0431 0x0dbc  defragsvc - ok
23:52:24.0478 0x0dbc  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:52:24.0478 0x0dbc  DfsC - ok
23:52:24.0540 0x0dbc  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:52:24.0556 0x0dbc  Dhcp - ok
23:52:24.0571 0x0dbc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:52:24.0571 0x0dbc  discache - ok
23:52:24.0618 0x0dbc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:52:24.0618 0x0dbc  Disk - ok
23:52:24.0665 0x0dbc  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:52:24.0665 0x0dbc  Dnscache - ok
23:52:24.0696 0x0dbc  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:52:24.0696 0x0dbc  dot3svc - ok
23:52:24.0743 0x0dbc  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
23:52:24.0743 0x0dbc  DPS - ok
23:52:24.0774 0x0dbc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:52:24.0774 0x0dbc  drmkaud - ok
23:52:24.0837 0x0dbc  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:52:24.0852 0x0dbc  DXGKrnl - ok
23:52:24.0899 0x0dbc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:52:24.0899 0x0dbc  EapHost - ok
23:52:25.0055 0x0dbc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:52:25.0133 0x0dbc  ebdrv - ok
23:52:25.0180 0x0dbc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
23:52:25.0180 0x0dbc  EFS - ok
23:52:25.0242 0x0dbc  [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:52:25.0258 0x0dbc  ehRecvr - ok
23:52:25.0273 0x0dbc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:52:25.0273 0x0dbc  ehSched - ok
23:52:25.0320 0x0dbc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:52:25.0320 0x0dbc  elxstor - ok
23:52:25.0336 0x0dbc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:52:25.0336 0x0dbc  ErrDev - ok
23:52:25.0398 0x0dbc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:52:25.0414 0x0dbc  EventSystem - ok
23:52:25.0429 0x0dbc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:52:25.0429 0x0dbc  exfat - ok
23:52:25.0476 0x0dbc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:52:25.0476 0x0dbc  fastfat - ok
23:52:25.0539 0x0dbc  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
23:52:25.0554 0x0dbc  Fax - ok
23:52:25.0570 0x0dbc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:52:25.0570 0x0dbc  fdc - ok
23:52:25.0585 0x0dbc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:52:25.0585 0x0dbc  fdPHost - ok
23:52:25.0617 0x0dbc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:52:25.0617 0x0dbc  FDResPub - ok
23:52:25.0648 0x0dbc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:52:25.0648 0x0dbc  FileInfo - ok
23:52:25.0679 0x0dbc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:52:25.0679 0x0dbc  Filetrace - ok
23:52:25.0695 0x0dbc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:52:25.0695 0x0dbc  flpydisk - ok
23:52:25.0741 0x0dbc  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:52:25.0757 0x0dbc  FltMgr - ok
23:52:25.0819 0x0dbc  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
23:52:25.0851 0x0dbc  FontCache - ok
23:52:25.0882 0x0dbc  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:52:25.0897 0x0dbc  FontCache3.0.0.0 - ok
23:52:25.0913 0x0dbc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:52:25.0913 0x0dbc  FsDepends - ok
23:52:25.0944 0x0dbc  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:52:25.0944 0x0dbc  Fs_Rec - ok
23:52:25.0975 0x0dbc  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:52:25.0991 0x0dbc  fvevol - ok
23:52:26.0038 0x0dbc  [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
23:52:26.0038 0x0dbc  FwLnk - ok
23:52:26.0053 0x0dbc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:52:26.0053 0x0dbc  gagp30kx - ok
23:52:26.0131 0x0dbc  [ 1A0B9D84BEB3306F728BC3009D432F5C, 66BCE24D679A312148141F55D0F10BD0F771261CC481B81D6921448CA77F0974 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
23:52:26.0147 0x0dbc  GameConsoleService - ok
23:52:26.0241 0x0dbc  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:52:26.0256 0x0dbc  gpsvc - ok
23:52:26.0287 0x0dbc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:52:26.0287 0x0dbc  hcw85cir - ok
23:52:26.0334 0x0dbc  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:52:26.0334 0x0dbc  HdAudAddService - ok
23:52:26.0365 0x0dbc  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:52:26.0365 0x0dbc  HDAudBus - ok
23:52:26.0412 0x0dbc  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:52:26.0412 0x0dbc  HECIx64 - ok
23:52:26.0428 0x0dbc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:52:26.0428 0x0dbc  HidBatt - ok
23:52:26.0459 0x0dbc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:52:26.0459 0x0dbc  HidBth - ok
23:52:26.0475 0x0dbc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:52:26.0475 0x0dbc  HidIr - ok
23:52:26.0506 0x0dbc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:52:26.0506 0x0dbc  hidserv - ok
23:52:26.0537 0x0dbc  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:52:26.0537 0x0dbc  HidUsb - ok
23:52:26.0553 0x0dbc  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:52:26.0568 0x0dbc  hkmsvc - ok
23:52:26.0584 0x0dbc  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:52:26.0599 0x0dbc  HomeGroupListener - ok
23:52:26.0631 0x0dbc  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:52:26.0631 0x0dbc  HomeGroupProvider - ok
23:52:26.0677 0x0dbc  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:52:26.0677 0x0dbc  HpSAMD - ok
23:52:26.0709 0x0dbc  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:52:26.0724 0x0dbc  HTTP - ok
23:52:26.0755 0x0dbc  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:52:26.0755 0x0dbc  hwpolicy - ok
23:52:26.0787 0x0dbc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:52:26.0787 0x0dbc  i8042prt - ok
23:52:26.0880 0x0dbc  [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:52:26.0896 0x0dbc  iaStor - ok
23:52:26.0958 0x0dbc  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
23:52:26.0974 0x0dbc  iaStorV - ok
23:52:27.0036 0x0dbc  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:52:27.0067 0x0dbc  idsvc - ok
23:52:27.0083 0x0dbc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:52:27.0083 0x0dbc  iirsp - ok
23:52:27.0130 0x0dbc  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:52:27.0145 0x0dbc  IKEEXT - ok
23:52:27.0177 0x0dbc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:52:27.0177 0x0dbc  intelide - ok
23:52:27.0208 0x0dbc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:52:27.0208 0x0dbc  intelppm - ok
23:52:27.0223 0x0dbc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:52:27.0223 0x0dbc  IPBusEnum - ok
23:52:27.0255 0x0dbc  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:52:27.0255 0x0dbc  IpFilterDriver - ok
23:52:27.0286 0x0dbc  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:52:27.0301 0x0dbc  iphlpsvc - ok
23:52:27.0317 0x0dbc  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:52:27.0333 0x0dbc  IPMIDRV - ok
23:52:27.0333 0x0dbc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:52:27.0348 0x0dbc  IPNAT - ok
23:52:27.0379 0x0dbc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:52:27.0379 0x0dbc  IRENUM - ok
23:52:27.0411 0x0dbc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:52:27.0411 0x0dbc  isapnp - ok
23:52:27.0442 0x0dbc  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:52:27.0442 0x0dbc  iScsiPrt - ok
23:52:27.0489 0x0dbc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:52:27.0489 0x0dbc  kbdclass - ok
23:52:27.0520 0x0dbc  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:52:27.0520 0x0dbc  kbdhid - ok
23:52:27.0535 0x0dbc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
23:52:27.0535 0x0dbc  KeyIso - ok
23:52:27.0567 0x0dbc  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:52:27.0567 0x0dbc  KSecDD - ok
23:52:27.0582 0x0dbc  [ A8C63880EF6F4D3FEC7B616B9C060215, 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:52:27.0582 0x0dbc  KSecPkg - ok
23:52:27.0598 0x0dbc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:52:27.0598 0x0dbc  ksthunk - ok
23:52:27.0645 0x0dbc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:52:27.0645 0x0dbc  KtmRm - ok
23:52:27.0707 0x0dbc  [ 55480B9C63F3F91A8EBBADCBF28FE581, 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:52:27.0707 0x0dbc  L1C - ok
23:52:27.0754 0x0dbc  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:52:27.0769 0x0dbc  LanmanServer - ok
23:52:27.0785 0x0dbc  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:52:27.0785 0x0dbc  LanmanWorkstation - ok
23:52:27.0816 0x0dbc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:52:27.0832 0x0dbc  lltdio - ok
23:52:27.0863 0x0dbc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:52:27.0879 0x0dbc  lltdsvc - ok
23:52:27.0894 0x0dbc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:52:27.0894 0x0dbc  lmhosts - ok
23:52:27.0957 0x0dbc  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:52:27.0972 0x0dbc  LMS - ok
23:52:28.0035 0x0dbc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:52:28.0035 0x0dbc  LSI_FC - ok
23:52:28.0066 0x0dbc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:52:28.0066 0x0dbc  LSI_SAS - ok
23:52:28.0113 0x0dbc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:52:28.0113 0x0dbc  LSI_SAS2 - ok
23:52:28.0128 0x0dbc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:52:28.0128 0x0dbc  LSI_SCSI - ok
23:52:28.0175 0x0dbc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:52:28.0191 0x0dbc  luafv - ok
23:52:28.0237 0x0dbc  [ B96CE1C01E17DA93AE6831587700B04B, 1C188D843A9A3DD87954494A6E57830FC6A413F587FC3DD7727368122126ADF1 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:52:28.0237 0x0dbc  MBAMSwissArmy - ok
23:52:28.0269 0x0dbc  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:52:28.0284 0x0dbc  Mcx2Svc - ok
23:52:28.0378 0x0dbc  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:52:28.0393 0x0dbc  MDM - ok
23:52:28.0409 0x0dbc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:52:28.0409 0x0dbc  megasas - ok
23:52:28.0425 0x0dbc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:52:28.0425 0x0dbc  MegaSR - ok
23:52:28.0471 0x0dbc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:52:28.0471 0x0dbc  MMCSS - ok
23:52:28.0503 0x0dbc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:52:28.0503 0x0dbc  Modem - ok
23:52:28.0534 0x0dbc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:52:28.0534 0x0dbc  monitor - ok
23:52:28.0565 0x0dbc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:52:28.0565 0x0dbc  mouclass - ok
23:52:28.0581 0x0dbc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:52:28.0581 0x0dbc  mouhid - ok
23:52:28.0612 0x0dbc  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:52:28.0612 0x0dbc  mountmgr - ok
23:52:28.0627 0x0dbc  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:52:28.0627 0x0dbc  mpio - ok
23:52:28.0690 0x0dbc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:52:28.0690 0x0dbc  mpsdrv - ok
23:52:28.0752 0x0dbc  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:52:28.0768 0x0dbc  MpsSvc - ok
23:52:28.0783 0x0dbc  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:52:28.0783 0x0dbc  MRxDAV - ok
23:52:28.0799 0x0dbc  [ 767A4C3BCF9410C286CED15A2DB17108, D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:52:28.0815 0x0dbc  mrxsmb - ok
23:52:28.0830 0x0dbc  [ 920EE0FF995FCFDEB08C41605A959E1C, 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:52:28.0830 0x0dbc  mrxsmb10 - ok
23:52:28.0861 0x0dbc  [ 740D7EA9D72C981510A5292CF6ADC941, C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:52:28.0861 0x0dbc  mrxsmb20 - ok
23:52:28.0877 0x0dbc  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:52:28.0877 0x0dbc  msahci - ok
23:52:28.0893 0x0dbc  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:52:28.0893 0x0dbc  msdsm - ok
23:52:28.0924 0x0dbc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:52:28.0924 0x0dbc  MSDTC - ok
23:52:28.0939 0x0dbc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:52:28.0939 0x0dbc  Msfs - ok
23:52:28.0971 0x0dbc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:52:28.0971 0x0dbc  mshidkmdf - ok
23:52:28.0986 0x0dbc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:52:28.0986 0x0dbc  msisadrv - ok
23:52:29.0033 0x0dbc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:52:29.0033 0x0dbc  MSiSCSI - ok
23:52:29.0033 0x0dbc  msiserver - ok
23:52:29.0064 0x0dbc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:52:29.0064 0x0dbc  MSKSSRV - ok
23:52:29.0095 0x0dbc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:52:29.0095 0x0dbc  MSPCLOCK - ok
23:52:29.0095 0x0dbc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:52:29.0095 0x0dbc  MSPQM - ok
23:52:29.0127 0x0dbc  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:52:29.0127 0x0dbc  MsRPC - ok
23:52:29.0158 0x0dbc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:52:29.0158 0x0dbc  mssmbios - ok
23:52:29.0205 0x0dbc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:52:29.0205 0x0dbc  MSTEE - ok
23:52:29.0220 0x0dbc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:52:29.0220 0x0dbc  MTConfig - ok
23:52:29.0236 0x0dbc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:52:29.0236 0x0dbc  Mup - ok
23:52:29.0267 0x0dbc  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
23:52:29.0283 0x0dbc  napagent - ok
23:52:29.0345 0x0dbc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:52:29.0361 0x0dbc  NativeWifiP - ok
23:52:29.0407 0x0dbc  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:52:29.0423 0x0dbc  NDIS - ok
23:52:29.0454 0x0dbc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:52:29.0470 0x0dbc  NdisCap - ok
23:52:29.0485 0x0dbc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:52:29.0485 0x0dbc  NdisTapi - ok
23:52:29.0517 0x0dbc  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:52:29.0517 0x0dbc  Ndisuio - ok
23:52:29.0548 0x0dbc  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:52:29.0548 0x0dbc  NdisWan - ok
23:52:29.0563 0x0dbc  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:52:29.0563 0x0dbc  NDProxy - ok
23:52:29.0641 0x0dbc  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:52:29.0673 0x0dbc  Nero BackItUp Scheduler 4.0 - ok
23:52:29.0719 0x0dbc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:52:29.0719 0x0dbc  NetBIOS - ok
23:52:29.0735 0x0dbc  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:52:29.0751 0x0dbc  NetBT - ok
23:52:29.0766 0x0dbc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
23:52:29.0766 0x0dbc  Netlogon - ok
23:52:29.0797 0x0dbc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:52:29.0813 0x0dbc  Netman - ok
23:52:29.0844 0x0dbc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:52:29.0860 0x0dbc  netprofm - ok
23:52:29.0891 0x0dbc  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:52:29.0891 0x0dbc  NetTcpPortSharing - ok
23:52:29.0938 0x0dbc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:52:29.0938 0x0dbc  nfrd960 - ok
23:52:29.0969 0x0dbc  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:52:29.0985 0x0dbc  NlaSvc - ok
23:52:30.0000 0x0dbc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:52:30.0016 0x0dbc  Npfs - ok
23:52:30.0047 0x0dbc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:52:30.0047 0x0dbc  nsi - ok
23:52:30.0063 0x0dbc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:52:30.0063 0x0dbc  nsiproxy - ok
23:52:30.0172 0x0dbc  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:52:30.0203 0x0dbc  Ntfs - ok
23:52:30.0250 0x0dbc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:52:30.0250 0x0dbc  Null - ok
23:52:30.0312 0x0dbc  [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
23:52:30.0312 0x0dbc  nvraid - ok
23:52:30.0343 0x0dbc  [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
23:52:30.0359 0x0dbc  nvstor - ok
23:52:30.0390 0x0dbc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:52:30.0390 0x0dbc  nv_agp - ok
23:52:30.0421 0x0dbc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:52:30.0421 0x0dbc  ohci1394 - ok
23:52:30.0453 0x0dbc  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:52:30.0468 0x0dbc  ose - ok
23:52:30.0499 0x0dbc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:52:30.0515 0x0dbc  p2pimsvc - ok
23:52:30.0546 0x0dbc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:52:30.0562 0x0dbc  p2psvc - ok
23:52:30.0577 0x0dbc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:52:30.0577 0x0dbc  Parport - ok
23:52:30.0609 0x0dbc  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:52:30.0609 0x0dbc  partmgr - ok
23:52:30.0640 0x0dbc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:52:30.0640 0x0dbc  PcaSvc - ok
23:52:30.0671 0x0dbc  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:52:30.0687 0x0dbc  pci - ok
23:52:30.0687 0x0dbc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:52:30.0702 0x0dbc  pciide - ok
23:52:30.0718 0x0dbc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:52:30.0718 0x0dbc  pcmcia - ok
23:52:30.0765 0x0dbc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:52:30.0765 0x0dbc  pcw - ok
23:52:30.0796 0x0dbc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:52:30.0811 0x0dbc  PEAUTH - ok
23:52:30.0874 0x0dbc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:52:30.0874 0x0dbc  PerfHost - ok
23:52:30.0905 0x0dbc  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
23:52:30.0905 0x0dbc  PGEffect - ok
23:52:30.0983 0x0dbc  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
23:52:31.0030 0x0dbc  pla - ok
23:52:31.0077 0x0dbc  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:52:31.0077 0x0dbc  PlugPlay - ok
23:52:31.0108 0x0dbc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:52:31.0108 0x0dbc  PNRPAutoReg - ok
23:52:31.0139 0x0dbc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:52:31.0139 0x0dbc  PNRPsvc - ok
23:52:31.0186 0x0dbc  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:52:31.0201 0x0dbc  PolicyAgent - ok
23:52:31.0233 0x0dbc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:52:31.0233 0x0dbc  Power - ok
23:52:31.0279 0x0dbc  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:52:31.0279 0x0dbc  PptpMiniport - ok
23:52:31.0295 0x0dbc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:52:31.0295 0x0dbc  Processor - ok
23:52:31.0326 0x0dbc  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
23:52:31.0342 0x0dbc  ProfSvc - ok
23:52:31.0357 0x0dbc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:52:31.0357 0x0dbc  ProtectedStorage - ok
23:52:31.0389 0x0dbc  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:52:31.0389 0x0dbc  Psched - ok
23:52:31.0451 0x0dbc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:52:31.0482 0x0dbc  ql2300 - ok
23:52:31.0513 0x0dbc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:52:31.0513 0x0dbc  ql40xx - ok
23:52:31.0545 0x0dbc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:52:31.0560 0x0dbc  QWAVE - ok
23:52:31.0560 0x0dbc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:52:31.0576 0x0dbc  QWAVEdrv - ok
23:52:31.0591 0x0dbc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:52:31.0607 0x0dbc  RasAcd - ok
23:52:31.0638 0x0dbc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:52:31.0638 0x0dbc  RasAgileVpn - ok
23:52:31.0654 0x0dbc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:52:31.0654 0x0dbc  RasAuto - ok
23:52:31.0685 0x0dbc  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:52:31.0701 0x0dbc  Rasl2tp - ok
23:52:31.0732 0x0dbc  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
23:52:31.0747 0x0dbc  RasMan - ok
23:52:31.0779 0x0dbc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:52:31.0779 0x0dbc  RasPppoe - ok
23:52:31.0794 0x0dbc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:52:31.0794 0x0dbc  RasSstp - ok
23:52:31.0825 0x0dbc  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:52:31.0841 0x0dbc  rdbss - ok
23:52:31.0857 0x0dbc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:52:31.0857 0x0dbc  rdpbus - ok
23:52:31.0872 0x0dbc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:52:31.0872 0x0dbc  RDPCDD - ok
23:52:31.0903 0x0dbc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:52:31.0903 0x0dbc  RDPENCDD - ok
23:52:31.0903 0x0dbc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:52:31.0903 0x0dbc  RDPREFMP - ok
23:52:31.0935 0x0dbc  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:52:31.0935 0x0dbc  RDPWD - ok
23:52:31.0981 0x0dbc  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:52:31.0997 0x0dbc  rdyboost - ok
23:52:32.0028 0x0dbc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:52:32.0044 0x0dbc  RemoteAccess - ok
23:52:32.0075 0x0dbc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:52:32.0075 0x0dbc  RemoteRegistry - ok
23:52:32.0106 0x0dbc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:52:32.0106 0x0dbc  RpcEptMapper - ok
23:52:32.0137 0x0dbc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:52:32.0137 0x0dbc  RpcLocator - ok
23:52:32.0169 0x0dbc  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
23:52:32.0184 0x0dbc  RpcSs - ok
23:52:32.0231 0x0dbc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:52:32.0231 0x0dbc  rspndr - ok
23:52:32.0293 0x0dbc  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
23:52:32.0293 0x0dbc  RSUSBSTOR - ok
23:52:32.0371 0x0dbc  [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
23:52:32.0403 0x0dbc  rtl8192se - ok
23:52:32.0418 0x0dbc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
23:52:32.0418 0x0dbc  SamSs - ok
23:52:32.0449 0x0dbc  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:52:32.0449 0x0dbc  sbp2port - ok
23:52:32.0481 0x0dbc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:52:32.0481 0x0dbc  SCardSvr - ok
23:52:32.0496 0x0dbc  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:52:32.0496 0x0dbc  scfilter - ok
23:52:32.0559 0x0dbc  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
23:52:32.0574 0x0dbc  Schedule - ok
23:52:32.0605 0x0dbc  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:52:32.0605 0x0dbc  SCPolicySvc - ok
23:52:32.0637 0x0dbc  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:52:32.0637 0x0dbc  SDRSVC - ok
23:52:32.0715 0x0dbc  [ 3E0CFF5F0A9D23E327703D72CEA5253F, AC307AB7E9A2B7E078DE5AC4CD9EA00F159BB07605410B8C0DBC046ABBB5C654 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:52:32.0730 0x0dbc  SeaPort - ok
23:52:32.0761 0x0dbc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:52:32.0761 0x0dbc  secdrv - ok
23:52:32.0793 0x0dbc  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
23:52:32.0793 0x0dbc  seclogon - ok
23:52:32.0808 0x0dbc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:52:32.0808 0x0dbc  SENS - ok
23:52:32.0824 0x0dbc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:52:32.0839 0x0dbc  SensrSvc - ok
23:52:32.0855 0x0dbc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:52:32.0855 0x0dbc  Serenum - ok
23:52:32.0871 0x0dbc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:52:32.0871 0x0dbc  Serial - ok
23:52:32.0886 0x0dbc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:52:32.0886 0x0dbc  sermouse - ok
23:52:32.0933 0x0dbc  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:52:32.0933 0x0dbc  SessionEnv - ok
23:52:32.0949 0x0dbc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:52:32.0964 0x0dbc  sffdisk - ok
23:52:32.0980 0x0dbc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:52:32.0980 0x0dbc  sffp_mmc - ok
23:52:32.0995 0x0dbc  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:52:32.0995 0x0dbc  sffp_sd - ok
23:52:33.0011 0x0dbc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:52:33.0011 0x0dbc  sfloppy - ok
23:52:33.0042 0x0dbc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:52:33.0058 0x0dbc  SharedAccess - ok
23:52:33.0089 0x0dbc  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:52:33.0105 0x0dbc  ShellHWDetection - ok
23:52:33.0120 0x0dbc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:52:33.0120 0x0dbc  SiSRaid2 - ok
23:52:33.0151 0x0dbc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:52:33.0151 0x0dbc  SiSRaid4 - ok
23:52:33.0183 0x0dbc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:52:33.0183 0x0dbc  Smb - ok
23:52:33.0229 0x0dbc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:52:33.0229 0x0dbc  SNMPTRAP - ok
23:52:33.0276 0x0dbc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:52:33.0276 0x0dbc  spldr - ok
23:52:33.0307 0x0dbc  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
23:52:33.0323 0x0dbc  Spooler - ok
23:52:33.0479 0x0dbc  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:52:33.0557 0x0dbc  sppsvc - ok
23:52:33.0573 0x0dbc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:52:33.0573 0x0dbc  sppuinotify - ok
23:52:33.0619 0x0dbc  [ 37C3ABC2338010E110D2A6A3930F3149, EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:52:33.0619 0x0dbc  srv - ok
23:52:33.0651 0x0dbc  [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:52:33.0651 0x0dbc  srv2 - ok
23:52:33.0697 0x0dbc  [ CCE32BB223E9FF55D241099A858FA889, A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:52:33.0713 0x0dbc  srvnet - ok
23:52:33.0760 0x0dbc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:52:33.0760 0x0dbc  SSDPSRV - ok
23:52:33.0775 0x0dbc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:52:33.0791 0x0dbc  SstpSvc - ok
23:52:33.0822 0x0dbc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:52:33.0822 0x0dbc  stexstor - ok
23:52:33.0869 0x0dbc  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
23:52:33.0885 0x0dbc  stisvc - ok
23:52:33.0916 0x0dbc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:52:33.0916 0x0dbc  swenum - ok
23:52:33.0963 0x0dbc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:52:33.0978 0x0dbc  swprv - ok
23:52:34.0009 0x0dbc  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:52:34.0025 0x0dbc  SynTP - ok
23:52:34.0103 0x0dbc  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
23:52:34.0165 0x0dbc  SysMain - ok
23:52:34.0197 0x0dbc  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:52:34.0197 0x0dbc  TabletInputService - ok
23:52:34.0228 0x0dbc  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:52:34.0228 0x0dbc  TapiSrv - ok
23:52:34.0259 0x0dbc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:52:34.0259 0x0dbc  TBS - ok
23:52:34.0353 0x0dbc  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:52:34.0399 0x0dbc  Tcpip - ok
23:52:34.0509 0x0dbc  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:52:34.0540 0x0dbc  TCPIP6 - ok
23:52:34.0587 0x0dbc  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:52:34.0587 0x0dbc  tcpipreg - ok
23:52:34.0633 0x0dbc  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:52:34.0633 0x0dbc  tdcmdpst - ok
23:52:34.0633 0x0dbc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:52:34.0633 0x0dbc  TDPIPE - ok
23:52:34.0665 0x0dbc  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:52:34.0665 0x0dbc  TDTCP - ok
23:52:34.0696 0x0dbc  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:52:34.0696 0x0dbc  tdx - ok
23:52:34.0774 0x0dbc  [ 1B43FDBFE5A98F6B3D90595C6B2E5277, B13068E99FD301887C12EACDB94DB0B87F1186569AEAD65C1553E74B462EE972 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
23:52:34.0774 0x0dbc  TemproMonitoringService - ok
23:52:34.0821 0x0dbc  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:52:34.0821 0x0dbc  TermDD - ok
23:52:34.0867 0x0dbc  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
23:52:34.0883 0x0dbc  TermService - ok
23:52:34.0899 0x0dbc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:52:34.0899 0x0dbc  Themes - ok
23:52:34.0914 0x0dbc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:52:34.0914 0x0dbc  THREADORDER - ok
23:52:34.0961 0x0dbc  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:52:34.0977 0x0dbc  TMachInfo - ok
23:52:35.0008 0x0dbc  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
23:52:35.0023 0x0dbc  TODDSrv - ok
23:52:35.0101 0x0dbc  [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:52:35.0117 0x0dbc  TosCoSrv - ok
23:52:35.0195 0x0dbc  [ 3E6756677E16532D235C6CB20614F369, 97CA12C3B7B535307EADA0093394BF1682BDD10A14D392BD187BD3E7B9A19B93 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
23:52:35.0211 0x0dbc  TOSHIBA eco Utility Service - ok
23:52:35.0289 0x0dbc  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:52:35.0289 0x0dbc  TOSHIBA HDD SSD Alert Service - ok
23:52:35.0382 0x0dbc  [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
23:52:35.0398 0x0dbc  TPCHSrv - ok
23:52:35.0429 0x0dbc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:52:35.0429 0x0dbc  TrkWks - ok
23:52:35.0491 0x0dbc  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:52:35.0491 0x0dbc  TrustedInstaller - ok
23:52:35.0523 0x0dbc  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:35.0523 0x0dbc  tssecsrv - ok
23:52:35.0569 0x0dbc  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:52:35.0569 0x0dbc  tunnel - ok
23:52:35.0616 0x0dbc  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:52:35.0616 0x0dbc  TVALZ - ok
23:52:35.0663 0x0dbc  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
23:52:35.0663 0x0dbc  TVALZFL - ok
23:52:35.0694 0x0dbc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:52:35.0694 0x0dbc  uagp35 - ok
23:52:35.0710 0x0dbc  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:52:35.0725 0x0dbc  udfs - ok
23:52:35.0757 0x0dbc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:52:35.0757 0x0dbc  UI0Detect - ok
23:52:35.0788 0x0dbc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:52:35.0788 0x0dbc  uliagpkx - ok
23:52:35.0819 0x0dbc  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:52:35.0819 0x0dbc  umbus - ok
23:52:35.0819 0x0dbc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:52:35.0835 0x0dbc  UmPass - ok
23:52:35.0975 0x0dbc  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:52:36.0037 0x0dbc  UNS - ok
23:52:36.0069 0x0dbc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:52:36.0084 0x0dbc  upnphost - ok
23:52:36.0115 0x0dbc  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:36.0115 0x0dbc  usbccgp - ok
23:52:36.0131 0x0dbc  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:52:36.0131 0x0dbc  usbcir - ok
23:52:36.0147 0x0dbc  [ CB490987A7F6928A04BB838E3BD8A936, 51D1E6A6F17A8482B526668032CC9F563F655C2EC413101566187CE8D7B6B5F4 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:52:36.0147 0x0dbc  usbehci - ok
23:52:36.0209 0x0dbc  [ 18124EF0A881A00EE222D02A3EE30270, 8FBD652F03C5F114BD3661BFA9A5D2A56CE5F5C8D67A5876409E0B055D97D038 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:52:36.0225 0x0dbc  usbhub - ok
23:52:36.0240 0x0dbc  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:52:36.0240 0x0dbc  usbohci - ok
23:52:36.0271 0x0dbc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:52:36.0271 0x0dbc  usbprint - ok
23:52:36.0303 0x0dbc  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:52:36.0303 0x0dbc  usbscan - ok
23:52:36.0318 0x0dbc  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:36.0318 0x0dbc  USBSTOR - ok
23:52:36.0349 0x0dbc  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:52:36.0349 0x0dbc  usbuhci - ok
23:52:36.0381 0x0dbc  [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:52:36.0396 0x0dbc  usbvideo - ok
23:52:36.0412 0x0dbc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:52:36.0412 0x0dbc  UxSms - ok
23:52:36.0427 0x0dbc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
23:52:36.0427 0x0dbc  VaultSvc - ok
23:52:36.0459 0x0dbc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:52:36.0459 0x0dbc  vdrvroot - ok
23:52:36.0505 0x0dbc  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
23:52:36.0521 0x0dbc  vds - ok
23:52:36.0537 0x0dbc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:36.0537 0x0dbc  vga - ok
23:52:36.0537 0x0dbc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:52:36.0537 0x0dbc  VgaSave - ok
23:52:36.0552 0x0dbc  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:52:36.0568 0x0dbc  vhdmp - ok
23:52:36.0583 0x0dbc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:52:36.0583 0x0dbc  viaide - ok
23:52:36.0599 0x0dbc  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:52:36.0599 0x0dbc  volmgr - ok
23:52:36.0630 0x0dbc  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:52:36.0630 0x0dbc  volmgrx - ok
23:52:36.0661 0x0dbc  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
23:52:36.0677 0x0dbc  volsnap - ok
23:52:36.0693 0x0dbc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:52:36.0693 0x0dbc  vsmraid - ok
23:52:36.0786 0x0dbc  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
23:52:36.0833 0x0dbc  VSS - ok
23:52:36.0849 0x0dbc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:52:36.0849 0x0dbc  vwifibus - ok
23:52:36.0880 0x0dbc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:52:36.0880 0x0dbc  vwififlt - ok
23:52:36.0911 0x0dbc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:52:36.0911 0x0dbc  vwifimp - ok
23:52:36.0942 0x0dbc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:52:36.0942 0x0dbc  W32Time - ok
23:52:36.0989 0x0dbc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:52:36.0989 0x0dbc  WacomPen - ok
23:52:37.0020 0x0dbc  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:52:37.0020 0x0dbc  WANARP - ok
23:52:37.0036 0x0dbc  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:52:37.0036 0x0dbc  Wanarpv6 - ok
23:52:37.0114 0x0dbc  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
23:52:37.0145 0x0dbc  wbengine - ok
23:52:37.0176 0x0dbc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:52:37.0176 0x0dbc  WbioSrvc - ok
23:52:37.0207 0x0dbc  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:52:37.0207 0x0dbc  wcncsvc - ok
23:52:37.0239 0x0dbc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:52:37.0239 0x0dbc  WcsPlugInService - ok
23:52:37.0270 0x0dbc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:52:37.0270 0x0dbc  Wd - ok
23:52:37.0301 0x0dbc  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:52:37.0317 0x0dbc  Wdf01000 - ok
23:52:37.0363 0x0dbc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:52:37.0363 0x0dbc  WdiServiceHost - ok
23:52:37.0379 0x0dbc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:52:37.0379 0x0dbc  WdiSystemHost - ok
23:52:37.0410 0x0dbc  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
23:52:37.0410 0x0dbc  WebClient - ok
23:52:37.0426 0x0dbc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:52:37.0441 0x0dbc  Wecsvc - ok
23:52:37.0457 0x0dbc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:52:37.0473 0x0dbc  wercplsupport - ok
23:52:37.0488 0x0dbc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:52:37.0504 0x0dbc  WerSvc - ok
23:52:37.0535 0x0dbc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:52:37.0535 0x0dbc  WfpLwf - ok
23:52:37.0566 0x0dbc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:52:37.0566 0x0dbc  WIMMount - ok
23:52:37.0582 0x0dbc  WinDefend - ok
23:52:37.0582 0x0dbc  WinHttpAutoProxySvc - ok
23:52:37.0660 0x0dbc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:52:37.0660 0x0dbc  Winmgmt - ok
23:52:37.0816 0x0dbc  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:52:37.0878 0x0dbc  WinRM - ok
23:52:37.0941 0x0dbc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:52:37.0956 0x0dbc  Wlansvc - ok
23:52:38.0128 0x0dbc  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:52:38.0190 0x0dbc  wlidsvc - ok
23:52:38.0221 0x0dbc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:52:38.0221 0x0dbc  WmiAcpi - ok
23:52:38.0253 0x0dbc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:52:38.0268 0x0dbc  wmiApSrv - ok
23:52:38.0315 0x0dbc  WMPNetworkSvc - ok
23:52:38.0331 0x0dbc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:52:38.0331 0x0dbc  WPCSvc - ok
23:52:38.0346 0x0dbc  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:52:38.0346 0x0dbc  WPDBusEnum - ok
23:52:38.0362 0x0dbc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:52:38.0377 0x0dbc  ws2ifsl - ok
23:52:38.0409 0x0dbc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:52:38.0409 0x0dbc  wscsvc - ok
23:52:38.0409 0x0dbc  WSearch - ok
23:52:38.0565 0x0dbc  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:52:38.0627 0x0dbc  wuauserv - ok
23:52:38.0658 0x0dbc  [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:52:38.0658 0x0dbc  WudfPf - ok
23:52:38.0689 0x0dbc  [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:38.0689 0x0dbc  WUDFRd - ok
23:52:38.0721 0x0dbc  [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:52:38.0721 0x0dbc  wudfsvc - ok
23:52:38.0736 0x0dbc  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:52:38.0752 0x0dbc  WwanSvc - ok
23:52:38.0783 0x0dbc  ================ Scan global ===============================
23:52:38.0814 0x0dbc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:52:38.0830 0x0dbc  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:52:38.0845 0x0dbc  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:52:38.0877 0x0dbc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:52:38.0923 0x0dbc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:52:38.0939 0x0dbc  [ Global ] - ok
23:52:38.0939 0x0dbc  ================ Scan MBR ==================================
23:52:38.0939 0x0dbc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:52:39.0204 0x0dbc  \Device\Harddisk0\DR0 - ok
23:52:39.0204 0x0dbc  ================ Scan VBR ==================================
23:52:39.0220 0x0dbc  [ C502F4BB1CE2A15E2F3DA9B076B8C751 ] \Device\Harddisk0\DR0\Partition1
23:52:39.0220 0x0dbc  \Device\Harddisk0\DR0\Partition1 - ok
23:52:39.0251 0x0dbc  [ 8EDDCD5EF53B12440ED58D2DCABDA2AB ] \Device\Harddisk0\DR0\Partition2
23:52:39.0251 0x0dbc  \Device\Harddisk0\DR0\Partition2 - ok
23:52:39.0251 0x0dbc  ================ Scan generic autorun ======================
23:52:39.0251 0x0dbc  SynTPEnh - ok
23:52:39.0313 0x0dbc  [ F9EF20F6FDA1444C0864BD7AEDC10CAF, E6A18BD7200E7DE7599753DA27469AEC479A315931956D457547F243FCB92C2A ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
23:52:39.0329 0x0dbc  TosSENotify - ok
23:52:39.0329 0x0dbc  TosReelTimeMonitor - ok
23:52:39.0345 0x0dbc  TosNC - ok
23:52:39.0407 0x0dbc  [ BACA0077A128322183F1A323A51EF7E4, 21C72EC574B7C2DD1480036CAD2C5DA15CACE2123A0608AD779292A94EACF39F ] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
23:52:39.0423 0x0dbc  Toshiba TEMPRO - ok
23:52:39.0485 0x0dbc  [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
23:52:39.0501 0x0dbc  SmartAudio - ok
23:52:39.0532 0x0dbc  [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
23:52:39.0532 0x0dbc  cAudioFilterAgent - ok
23:52:39.0532 0x0dbc  TPwrMain - ok
23:52:39.0547 0x0dbc  HSON - ok
23:52:39.0547 0x0dbc  SmoothView - ok
23:52:39.0547 0x0dbc  00TCrdMain - ok
23:52:39.0547 0x0dbc  SmartFaceVWatcher - ok
23:52:39.0563 0x0dbc  Teco - ok
23:52:39.0563 0x0dbc  TosWaitSrv - ok
23:52:39.0579 0x0dbc  [ F82483A80D49ACCA81193A294FB233CD, 7EEA9E7F62A92AD98569B1A4F4809D91D7ED671821A738EB75BC6E469DB44494 ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
23:52:39.0579 0x0dbc  TosVolRegulator - ok
23:52:39.0641 0x0dbc  [ 104A28EA683C17D5470B3934D158142D, 286E7AF73C94D5CCD9F84C83C5343F385290D786D130701C367E56D5681A751C ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
23:52:39.0641 0x0dbc  Toshiba Registration - ok
23:52:39.0703 0x0dbc  [ 80A02F5ADDDF2D615B85A4F19424DCBB, BBAC2A551CE02625FD7F3944D4EBDC7EF5C9F2C9D698449D77695C2B1DC1CE45 ] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
23:52:39.0735 0x0dbc  NBAgent - ok
23:52:39.0781 0x0dbc  [ 1846FCC3B3640682C5EAC1B1A42F10F3, 579B94A6CD52DC419C90398512E535FA5097BB4F757EDF171AC1B0EB7742E3FC ] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
23:52:39.0797 0x0dbc  Bing Bar - ok
23:52:39.0844 0x0dbc  [ 9ED4F1D990A3D16112155EA2D50E7975, D2BAA0ACE51286774D9BC622FEE650AD918DF44AEC0BA1E43D28C1E70408FCBF ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
23:52:39.0844 0x0dbc  Microsoft Default Manager - ok
23:52:39.0891 0x0dbc  [ 21EE540CC1AC0F16E34BE3D84BF93269, 1A4F67879043DCD622F9280E359D9BB189EF1C2FF23FB101606808740EA25B42 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:52:39.0891 0x0dbc  StartCCC - ok
23:52:40.0015 0x0dbc  [ F7E0783DA9043BC131BB37C77EDB04DF, CD24E9B89789BE57230C52B24E63F29C6E650876E5FB0CB1304390B7E698FF93 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
23:52:40.0062 0x0dbc  TWebCamera - ok
23:52:40.0140 0x0dbc  [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
23:52:40.0171 0x0dbc  ToshibaServiceStation - ok
23:52:40.0234 0x0dbc  [ 0600CB2613BEA0C6C0987B58D56D77B9, BFA2AC5BBC90E49A7A1C4D890C79ED4A757CB4C9C8215174F51430962BF346F4 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:52:40.0234 0x0dbc  Adobe Reader Speed Launcher - ok
23:52:40.0312 0x0dbc  [ B63E5C7807334A3A8F731062F15462CC, F4E501F749C10C44E8F501A34D8DD309892968BE70DA17734267BBCDDC351444 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:52:40.0343 0x0dbc  Adobe ARM - ok
23:52:40.0405 0x0dbc  [ CA1F035A177457B47F9B7D669FE3E91A, ACA93529F3AFD1F9B51B51A192D69321095465321E4382DD857138F45F37C5F7 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
23:52:40.0405 0x0dbc  Avira Systray - ok
23:52:40.0624 0x0dbc  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
23:52:40.0655 0x0dbc  avgnt - ok
23:52:40.0764 0x0dbc  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:52:40.0795 0x0dbc  Sidebar - ok
23:52:40.0827 0x0dbc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:52:40.0827 0x0dbc  mctadmin - ok
23:52:40.0889 0x0dbc  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:52:40.0905 0x0dbc  Sidebar - ok
23:52:40.0920 0x0dbc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:52:40.0920 0x0dbc  mctadmin - ok
23:52:41.0123 0x0dbc  [ 05973FB5F863CDB65852D88ADB383A33, BD10E37E9B42D03719AA4FE595F44FEB75E0D598E7E36480506AF18D8236F21F ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
23:52:41.0232 0x0dbc  TOSHIBA Online Product Information - ok
23:52:41.0232 0x0dbc  Waiting for KSN requests completion. In queue: 62
23:52:42.0246 0x0dbc  Waiting for KSN requests completion. In queue: 62
23:52:43.0260 0x0dbc  Waiting for KSN requests completion. In queue: 62
23:52:44.0290 0x0dbc  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x41000 ( enabled : updated )
23:52:44.0306 0x0dbc  Win FW state via NFP2: enabled
23:52:46.0770 0x0dbc  ============================================================
23:52:46.0770 0x0dbc  Scan finished
23:52:46.0770 0x0dbc  ============================================================
23:52:46.0786 0x1574  Detected object count: 0
23:52:46.0786 0x1574  Actual detected object count: 0
         

Alt 05.07.2014, 22:58   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Ok, jetzt aber FRST...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 06.07.2014, 07:43   #12
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



okay habs.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Petra (administrator) on PETRA-TOSH on 06-07-2014 08:37:24
Running from C:\Users\Petra\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe [243032 2010-03-04] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-624067999-1713132423-900167343-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = 
SearchScopes: HKCU - {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = 
SearchScopes: HKCU - {88E2EDE3-79A1-41F8-873F-FCDEB8B3656F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {B994B10A-6731-49FB-B606-B5D30A86B333} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-05-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-07-05] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-06 08:37 - 2014-07-06 08:37 - 00015940 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:27 - 2010-03-04 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-07-06 00:03 - 2013-03-19 08:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 07:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-07-06 00:03 - 2013-03-19 07:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-06 00:03 - 2013-03-19 07:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 06:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-07-06 00:03 - 2013-03-19 05:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-07-06 00:03 - 2011-11-17 09:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-06 00:03 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-06 00:03 - 2011-10-15 08:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-07-06 00:03 - 2011-10-15 07:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-07-06 00:03 - 2011-02-23 07:15 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-07-06 00:03 - 2010-10-16 07:17 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-07-06 00:03 - 2010-10-16 06:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-07-06 00:03 - 2010-08-27 08:14 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-07-06 00:03 - 2010-08-27 07:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-07-06 00:03 - 2010-08-27 05:38 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-07-06 00:02 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-07-06 00:01 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-07-06 00:01 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-07-05 23:49 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-05 23:37 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-05 23:37 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-05 23:37 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-05 23:37 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:24 - 2014-07-06 08:37 - 00000000 ____D () C:\FRST
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 20:36 - 2014-07-05 23:10 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 23:10 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 20:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 21:12 - 2014-07-04 21:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:09 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 21:07 - 2014-07-04 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:05 - 2014-07-03 09:15 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp

==================== One Month Modified Files and Folders =======

2014-07-06 08:37 - 2014-07-06 08:37 - 00015940 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:37 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST
2014-07-06 08:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 08:35 - 2009-07-14 06:51 - 00319940 _____ () C:\Windows\setupact.log
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:31 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-06 08:25 - 2012-06-18 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 23:56 - 2010-11-12 19:11 - 01994592 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 23:39 - 2009-07-14 19:58 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2014-07-05 23:39 - 2009-07-14 19:58 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2014-07-05 23:39 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 23:10 - 2014-07-05 20:36 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 23:10 - 2014-07-05 20:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 23:09 - 2011-12-02 06:30 - 00253052 _____ () C:\Windows\PFRO.log
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 21:05 - 2011-12-02 06:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C71483C9-395E-4E5F-99DC-10583995EFF5}
2014-07-05 20:45 - 2010-11-12 19:32 - 00000000 ____D () C:\Windows\OemDrv
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 22:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:10 - 2014-07-04 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:10 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:15 - 2014-07-03 09:05 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-24 20:39 - 2014-07-04 21:09 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp
2014-06-16 08:08 - 2011-12-11 19:40 - 443683667 _____ () C:\Windows\MEMORY.DMP
2014-06-16 08:08 - 2011-12-11 19:40 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\AskSLib.dll
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\Petra\AppData\Local\Temp\{BFD1420D-B4AE-40FD-AC33-9E4D016534D7}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-01 10:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Petra (administrator) on PETRA-TOSH on 06-07-2014 08:40:42
Running from C:\Users\Petra\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe [243032 2010-03-04] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-624067999-1713132423-900167343-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = 
SearchScopes: HKCU - {0903EB8A-909A-424D-8AEE-1F3A4190026B} URL = 
SearchScopes: HKCU - {88E2EDE3-79A1-41F8-873F-FCDEB8B3656F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {B994B10A-6731-49FB-B606-B5D30A86B333} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-05-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-07-05] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-06 08:37 - 2014-07-06 08:40 - 00016492 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:27 - 2010-03-04 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-07-06 00:03 - 2013-03-19 08:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 07:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-07-06 00:03 - 2013-03-19 07:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-06 00:03 - 2013-03-19 07:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-06 00:03 - 2013-03-19 06:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-07-06 00:03 - 2013-03-19 05:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-07-06 00:03 - 2011-11-17 09:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-06 00:03 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-06 00:03 - 2011-10-15 08:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-07-06 00:03 - 2011-10-15 07:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 07:40 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-07-06 00:03 - 2011-08-27 06:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-07-06 00:03 - 2011-02-23 07:15 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-07-06 00:03 - 2011-02-23 07:15 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-07-06 00:03 - 2010-10-16 07:17 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-07-06 00:03 - 2010-10-16 06:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-07-06 00:03 - 2010-08-27 08:14 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-07-06 00:03 - 2010-08-27 07:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-07-06 00:03 - 2010-08-27 05:38 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-06 00:03 - 2010-08-27 05:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-07-06 00:02 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-07-06 00:02 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-07-06 00:01 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-07-06 00:01 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-07-05 23:49 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-05 23:37 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-05 23:37 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-05 23:37 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-05 23:37 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-05 23:37 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:24 - 2014-07-06 08:40 - 00000000 ____D () C:\FRST
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 20:36 - 2014-07-05 23:10 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 23:10 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 20:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 21:12 - 2014-07-04 21:10 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:09 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 21:09 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 21:07 - 2014-07-04 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:07 - 2014-07-04 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:05 - 2014-07-03 09:15 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp

==================== One Month Modified Files and Folders =======

2014-07-06 08:40 - 2014-07-06 08:37 - 00016492 _____ () C:\Users\Petra\Desktop\FRST.txt
2014-07-06 08:40 - 2014-07-05 22:24 - 00000000 ____D () C:\FRST
2014-07-06 08:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 08:35 - 2009-07-14 06:51 - 00319940 _____ () C:\Windows\setupact.log
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:34 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 08:31 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-06 08:25 - 2012-06-18 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 23:56 - 2010-11-12 19:11 - 02022700 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 23:39 - 2009-07-14 19:58 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2014-07-05 23:39 - 2009-07-14 19:58 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2014-07-05 23:39 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 23:26 - 2014-07-05 23:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-05 23:12 - 2014-07-05 23:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Petra\Desktop\tdsskiller.exe
2014-07-05 23:10 - 2014-07-05 20:36 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 23:10 - 2014-07-05 20:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-05 23:09 - 2011-12-02 06:30 - 00253052 _____ () C:\Windows\PFRO.log
2014-07-05 22:52 - 2010-11-12 19:32 - 00000000 ____D () C:\Windows\OemDrv
2014-07-05 22:48 - 2014-07-05 22:48 - 00000000 ____D () C:\Users\Petra\Desktop\mbar
2014-07-05 22:46 - 2014-07-05 22:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Petra\Desktop\mbar-1.07.0.1012.exe
2014-07-05 22:23 - 2014-07-05 22:23 - 02084352 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2014-07-05 21:05 - 2011-12-02 06:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C71483C9-395E-4E5F-99DC-10583995EFF5}
2014-07-05 20:35 - 2014-07-05 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Petra\Desktop\OTL.exe
2014-07-05 20:30 - 2014-07-05 20:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-05 20:30 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 22:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 21:11 - 2014-07-04 21:11 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2014-07-04 21:10 - 2014-07-04 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 21:10 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 21:09 - 2014-07-04 21:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 21:07 - 2014-07-04 21:07 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 21:07 - 2014-07-04 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 09:15 - 2014-07-03 09:05 - 00000000 ____D () C:\Users\Petra\Desktop\Unterlagen
2014-06-24 20:39 - 2014-07-04 21:09 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 21:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-16 08:08 - 2014-06-16 08:08 - 00275152 _____ () C:\Windows\Minidump\061614-15646-01.dmp
2014-06-16 08:08 - 2011-12-11 19:40 - 443683667 _____ () C:\Windows\MEMORY.DMP
2014-06-16 08:08 - 2011-12-11 19:40 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\AskSLib.dll
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\Petra\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\Petra\AppData\Local\Temp\{BFD1420D-B4AE-40FD-AC33-9E4D016534D7}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-01 10:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Petra at 2014-07-06 08:41:35
Running from C:\Users\Petra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version:  - Amazon EU S.a.r.L.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1401.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 5.0.1399.0 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0426.2136.36953 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help English (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help French (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help German (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0426.2136.36953 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 2.0.271.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Nero 9 Essentials (HKLM-x32\...\{35a33a96-0edd-4bcb-ab72-e736eb49ef5d}) (Version:  - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero Express Help (x32 Version: 9.4.34.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.25002 - Nero AG)
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.34.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Photo Service - powered by myphotobook (x32 Version: 1.0.7 - myphotobook GmbH) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.152 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}) (Version: 8.0.29 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Restore Points  =========================

22-01-2014 08:37:32 Geplanter Prüfpunkt
15-02-2014 11:52:55 Geplanter Prüfpunkt
05-03-2014 10:44:00 Geplanter Prüfpunkt
13-03-2014 09:40:22 Geplanter Prüfpunkt
22-03-2014 08:15:26 Geplanter Prüfpunkt
31-03-2014 10:03:16 Geplanter Prüfpunkt
14-04-2014 14:02:46 Geplanter Prüfpunkt
04-05-2014 06:48:21 Geplanter Prüfpunkt
24-05-2014 12:00:10 Geplanter Prüfpunkt
01-06-2014 06:46:21 Windows Update
01-07-2014 08:47:23 Geplanter Prüfpunkt
05-07-2014 21:36:32 Windows Update
05-07-2014 21:49:16 Windows Update
06-07-2014 06:25:59 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {27C27DD4-C68A-4ED0-86E0-52EB04A61BC2} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {DEB799E3-76C2-4E97-9052-3A6C656EEC58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-17 17:01 - 2010-03-17 17:01 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-03-09 14:31 - 2010-03-09 14:31 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-10 12:06 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-12 19:16 - 2010-11-12 19:16 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-30 12:05 - 2014-06-30 12:05 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-04 21:10 - 2014-06-30 12:08 - 00049744 _____ () C:\Users\Petra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17685178.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50767848.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17685178.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50767848.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7600.16385

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x13f4
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3

Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (07/06/2014 08:32:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎07.‎2014 um 08:29:13 unerwartet heruntergefahren.

Error: (07/06/2014 08:25:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/05/2014 11:15:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb
avkmgr

Error: (07/05/2014 11:14:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/05/2014 11:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/05/2014 11:10:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mbamchameleon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/05/2014 11:10:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb
avkmgr

Error: (07/05/2014 11:09:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (07/05/2014 11:09:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/05/2014 11:01:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (07/05/2014 10:21:41 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7600.16385

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d6e801cf988e8aa72017C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc908938c-0481-11e4-acf2-00266c936d90

Error: (07/05/2014 10:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.163854a5bdfe0c06d007f000000000000aa7d13f401cf988e8a9d9a95C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc906322b-0481-11e4-acf2-00266c936d90

Error: (07/01/2014 10:41:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2

Error: (07/01/2014 10:41:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (07/01/2014 10:40:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/07/2014 03:33:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2

Error: (06/07/2014 03:33:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (06/07/2014 03:33:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2014 01:53:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 19:17:42.923
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\a471079.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-23 19:17:42.912
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\a471079.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3958.84 MB
Available physical RAM: 2231.27 MB
Total Pagefile: 7915.82 MB
Available Pagefile: 5968.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:148.81 GB) (Free:106.66 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.88 GB) (Free:140.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 316FAB32)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 06.07.2014, 08:20   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Hi, da ist noch so einiges zu tun. Wir machen so weiter:

Schritt 1

Bitte deinstalliere folgende Programme:

Java(TM) 6 Update 17


Deinstalliere es bei Windows 7 über Systemsteuerung/Programme.

Schritt 2
Scan mit Malwarebytes Antimalware
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 06.07.2014, 19:36   #14
pbcf
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.07.2014
Suchlauf-Zeit: 19:07:01
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.06.06
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Petra

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 271891
Verstrichene Zeit: 18 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=d41b62cfa6c8304ab65c47850f544a13
# engine=19046
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-06 06:34:06
# local_time=2014-07-06 08:34:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 6261 1036501 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 74663 157077317 0 0
# scanned=151037
# found=1
# cleaned=0
# scan_time=2899
sh=E25EDA782B23085570F643F6D9FC95F3540D3905 ft=1 fh=505f46cb9dc52e14 vn="Variante von Win64/Rootkit.Kryptik.Z Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\05.07.2014_23.15.27\necurs0000\svc0000\tsk0000.dta"
         

Alt 06.07.2014, 19:54   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Standard

Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167



Hi, sieht gut aus!
Bevor wir den PC absichern noch diese Schritte:

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
Reboot:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Der PC startet neu. Dann:

Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167
antivir, autorun, blockiert, diner dash, excel, flash player, format, install.exe, malware, programm, realtek, security, software, svchost.exe, virus, win64/rootkit.kryptik.z, windows



Ähnliche Themen: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167


  1. Avira Echtzeit-Scanner: Zugriff auf Registry wurde blockiert - die Zweite -
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (21)
  2. Avira Echtzeit-Scanner: Zugriff auf Registry wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 07.05.2015 (28)
  3. TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (29)
  4. Antivir Fund AdSpy.Gen.2 TR/Crypt.XPACK.Gen
    Log-Analyse und Auswertung - 22.11.2014 (5)
  5. Windows 8.1 - McAfee - Echtzeit-Scanner deaktiviert sich von selbst
    Log-Analyse und Auswertung - 13.02.2014 (7)
  6. AntiVir Echtzeit Scanner meldete Trojaner, findet jetzt aber nichts mehr
    Log-Analyse und Auswertung - 23.11.2012 (16)
  7. TR/Crypt.EPACK.Gen2 nach Platinum live security warnung
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  8. AVIRA Echtzeit-Scanner meldet ständig einen TR/ATRAPS.Gen2 Virus
    Log-Analyse und Auswertung - 14.09.2012 (1)
  9. Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/ATRAPS.GEN
    Log-Analyse und Auswertung - 23.08.2012 (8)
  10. Avira Echtzeit Scanner - TR/Crypt.ZPACK.Gen - nur false positive?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (2)
  11. Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U
    Log-Analyse und Auswertung - 19.12.2011 (27)
  12. TR/Crypt.EPACK.Gen2 Antivir zeigt mir ständig Diesen Trojaner an--> Nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (10)
  13. AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (47)
  14. crypt.xpack.gen3 und mehr Fund durch AntiVir
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (6)
  15. crypt.xpack.gen3 Fund durch AntiVir
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (9)
  16. TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (15)
  17. sinowal e nach antivir scanner
    Plagegeister aller Art und deren Bekämpfung - 14.12.2009 (1)

Zum Thema Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 - Einen schönen guten Abend! Auch ich bin neu hier und hoffe, dass ich nicht allzuviel falsch mache. Man möge es mir verzeihen, ich tu mein bestes. Eine kurze Schilderung meines - Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167...
Archiv
Du betrachtest: Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.