Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.01.2015, 19:11   #1
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo zusammen,

bin neu hier und habe schon viele Beiträge gelesen, muss jetzt aber doch einen neuen Thread öffnen, da ich den Trojaner nicht los werde. Ich habe nur andere Tools probiert wie z.B. Adware, Spyhunter, AVIRA und Norton werde aber den Trojaner nicht los.
Habe auch schon sehr viel gegoogelt wo drin stand du musst in der Registry suchen und löschen -- habe aber an den angegebenen Punkten nichts was passt gefunden.

Ich hoffe es kann mir jemand hier helfen.
und weitere Tips geben um nicht wieder solch einen Trojaner zu fangen.

Vielen Dank im voraus
VG Mirko

Alt 04.01.2015, 19:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.01.2015, 19:26   #3
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hi anbei Logfiles von FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Luise (administrator) on LUISE-PC on 04-01-2015 20:23:15
Running from C:\Users\Luise\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
URLSearchHook: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 - (No Name) - {b106b661-3e1b-4015-af5c-195e909f35c6} - No File
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> DefaultScope {87EF3BAA-91DE-4DF4-A62A-DE800FC4835D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4bad1326-1180-4e63-9a0e-1084de8ccd42&apn_sauid=25C3A43F-37ED-4DC0-9FD2-E83A76CE726D
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> {4072BF2D-4A3F-428A-91AF-11D27B51090F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> {87EF3BAA-91DE-4DF4-A62A-DE800FC4835D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4bad1326-1180-4e63-9a0e-1084de8ccd42&apn_sauid=25C3A43F-37ED-4DC0-9FD2-E83A76CE726D
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "6ab48a75c5156135" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 6ab48a75c5156135; C:\Windows\System32\Drivers\6ab48a75c5156135.sys [42944 2014-06-23] () <===== ATTENTION Necurs Rootkit?
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-16] (Avira Operations GmbH & Co. KG)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [11417088 2011-12-01] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [13076328 2011-06-05] () [File not signed]
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [25960 2011-06-05] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed]
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [471144 2011-04-22] () [File not signed]
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] () [File not signed]
R1 SABI; C:\windows\system32\Drivers\SABI.sys [13824 2011-07-29] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] () [File not signed]
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] () [File not signed]
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-02-25] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [60416 2011-01-25] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [18432 2011-01-25] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:23 - 2015-01-04 20:23 - 00000000 ____D () C:\FRST
2015-01-04 19:39 - 2015-01-04 19:39 - 00003114 _____ () C:\windows\System32\Tasks\WinZip Malware Protector_startup
2015-01-04 19:38 - 2015-01-04 19:38 - 04917720 _____ (WinZip International LLC ) C:\Users\Luise\Desktop\wzmp_8.exe
2015-01-04 19:38 - 2015-01-04 19:38 - 00001189 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2015-01-04 19:38 - 2013-03-15 17:10 - 00020480 _____ () C:\windows\system32\wsusnative64.exe
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 19:09 - 2015-01-01 19:11 - 00000347 _____ () C:\windows\wininit.ini
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:15 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 19:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-04 19:40 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 19:40 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 19:33 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-04 19:33 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-04 19:32 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-04 19:31 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 19:31 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-04 19:31 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-04 19:30 - 2012-09-16 14:43 - 00023335 _____ () C:\windows\setupact.log
2015-01-04 19:30 - 2010-11-21 04:47 - 00720248 _____ () C:\windows\PFRO.log
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe
C:\Users\Luise\AppData\Local\Temp\tbNCH_.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2012-03-08 06:55] - [2011-02-25 07:25] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-04 10:53

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Luise at 2015-01-04 20:24:16
Running from C:\Users\Luise\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.31.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.4.57710 - Ask.com) <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version:  - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.14260 - WinZip International LLC)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {34101238-3EF2-4CD3-898C-A82869FD5852} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2014-12-02] (Nico Mak Computing)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A0E2E570-2F32-4CA2-A96A-802231B22B90} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 14:55 - 2013-08-02 03:12 - 00043520 _____ () C:\windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-04 19:38 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2015-01-04 19:38 - 2014-12-02 11:26 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2015-01-04 19:38 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: avipbb
Description: avipbb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avipbb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avnetflt
Description: avnetflt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avnetflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 07:41:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/04/2015 07:33:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NMMediaServerService.exe, Version: 4.5.20.145, Zeitstempel: 0x4f4cbbe9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e41b
ID des fehlerhaften Prozesses: 0x1710
Startzeit der fehlerhaften Anwendung: 0xNMMediaServerService.exe0
Pfad der fehlerhaften Anwendung: NMMediaServerService.exe1
Pfad des fehlerhaften Moduls: NMMediaServerService.exe2
Berichtskennung: NMMediaServerService.exe3

Error: (01/04/2015 07:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NMMediaServerService.exe, Version: 4.5.20.145, Zeitstempel: 0x4f4cbbe9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0xNMMediaServerService.exe0
Pfad der fehlerhaften Anwendung: NMMediaServerService.exe1
Pfad des fehlerhaften Moduls: NMMediaServerService.exe2
Berichtskennung: NMMediaServerService.exe3

Error: (01/04/2015 07:31:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Plex Media Server.exe, Version: 0.9.5.2, Zeitstempel: 0x4ed0e10f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xc0dedead
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x8d8
Startzeit der fehlerhaften Anwendung: 0xPlex Media Server.exe0
Pfad der fehlerhaften Anwendung: Plex Media Server.exe1
Pfad des fehlerhaften Moduls: Plex Media Server.exe2
Berichtskennung: Plex Media Server.exe3

Error: (01/04/2015 07:31:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 07:31:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NMMediaServerService.exe, Version: 4.5.20.145, Zeitstempel: 0x4f4cbbe9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0x774
Startzeit der fehlerhaften Anwendung: 0xNMMediaServerService.exe0
Pfad der fehlerhaften Anwendung: NMMediaServerService.exe1
Pfad des fehlerhaften Moduls: NMMediaServerService.exe2
Berichtskennung: NMMediaServerService.exe3

Error: (01/04/2015 07:20:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/04/2015 07:12:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NMMediaServerService.exe, Version: 4.5.20.145, Zeitstempel: 0x4f4cbbe9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e41b
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xNMMediaServerService.exe0
Pfad der fehlerhaften Anwendung: NMMediaServerService.exe1
Pfad des fehlerhaften Moduls: NMMediaServerService.exe2
Berichtskennung: NMMediaServerService.exe3

Error: (01/04/2015 07:12:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NMMediaServerService.exe, Version: 4.5.20.145, Zeitstempel: 0x4f4cbbe9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0xa98
Startzeit der fehlerhaften Anwendung: 0xNMMediaServerService.exe0
Pfad der fehlerhaften Anwendung: NMMediaServerService.exe1
Pfad des fehlerhaften Moduls: NMMediaServerService.exe2
Berichtskennung: NMMediaServerService.exe3

Error: (01/04/2015 07:10:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/04/2015 07:33:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/04/2015 07:33:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/04/2015 07:33:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (01/04/2015 07:33:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avnetflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (01/04/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb

Error: (01/04/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/04/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde nicht richtig gestartet.

Error: (01/04/2015 07:31:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avnetflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (01/04/2015 07:30:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (01/04/2015 07:15:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Symantec Real Time Storage Protection x64" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (01/04/2015 07:41:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/04/2015 07:33:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NMMediaServerService.exe4.5.20.1454f4cbbe9ntdll.dll6.1.7601.18247521ea8e7c00000050002e41b171001d0284ceeba4e37C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exeC:\windows\SysWOW64\ntdll.dll2fe37d1e-9440-11e4-b258-e8039ab097ab

Error: (01/04/2015 07:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NMMediaServerService.exe4.5.20.1454f4cbbe9ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be103401d0284ce46c8b67C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exeC:\windows\SysWOW64\ntdll.dll29172115-9440-11e4-b258-e8039ab097ab

Error: (01/04/2015 07:31:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Plex Media Server.exe0.9.5.24ed0e10fKERNELBASE.dll6.1.7601.1822951fb1116c0dedead0000c41f8d801d0284ca242b130C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exeC:\windows\syswow64\KERNELBASE.dllf2cba838-943f-11e4-b258-e8039ab097ab

Error: (01/04/2015 07:31:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 07:31:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NMMediaServerService.exe4.5.20.1454f4cbbe9ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be77401d0284c988f1afcC:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exeC:\windows\SysWOW64\ntdll.dlle48c8578-943f-11e4-b258-e8039ab097ab

Error: (01/04/2015 07:20:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/04/2015 07:12:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NMMediaServerService.exe4.5.20.1454f4cbbe9ntdll.dll6.1.7601.18247521ea8e7c00000050002e41b134001d0284a04eda01eC:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exeC:\windows\SysWOW64\ntdll.dll469da00d-943d-11e4-9c22-e8039ab097ab

Error: (01/04/2015 07:12:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NMMediaServerService.exe4.5.20.1454f4cbbe9ntdll.dll6.1.7601.18247521ea8e7c00000050002e3bea9801d02849f9f136efC:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exeC:\windows\SysWOW64\ntdll.dll3ca8258b-943d-11e4-9c22-e8039ab097ab

Error: (01/04/2015 07:10:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 18:11:04.363
  Description: N/A

  Date: 2014-06-23 18:11:04.202
  Description: N/A


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 46%
Total physical RAM: 4009.55 MB
Available physical RAM: 2127.93 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5889.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:107.48 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:261.24 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)

==================== End Of Log ============================
         
VG Mirko
__________________

Alt 05.01.2015, 07:52   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Zitat:
Running from C:\Users\Luise\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Was solln das?
In der Anleitung steht ganz klar Tools auf dem Desktop speichern. Also FRST bitte auf dem Desktop speichern.


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar

    Ask Toolbar Updater


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.01.2015, 18:26   #5
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,
erst mal vielen Dank für deine Hilfe.. anbei der Logfile von Combofix
ComboFix hat einmal beim Start gemeckert das Search & Destroy noch aktiviert ist -- war aber deaktiviert ...


Code:
ATTFilter
ComboFix 15-01-05.01 - Luise 06.01.2015  19:09:49.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4010.2587 [GMT 1:00]
ausgeführt von:: c:\users\Luise\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-06 bis 2015-01-06  ))))))))))))))))))))))))))))))
.
.
2015-01-06 18:16 . 2015-01-06 18:16	--------	d-----w-	c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2015-01-06 18:16 . 2015-01-06 18:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-06 18:16 . 2015-01-06 18:16	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-01-06 17:55 . 2015-01-06 17:55	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-01-04 20:57 . 2015-01-04 20:56	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-01-04 20:57 . 2015-01-04 20:56	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-01-04 20:57 . 2015-01-04 20:56	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-01-04 19:23 . 2015-01-04 19:25	--------	d-----w-	C:\FRST
2015-01-04 18:38 . 2015-01-04 18:38	--------	d-----w-	c:\users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 18:38 . 2015-01-04 18:38	--------	d-----w-	c:\programdata\Nico Mak Computing
2015-01-04 18:38 . 2015-01-04 18:38	--------	d-----w-	c:\program files (x86)\WinZip Malware Protector
2015-01-04 18:38 . 2013-03-15 16:10	20480	----a-w-	c:\windows\system32\wsusnative64.exe
2015-01-03 17:16 . 2015-01-03 17:16	--------	d-----w-	c:\users\Luise\AppData\Roaming\Tific
2015-01-03 17:13 . 2015-01-03 17:13	--------	d-----w-	c:\users\Luise\AppData\Local\Symantec
2015-01-01 19:22 . 2015-01-01 19:22	2123264	----a-w-	c:\users\Luise\AppData\Roaming\Microsoft\Windows\Network Shortcuts\FRST64.exe
2015-01-01 17:15 . 2013-09-20 09:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-01-01 17:15 . 2015-01-01 18:09	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-01-01 17:15 . 2015-01-01 17:18	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-01-01 17:14 . 2015-01-01 17:14	--------	d-----w-	c:\users\Luise\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 16:47 . 2013-10-23 18:04	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
1601-01-01 00:00 . 1601-01-01 00:00	0	----a-w-	c:\windows\system32\drivers\avipbb.sys	ERROR(0x00000005)
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2014-01-24 . 48B6047F82D5A8D0AEC71593F4ACD79B . 1684416 . . [6.1.7601.22580] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22580_none_04d102ad4ce53e53\ntfs.sys
[7] 2014-01-24 . 1A29A59A4C5BA6F8C85062A613B7E2B2 . 1684928 . . [6.1.7601.18378] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_045a363833b85029\ntfs.sys
[7] 2013-04-12 . B98F8C6E31CD07B2E6F71F7F648E38C0 . 1656680 . . [6.1.7601.18127] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_048f41be3390b0cf\ntfs.sys
[7] 2013-04-12 . A6AE4551BF8EED09FA3B6FCDF472F3E1 . 1686888 . . [6.1.7601.22297] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys
[7] 2012-08-31 . E453ACF4E7D44E5530B5D5F2B9CA8563 . 1659760 . . [6.1.7601.17945] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys
[7] 2012-08-31 . B2746D84DDF68D09B41B72DF745CCBA6 . 1687408 . . [6.1.7601.22104] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys
[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[7] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[7] 2010-11-21 . 05D78AA5CB5F3F5C31160BDB955D0B7C . 1659776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[7] 2014-01-24 . 1A29A59A4C5BA6F8C85062A613B7E2B2 . 1684928 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2014-04-05 . 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E . 1903552 . . [6.1.7601.18438] .. c:\windows\SoftwareDistribution\Download\ebb8b24a866efb8ccf046ff6b9882fa1\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[7] 2014-04-05 . 4F80944B03112F486212DC20BE166079 . 1897408 . . [6.1.7601.22648] .. c:\windows\SoftwareDistribution\Download\ebb8b24a866efb8ccf046ff6b9882fa1\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[7] 2013-11-26 . F55B41AA6114568AC558ADBABDA85620 . 1897408 . . [6.1.7601.22525] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[7] 2013-09-08 . 40AF23633D197905F03AB5628C558C51 . 1903552 . . [6.1.7601.18254] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[7] 2013-09-07 . 75F9106B74585D38C8FF6BB5CAD262D7 . 1896896 . . [6.1.7601.22444] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[7] 2013-07-06 . DB74544B75566C974815E79A62433F29 . 1910208 . . [6.1.7601.18203] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[7] 2013-07-06 . B27F13153343BC37A27EAE01634D94E1 . 1900992 . . [6.1.7601.22378] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[7] 2013-05-08 . 9849EA3843A2ADBDD1497E97A85D8CAE . 1910632 . . [6.1.7601.18148] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[7] 2013-05-08 . 3E94650745D4DAB67E161F5F32CEA597 . 1900392 . . [6.1.7601.22319] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[7] 2013-01-04 . B8C1AAC0523E1C33AEB0EF7572144BA2 . 1901416 . . [6.1.7601.22209] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[7] 2013-01-03 . B62A953F2BF3922C8764A29C34A22899 . 1913192 . . [6.1.7601.18042] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[7] 2012-10-03 . 37608401DFDB388CAF66917F6B2D6FB0 . 1914248 . . [6.1.7601.17964] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[7] 2012-10-03 . D5707FC2300AA5B04B7BFE86D40C0133 . 1902472 . . [6.1.7601.22124] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[7] 2012-08-22 . F782CAD3CEDBB3F9FFE3BF2775D92DDC . 1913200 . . [6.1.7601.17939] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[7] 2012-08-22 . 7880A26B7D3B96FDA8EFD9F985036B1D . 1901936 . . [6.1.7601.22097] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[7] 2012-03-30 . ACB82BDA8F46C84F465C1AFA517DC4B9 . 1918320 . . [6.1.7601.17802] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[7] 2012-03-30 . 885B202006EE17AE99B9FBCEC9AF88C9 . 1901424 . . [6.1.7601.21954] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[7] 2011-04-25 . B77977AEB2FF159D01DB08A309989C5F . 1927552 . . [6.1.7601.21712] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[7] 2011-04-25 . 92CE29D95AC9DD2D0EE9061D551BA250 . 1923968 . . [6.1.7601.17603] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[7] 2010-11-21 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[7] 2013-09-08 . 40AF23633D197905F03AB5628C558C51 . 1903552 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[7] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2014-03-04 . A9D735A8C6010DCE1148D4BC32365C14 . 5553088 . . [6.1.7601.22616] .. c:\windows\SoftwareDistribution\Download\f6446aa2f5f86c06820f4e4200db84ac\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2\ntoskrnl.exe
[7] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\SoftwareDistribution\Download\f6446aa2f5f86c06820f4e4200db84ac\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
[7] 2013-08-29 . C842D8DC6E5BCD750FA50E4083CBBBEB . 5552064 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_cacc4a02e3eec656\ntoskrnl.exe
[7] 2013-08-29 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_ca38dbafcad85ead\ntoskrnl.exe
[7] 2013-08-02 . 5DA80B9D5EB7197AA99006C2DDD14E08 . 5554624 . . [6.1.7601.22411] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_cadce868e3e30fc1\ntoskrnl.exe
[7] 2013-08-02 . 63B563F1FC047AB3E21530DBBE773260 . 5550528 . . [6.1.7601.18229] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_ca507c1bcac65979\ntoskrnl.exe
[7] 2013-07-09 . C19DCA1024135D5485E25AB1047F77BC . 5550528 . . [6.1.7601.18205] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_ca621acbcab9bc3b\ntoskrnl.exe
[7] 2013-07-08 . 3431F8C9C9B18EE536453FC55B87DA3E . 5554624 . . [6.1.7601.22379] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_caa4094ae40c84f8\ntoskrnl.exe
[7] 2013-03-19 . AC3232ED772403D38D64C18CD5A66FBD . 5550424 . . [6.1.7601.18113] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857\ntoskrnl.exe
[7] 2013-03-19 . 25F87CF0EAF38AD1D412E804AE00CE3B . 5553496 . . [6.1.7601.22280] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3\ntoskrnl.exe
[7] 2013-01-05 . 6B0D9CF92C08D42533C12FC1A0B5403F . 5553512 . . [6.1.7601.18044] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe
[7] 2013-01-05 . A0F9F36C3F670053F9A2E9B9577CD1AB . 5554536 . . [6.1.7601.22210] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_cadbe452e3e3fc1c\ntoskrnl.exe
[7] 2012-08-30 . FE905D59663E86BFE51623947B7425FD . 5559664 . . [6.1.7601.17944] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe
[7] 2012-08-30 . A0D1C0E813A7C6E17C029375AC2ACE18 . 5562736 . . [6.1.7601.22103] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe
[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[7] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[7] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe
[7] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[7] 2013-08-29 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2011-03-01 . 635455A95EB8EC47AC72142E501465ED . 27648 . . [6.1.7601.21671] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[7] 2011-03-01 . 6F68F63794097E54F36474ED4384B759 . 27648 . . [6.1.7601.17568] .. c:\windows\erdnt\cache64\svchost.exe
[7] 2011-03-01 . 6F68F63794097E54F36474ED4384B759 . 27648 . . [6.1.7601.17568] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2011-03-01 . 6F68F63794097E54F36474ED4384B759 . 27648 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
c:\windows\SysWow64\svchost.exe ... Fehlt !!
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2011-11-26 2699344]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924064]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-27 702768]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
E-POP.lnk - c:\program files (x86)\Samsung\E-POP\E-POP.exe [2012-8-2 1786248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - 6ab48a75c5156135
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-14 17:16	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 18:58]
.
2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 17:06]
.
2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\6ab48a75c5156135]
"ImagePath"="\SystemRoot\System32\Drivers\6ab48a75c5156135.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-06  19:19:55
ComboFix-quarantined-files.txt  2015-01-06 18:19
.
Vor Suchlauf: 10 Verzeichnis(se), 117.084.954.624 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 116.984.623.104 Bytes frei
.
- - End Of File - - C91A495C3CB123FEB5698DE16FC63C57
         
VG Mirko


Alt 06.01.2015, 20:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren

Alt 07.01.2015, 17:08   #7
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber anbei die Logs

1. MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.01.2015
Suchlauf-Zeit: 17:28:15
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.07.11
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Luise

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 427636
Verstrichene Zeit: 9 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
dann AdwCleaner

Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 07/01/2015 um 17:49:06
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Luise - LUISE-PC
# Gestartet von : C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Users\Luise\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Luise\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Luise\AppData\Roaming\NCH Software
Datei Gelöscht : C:\windows\System32\wsusnative64.exe

***** [ Tasks ] *****

Task Gelöscht : WinZip Malware Protector_startup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4072BF2D-4A3F-428A-91AF-11D27B51090F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{87EF3BAA-91DE-4DF4-A62A-DE800FC4835D}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v39.0.2171.95

[C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5227 octets] - [07/01/2015 17:46:42]
AdwCleaner[S0].txt - [4777 octets] - [07/01/2015 17:49:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4837 octets] ##########
         
und Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Luise on 07.01.2015 at 17:57:19,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] "C:\windows\wininit.ini"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{2F048CF2-1AA0-4166-81E0-A41401F43482}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{3D421987-C0C7-4427-96CA-83255FBE2A72}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{541A0D21-EF8F-4A45-A5F8-73B4323BB693}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{62117AE8-D785-49B4-8B1D-BED426FD8C53}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{697C4765-EE85-4CF6-838F-EBD65FF9639A}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{ADD2B064-4E17-4337-8511-39E591F451F2}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{C788C525-0D5A-496E-8A5E-21B10F64CF0D}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{CBCEB04A-06A5-42A8-9EEF-DDB4A740AAA1}
Successfully deleted: [Empty Folder] C:\Users\Luise\appdata\local\{DB2ECA3D-25D5-498F-AA1C-63DB0BE45200}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.01.2015 at 18:00:32,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
VG Mirko

Sorry FRST vergessen


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 07-01-2015 18:09:04
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "6ab48a75c5156135" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 6ab48a75c5156135; C:\Windows\System32\Drivers\6ab48a75c5156135.sys [42944 2014-06-23] () <===== ATTENTION Necurs Rootkit?
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] () [File not signed]
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2797056 2011-12-12] () [File not signed]
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] () [File not signed]
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] () [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [41984 2009-07-14] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] () [File not signed]
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-07-06] () [File not signed]
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2011-04-28] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] () [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31216 2012-02-16] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] () [File not signed]
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed]
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [242992 2012-03-12] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] () [File not signed]
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-21] () [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] () [File not signed]
S3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [30208 2010-11-21] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [439320 2011-02-18] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12256512 2010-12-16] () [File not signed]
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2917096 2011-07-12] () [File not signed]
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-14] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-21] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2013-09-25] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154560 2013-09-25] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] () [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-20] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [11417088 2011-12-01] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [13076328 2011-06-05] () [File not signed]
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [25960 2011-06-05] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed]
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [471144 2011-04-22] () [File not signed]
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] () [File not signed]
R1 SABI; C:\windows\system32\Drivers\SABI.sys [13824 2011-07-29] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] () [File not signed]
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] () [File not signed]
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-02-25] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [60416 2011-01-25] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [18432 2011-01-25] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 18:09 - 2015-01-07 18:09 - 00037657 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-07 18:09 - 2015-01-07 18:09 - 00000000 ____D () C:\Users\Luise\Desktop\FRST-OlderVersion
2015-01-07 18:00 - 2015-01-07 18:00 - 00002029 _____ () C:\Users\Luise\Desktop\JRT.txt
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:55 - 2015-01-07 17:55 - 01707939 _____ (Thisisu) C:\Users\Luise\Desktop\JRT.exe
2015-01-07 17:46 - 2015-01-07 17:49 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:44 - 2015-01-07 17:44 - 02173952 _____ () C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
2015-01-07 17:39 - 2015-01-07 17:39 - 00001202 _____ () C:\Users\Luise\Desktop\mbam.txt
2015-01-07 17:26 - 2015-01-07 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-07 17:23 - 2015-01-07 17:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luise\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-06 19:19 - 2015-01-06 19:19 - 00032132 _____ () C:\ComboFix.txt
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-06 19:19 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 19:04 - 2015-01-06 19:04 - 05609498 ____R (Swearware) C:\Users\Luise\Desktop\ComboFix.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luise\Desktop\revosetup95.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 00001264 _____ () C:\Users\Luise\Desktop\Revo Uninstaller.lnk
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ () C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ () C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ () C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-07 18:09 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 17:58 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 17:58 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 17:52 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-07 17:50 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 17:50 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-07 17:50 - 2012-09-16 14:43 - 00023559 _____ () C:\windows\setupact.log
2015-01-07 17:50 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-07 17:49 - 2010-11-21 04:47 - 00747436 _____ () C:\windows\PFRO.log
2015-01-07 17:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 17:41 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-07 17:22 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 17:22 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-06 19:29 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-06 19:16 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2012-03-08 06:55] - [2011-02-25 07:25] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-04 10:53

==================== End Of Log ============================
         
--- --- ---


plus additional

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Luise at 2015-01-07 18:10:06
Running from C:\Users\Luise\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version:  - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 14:55 - 2013-08-02 03:12 - 00043520 _____ () C:\windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: avipbb
Description: avipbb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avipbb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 06:00:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/07/2015 06:00:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 18:11:04.363
  Description: N/A

  Date: 2014-06-23 18:11:04.202
  Description: N/A


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 39%
Total physical RAM: 4009.55 MB
Available physical RAM: 2417.13 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 6160.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:108.61 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:265.12 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)

==================== End Of Log ============================
         

Geändert von lumija (07.01.2015 um 17:11 Uhr) Grund: Sorry FRST vergessen

Alt 07.01.2015, 17:25   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.01.2015, 20:14   #9
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,

anbei das Logfile von Eset 1 Bedrohung gefunden
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dd40bc6c397d584a82791a79bec9c49a
# engine=21854
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-07 08:02:11
# local_time=2015-01-07 09:02:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 259433 39235689 0 0
# scanned=227720
# found=1
# cleaned=0
# scan_time=5530
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
         
und Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Google Chrome 37.0.2062.124  Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 07-01-2015 21:11:24
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "6ab48a75c5156135" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 6ab48a75c5156135; C:\Windows\System32\Drivers\6ab48a75c5156135.sys [42944 2014-06-23] () <===== ATTENTION Necurs Rootkit?
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [11417088 2011-12-01] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [13076328 2011-06-05] () [File not signed]
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [25960 2011-06-05] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed]
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [471144 2011-04-22] () [File not signed]
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] () [File not signed]
R1 SABI; C:\windows\system32\Drivers\SABI.sys [13824 2011-07-29] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] () [File not signed]
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] () [File not signed]
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-02-25] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [60416 2011-01-25] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [18432 2011-01-25] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 21:07 - 2015-01-07 21:08 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-07 19:21 - 2015-01-07 19:24 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-07 18:12 - 2015-01-07 18:12 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 18:10 - 2015-01-07 18:10 - 00026225 _____ () C:\Users\Luise\Desktop\Addition.txt
2015-01-07 18:09 - 2015-01-07 21:11 - 00028538 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-07 18:09 - 2015-01-07 18:09 - 00000000 ____D () C:\Users\Luise\Desktop\FRST-OlderVersion
2015-01-07 18:00 - 2015-01-07 18:00 - 00002029 _____ () C:\Users\Luise\Desktop\JRT.txt
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:55 - 2015-01-07 17:55 - 01707939 _____ (Thisisu) C:\Users\Luise\Desktop\JRT.exe
2015-01-07 17:46 - 2015-01-07 17:49 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:44 - 2015-01-07 17:44 - 02173952 _____ () C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
2015-01-07 17:39 - 2015-01-07 17:39 - 00001202 _____ () C:\Users\Luise\Desktop\mbam.txt
2015-01-07 17:26 - 2015-01-07 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-07 17:23 - 2015-01-07 17:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luise\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-06 19:19 - 2015-01-06 19:19 - 00032132 _____ () C:\ComboFix.txt
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-06 19:19 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 19:04 - 2015-01-06 19:04 - 05609498 ____R (Swearware) C:\Users\Luise\Desktop\ComboFix.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luise\Desktop\revosetup95.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 00001264 _____ () C:\Users\Luise\Desktop\Revo Uninstaller.lnk
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ () C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ () C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ () C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-07 21:11 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 20:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 20:15 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 19:23 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 19:23 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 19:19 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-07 18:15 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 18:15 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-07 18:15 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-07 18:14 - 2012-09-16 14:43 - 00023615 _____ () C:\windows\setupact.log
2015-01-07 18:14 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-07 17:49 - 2010-11-21 04:47 - 00747436 _____ () C:\windows\PFRO.log
2015-01-07 17:41 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-06 19:29 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-06 19:16 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2012-03-08 06:55] - [2011-02-25 07:25] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-04 10:53

==================== End Of Log ============================
         
--- --- ---


plus Additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Luise at 2015-01-07 21:12:39
Running from C:\Users\Luise\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version:  - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 14:55 - 2013-08-02 03:12 - 00043520 _____ () C:\windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: avipbb
Description: avipbb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avipbb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 09:07:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 09:03:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:24:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:24:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:24:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:21:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:19:12 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/07/2015 07:19:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3685305


System errors:
=============
Error: (01/07/2015 08:05:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JANA_MIRKO",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{995DE48C-91AB-4B8D-8443-0B6DFC1178D0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/07/2015 06:15:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/07/2015 06:15:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/07/2015 06:15:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/07/2015 06:14:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb

Error: (01/07/2015 06:14:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (01/07/2015 09:07:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 09:03:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/07/2015 07:24:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:24:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:24:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:21:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:19:12 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/07/2015 07:19:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3685305


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 18:11:04.363
  Description: N/A

  Date: 2014-06-23 18:11:04.202
  Description: N/A


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 41%
Total physical RAM: 4009.55 MB
Available physical RAM: 2338.5 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5899.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:108.37 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:265.12 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)

==================== End Of Log ============================
         

Alt 07.01.2015, 20:15   #10
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,

anbei das Logfile von Eset 1 Bedrohung gefunden
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dd40bc6c397d584a82791a79bec9c49a
# engine=21854
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-07 08:02:11
# local_time=2015-01-07 09:02:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 259433 39235689 0 0
# scanned=227720
# found=1
# cleaned=0
# scan_time=5530
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
         
und Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Google Chrome 37.0.2062.124  Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 07-01-2015 21:11:24
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "6ab48a75c5156135" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 6ab48a75c5156135; C:\Windows\System32\Drivers\6ab48a75c5156135.sys [42944 2014-06-23] () <===== ATTENTION Necurs Rootkit?
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [11417088 2011-12-01] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [13076328 2011-06-05] () [File not signed]
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [25960 2011-06-05] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed]
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [471144 2011-04-22] () [File not signed]
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] () [File not signed]
R1 SABI; C:\windows\system32\Drivers\SABI.sys [13824 2011-07-29] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] () [File not signed]
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] () [File not signed]
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-02-25] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [60416 2011-01-25] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [18432 2011-01-25] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 21:07 - 2015-01-07 21:08 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-07 19:21 - 2015-01-07 19:24 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-07 18:12 - 2015-01-07 18:12 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 18:10 - 2015-01-07 18:10 - 00026225 _____ () C:\Users\Luise\Desktop\Addition.txt
2015-01-07 18:09 - 2015-01-07 21:11 - 00028538 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-07 18:09 - 2015-01-07 18:09 - 00000000 ____D () C:\Users\Luise\Desktop\FRST-OlderVersion
2015-01-07 18:00 - 2015-01-07 18:00 - 00002029 _____ () C:\Users\Luise\Desktop\JRT.txt
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:55 - 2015-01-07 17:55 - 01707939 _____ (Thisisu) C:\Users\Luise\Desktop\JRT.exe
2015-01-07 17:46 - 2015-01-07 17:49 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:44 - 2015-01-07 17:44 - 02173952 _____ () C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
2015-01-07 17:39 - 2015-01-07 17:39 - 00001202 _____ () C:\Users\Luise\Desktop\mbam.txt
2015-01-07 17:26 - 2015-01-07 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-07 17:23 - 2015-01-07 17:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luise\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-06 19:19 - 2015-01-06 19:19 - 00032132 _____ () C:\ComboFix.txt
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-06 19:19 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 19:04 - 2015-01-06 19:04 - 05609498 ____R (Swearware) C:\Users\Luise\Desktop\ComboFix.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luise\Desktop\revosetup95.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 00001264 _____ () C:\Users\Luise\Desktop\Revo Uninstaller.lnk
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ () C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ () C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ () C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-07 21:11 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 20:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 20:15 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 19:23 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 19:23 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 19:19 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-07 18:15 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 18:15 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-07 18:15 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-07 18:14 - 2012-09-16 14:43 - 00023615 _____ () C:\windows\setupact.log
2015-01-07 18:14 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-07 17:49 - 2010-11-21 04:47 - 00747436 _____ () C:\windows\PFRO.log
2015-01-07 17:41 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-06 19:29 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-06 19:16 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2012-03-08 06:55] - [2011-02-25 07:25] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-04 10:53

==================== End Of Log ============================
         
--- --- ---


plus Additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Luise at 2015-01-07 21:12:39
Running from C:\Users\Luise\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version:  - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 14:55 - 2013-08-02 03:12 - 00043520 _____ () C:\windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: avipbb
Description: avipbb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avipbb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 09:07:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 09:03:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:24:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:24:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:24:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:21:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 07:19:12 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/07/2015 07:19:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3685305


System errors:
=============
Error: (01/07/2015 08:05:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JANA_MIRKO",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{995DE48C-91AB-4B8D-8443-0B6DFC1178D0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/07/2015 06:15:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/07/2015 06:15:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/07/2015 06:15:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/07/2015 06:14:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb

Error: (01/07/2015 06:14:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (01/07/2015 09:07:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 09:03:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/07/2015 07:24:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:24:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:24:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:21:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:21:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/07/2015 07:19:12 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/07/2015 07:19:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3685305


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 18:11:04.363
  Description: N/A

  Date: 2014-06-23 18:11:04.202
  Description: N/A


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 41%
Total physical RAM: 4009.55 MB
Available physical RAM: 2338.5 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5899.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:108.37 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:265.12 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)

==================== End Of Log ============================
         

Alt 08.01.2015, 06:49   #11
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2015, 18:17   #12
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,

sorry aber ich kann TDSSKiller nicht downloaden folgende Meldung kommt:

g;m.parentNode.insertBefore(a,m) })(window,document,'script','/resources/js/ga-outbound.js'); ga('require', 'outbound');

VG Mirko

Habe es jetzt nach 30 Versuchen doch hinbekommen.

VG Mirko

Hallo Schrauber,
anbei der Report
Code:
ATTFilter
18:55:11.0152 0x04a4  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:55:11.0776 0x04a4  ============================================================
18:55:11.0776 0x04a4  Current date / time: 2015/01/08 18:55:11.0776
18:55:11.0776 0x04a4  SystemInfo:
18:55:11.0776 0x04a4  
18:55:11.0776 0x04a4  OS Version: 6.1.7601 ServicePack: 1.0
18:55:11.0776 0x04a4  Product type: Workstation
18:55:11.0776 0x04a4  ComputerName: LUISE-PC
18:55:11.0776 0x04a4  UserName: Luise
18:55:11.0776 0x04a4  Windows directory: C:\windows
18:55:11.0776 0x04a4  System windows directory: C:\windows
18:55:11.0776 0x04a4  Running under WOW64
18:55:11.0776 0x04a4  Processor architecture: Intel x64
18:55:11.0776 0x04a4  Number of processors: 2
18:55:11.0776 0x04a4  Page size: 0x1000
18:55:11.0776 0x04a4  Boot type: Normal boot
18:55:11.0776 0x04a4  ============================================================
18:55:11.0776 0x04a4  BG loaded
18:55:15.0145 0x04a4  System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
18:55:16.0505 0x04a4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:55:16.0515 0x04a4  ============================================================
18:55:16.0515 0x04a4  \Device\Harddisk0\DR0:
18:55:16.0525 0x04a4  MBR partitions:
18:55:16.0525 0x04a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:55:16.0525 0x04a4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
18:55:16.0787 0x04a4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
18:55:16.0787 0x04a4  ============================================================
18:55:17.0177 0x04a4  C: <-> \Device\Harddisk0\DR0\Partition2
18:55:19.0697 0x04a4  D: <-> \Device\Harddisk0\DR0\Partition3
18:55:19.0697 0x04a4  ============================================================
18:55:19.0697 0x04a4  Initialize success
18:55:19.0697 0x04a4  ============================================================
18:57:40.0789 0x1598  ============================================================
18:57:40.0789 0x1598  Scan started
18:57:40.0789 0x1598  Mode: Manual; SigCheck; TDLFS; 
18:57:40.0789 0x1598  ============================================================
18:57:40.0789 0x1598  KSN ping started
18:57:43.0182 0x1598  KSN ping finished: true
18:57:47.0034 0x1598  ================ Scan system memory ========================
18:57:47.0034 0x1598  System memory - ok
18:57:47.0034 0x1598  ================ Scan services =============================
18:57:47.0194 0x1598  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:57:47.0284 0x1598  1394ohci - ok
18:57:47.0294 0x1598  Suspicious service (NoAccess): 6ab48a75c5156135
18:57:47.0334 0x1598  [ FDD39022F97C37337AEFE97E23BB0B7F, 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5 ] 6ab48a75c5156135 C:\windows\System32\Drivers\6ab48a75c5156135.sys
18:57:47.0334 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\6ab48a75c5156135.sys. md5: FDD39022F97C37337AEFE97E23BB0B7F, sha256: 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5
18:57:47.0374 0x1598  6ab48a75c5156135 - detected Rootkit.Win32.Necurs.gen ( 0 )
18:57:49.0995 0x1598  6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - infected
18:57:49.0995 0x1598  Force sending object to P2P due to detect: 6ab48a75c5156135
18:57:52.0989 0x1598  Object send P2P result: true
18:57:55.0539 0x1598  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:57:55.0569 0x1598  ACPI - ok
18:57:55.0589 0x1598  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
18:57:55.0659 0x1598  AcpiPmi - ok
18:57:55.0789 0x1598  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:57:55.0829 0x1598  AdobeFlashPlayerUpdateSvc - ok
18:57:55.0899 0x1598  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
18:57:55.0929 0x1598  adp94xx - ok
18:57:55.0969 0x1598  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
18:57:55.0999 0x1598  adpahci - ok
18:57:56.0039 0x1598  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
18:57:56.0069 0x1598  adpu320 - ok
18:57:56.0109 0x1598  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
18:57:56.0259 0x1598  AeLookupSvc - ok
18:57:56.0319 0x1598  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
18:57:56.0389 0x1598  AFD - ok
18:57:56.0419 0x1598  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
18:57:56.0449 0x1598  agp440 - ok
18:57:56.0489 0x1598  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
18:57:56.0559 0x1598  ALG - ok
18:57:56.0599 0x1598  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
18:57:56.0629 0x1598  aliide - ok
18:57:56.0639 0x1598  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
18:57:56.0659 0x1598  amdide - ok
18:57:56.0679 0x1598  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
18:57:56.0719 0x1598  AmdK8 - ok
18:57:56.0729 0x1598  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
18:57:56.0769 0x1598  AmdPPM - ok
18:57:56.0809 0x1598  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
18:57:56.0829 0x1598  amdsata - ok
18:57:56.0869 0x1598  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
18:57:56.0889 0x1598  amdsbs - ok
18:57:56.0909 0x1598  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
18:57:56.0911 0x1598  amdxata - ok
18:57:56.0941 0x1598  [ 48CD7E6520D47D62EAB0E6CE3EC30C65, D5E6206081202A005888F6F576DDE37C1EE973D7FD155B6C41C7BFE07DEE61F8 ] Andbus          C:\windows\system32\DRIVERS\lgandbus64.sys
18:57:57.0001 0x1598  Andbus - ok
18:57:57.0041 0x1598  [ 08CBACC00D15DCDBBAAE1A7C8F231C61, E713CA0A7A1DC50408004523FC91149CB99AF443E511D00899244AA7C5D1E0EC ] AndDiag         C:\windows\system32\DRIVERS\lganddiag64.sys
18:57:57.0071 0x1598  AndDiag - ok
18:57:57.0081 0x1598  [ CEA9A4CD6B3A83428CE8501240833668, B382AD9E0D5CBB057D64C505A6E1A1A1C3769C83981C60F4EDF966D7BB13A459 ] AndGps          C:\windows\system32\DRIVERS\lgandgps64.sys
18:57:57.0111 0x1598  AndGps - ok
18:57:57.0131 0x1598  [ E2B5663E547FA5E756B253EFA8EC8286, 78FC406BF15615A6BA9AF9CDC49AC0B8EE7F54628BDB1B1FF8596AB2C65E5925 ] ANDModem        C:\windows\system32\DRIVERS\lgandmodem64.sys
18:57:57.0181 0x1598  ANDModem - ok
18:57:57.0331 0x1598  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:57:57.0361 0x1598  AntiVirSchedulerService - ok
18:57:57.0391 0x1598  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:57:57.0411 0x1598  AntiVirService - ok
18:57:57.0511 0x1598  [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
18:57:57.0551 0x1598  AntiVirWebService - ok
18:57:57.0581 0x1598  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
18:57:57.0731 0x1598  AppID - ok
18:57:57.0761 0x1598  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:57:57.0821 0x1598  AppIDSvc - ok
18:57:57.0861 0x1598  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
18:57:57.0891 0x1598  Appinfo - ok
18:57:57.0991 0x1598  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:58.0021 0x1598  Apple Mobile Device - ok
18:57:58.0061 0x1598  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
18:57:58.0081 0x1598  arc - ok
18:57:58.0101 0x1598  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
18:57:58.0121 0x1598  arcsas - ok
18:57:58.0251 0x1598  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:57:58.0301 0x1598  aspnet_state - ok
18:57:58.0351 0x1598  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:57:58.0411 0x1598  AsyncMac - ok
18:57:58.0431 0x1598  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
18:57:58.0441 0x1598  atapi - ok
18:57:58.0451 0x1598  AthBTPort - ok
18:57:58.0581 0x1598  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
18:57:58.0801 0x1598  athr - ok
18:57:58.0861 0x1598  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:57:58.0921 0x1598  AudioEndpointBuilder - ok
18:57:58.0941 0x1598  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:57:59.0001 0x1598  AudioSrv - ok
18:57:59.0061 0x1598  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
18:57:59.0081 0x1598  avgntflt - ok
18:57:59.0121 0x1598  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
18:57:59.0141 0x1598  avipbb - ok
18:57:59.0161 0x1598  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
18:57:59.0181 0x1598  avkmgr - ok
18:57:59.0231 0x1598  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:57:59.0331 0x1598  AxInstSV - ok
18:57:59.0381 0x1598  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
18:57:59.0441 0x1598  b06bdrv - ok
18:57:59.0481 0x1598  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:57:59.0521 0x1598  b57nd60a - ok
18:57:59.0601 0x1598  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:57:59.0621 0x1598  BBSvc - ok
18:57:59.0671 0x1598  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
18:57:59.0741 0x1598  BDESVC - ok
18:57:59.0781 0x1598  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
18:57:59.0841 0x1598  Beep - ok
18:57:59.0951 0x1598  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
18:58:00.0061 0x1598  BFE - ok
18:58:00.0211 0x1598  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
18:58:00.0301 0x1598  BITS - ok
18:58:00.0331 0x1598  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:58:00.0351 0x1598  blbdrive - ok
18:58:00.0421 0x1598  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:58:00.0441 0x1598  Bonjour Service - ok
18:58:00.0471 0x1598  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:58:00.0471 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5, sha256: AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28
18:58:00.0471 0x1598  bowser - detected LockedFile.Multi.Generic ( 1 )
18:58:02.0833 0x1598  Detect skipped due to KSN trusted
18:58:02.0833 0x1598  bowser - ok
18:58:02.0873 0x1598  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
18:58:02.0913 0x1598  BrFiltLo - ok
18:58:02.0923 0x1598  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
18:58:02.0943 0x1598  BrFiltUp - ok
18:58:02.0953 0x1598  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
18:58:02.0993 0x1598  BridgeMP - ok
18:58:03.0043 0x1598  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
18:58:03.0093 0x1598  Browser - ok
18:58:03.0143 0x1598  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
18:58:03.0203 0x1598  Brserid - ok
18:58:03.0223 0x1598  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:58:03.0223 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
18:58:03.0223 0x1598  BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
18:58:05.0593 0x1598  Detect skipped due to KSN trusted
18:58:05.0593 0x1598  BrSerWdm - ok
18:58:05.0643 0x1598  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:58:05.0643 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
18:58:05.0643 0x1598  BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
18:58:08.0075 0x1598  Detect skipped due to KSN trusted
18:58:08.0075 0x1598  BrUsbMdm - ok
18:58:08.0105 0x1598  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:58:08.0105 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
18:58:08.0105 0x1598  BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
18:58:10.0565 0x1598  Detect skipped due to KSN trusted
18:58:10.0565 0x1598  BrUsbSer - ok
18:58:10.0585 0x1598  BTATH_A2DP - ok
18:58:10.0595 0x1598  btath_avdt - ok
18:58:10.0605 0x1598  BTATH_BUS - ok
18:58:10.0625 0x1598  BTATH_HCRP - ok
18:58:10.0625 0x1598  BTATH_LWFLT - ok
18:58:10.0635 0x1598  BTATH_RCP - ok
18:58:10.0645 0x1598  BtFilter - ok
18:58:10.0695 0x1598  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
18:58:10.0695 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\BthEnum.sys. md5: CF98190A94F62E405C8CB255018B2315, sha256: E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781
18:58:10.0695 0x1598  BthEnum - detected LockedFile.Multi.Generic ( 1 )
18:58:13.0167 0x1598  Detect skipped due to KSN trusted
18:58:13.0167 0x1598  BthEnum - ok
18:58:13.0197 0x1598  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
18:58:13.0197 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
18:58:13.0197 0x1598  BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
18:58:15.0577 0x1598  Detect skipped due to KSN trusted
18:58:15.0577 0x1598  BTHMODEM - ok
18:58:15.0657 0x1598  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
18:58:15.0657 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\bthpan.sys. md5: 02DD601B708DD0667E1331FA8518E9FF, sha256: 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1
18:58:15.0657 0x1598  BthPan - detected LockedFile.Multi.Generic ( 1 )
18:58:18.0039 0x1598  Detect skipped due to KSN trusted
18:58:18.0039 0x1598  BthPan - ok
18:58:18.0149 0x1598  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
18:58:18.0149 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BTHport.sys. md5: 738D0E9272F59EB7A1449C3EC118E6C4, sha256: FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080
18:58:18.0149 0x1598  BTHPORT - detected LockedFile.Multi.Generic ( 1 )
18:58:20.0529 0x1598  Detect skipped due to KSN trusted
18:58:20.0529 0x1598  BTHPORT - ok
18:58:20.0609 0x1598  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
18:58:20.0679 0x1598  bthserv - ok
18:58:20.0709 0x1598  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
18:58:20.0709 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BTHUSB.sys. md5: F188B7394D81010767B6DF3178519A37, sha256: 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B
18:58:20.0709 0x1598  BTHUSB - detected LockedFile.Multi.Generic ( 1 )
18:58:23.0071 0x1598  Detect skipped due to KSN trusted
18:58:23.0071 0x1598  BTHUSB - ok
18:58:23.0101 0x1598  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:58:23.0101 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
18:58:23.0101 0x1598  cdfs - detected LockedFile.Multi.Generic ( 1 )
18:58:25.0473 0x1598  Detect skipped due to KSN trusted
18:58:25.0473 0x1598  cdfs - ok
18:58:25.0523 0x1598  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
18:58:25.0523 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
18:58:25.0533 0x1598  cdrom - detected LockedFile.Multi.Generic ( 1 )
18:58:27.0925 0x1598  Detect skipped due to KSN trusted
18:58:27.0925 0x1598  cdrom - ok
18:58:27.0965 0x1598  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
18:58:28.0025 0x1598  CertPropSvc - ok
18:58:28.0055 0x1598  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
18:58:28.0055 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
18:58:28.0055 0x1598  circlass - detected LockedFile.Multi.Generic ( 1 )
18:58:30.0415 0x1598  Detect skipped due to KSN trusted
18:58:30.0415 0x1598  circlass - ok
18:58:30.0485 0x1598  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
18:58:30.0485 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
18:58:30.0495 0x1598  CLFS - detected LockedFile.Multi.Generic ( 1 )
18:58:32.0888 0x1598  Detect skipped due to KSN trusted
18:58:32.0888 0x1598  CLFS - ok
18:58:32.0938 0x1598  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:58:32.0958 0x1598  clr_optimization_v2.0.50727_32 - ok
18:58:32.0978 0x1598  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:58:33.0038 0x1598  clr_optimization_v2.0.50727_64 - ok
18:58:33.0138 0x1598  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:58:33.0338 0x1598  clr_optimization_v4.0.30319_32 - ok
18:58:33.0368 0x1598  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:58:33.0498 0x1598  clr_optimization_v4.0.30319_64 - ok
18:58:33.0538 0x1598  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
18:58:33.0538 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\clwvd.sys. md5: E13A438F9E51DD034730678E33B73290, sha256: 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A
18:58:33.0538 0x1598  clwvd - detected LockedFile.Multi.Generic ( 1 )
18:58:35.0898 0x1598  Detect skipped due to KSN trusted
18:58:35.0898 0x1598  clwvd - ok
18:58:35.0968 0x1598  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:58:35.0968 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
18:58:35.0968 0x1598  CmBatt - detected LockedFile.Multi.Generic ( 1 )
18:58:38.0350 0x1598  Detect skipped due to KSN trusted
18:58:38.0350 0x1598  CmBatt - ok
18:58:38.0430 0x1598  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:58:38.0430 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
18:58:38.0430 0x1598  cmdide - detected LockedFile.Multi.Generic ( 1 )
18:58:40.0810 0x1598  Detect skipped due to KSN trusted
18:58:40.0810 0x1598  cmdide - ok
18:58:40.0930 0x1598  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
18:58:40.0940 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\cng.sys. md5: EBF28856F69CF094A902F884CF989706, sha256: AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F
18:58:40.0940 0x1598  CNG - detected LockedFile.Multi.Generic ( 1 )
18:58:43.0305 0x1598  Detect skipped due to KSN trusted
18:58:43.0305 0x1598  CNG - ok
18:58:43.0365 0x1598  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
18:58:43.0365 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
18:58:43.0365 0x1598  Compbatt - detected LockedFile.Multi.Generic ( 1 )
18:58:46.0476 0x1598  Detect skipped due to KSN trusted
18:58:46.0476 0x1598  Compbatt - ok
18:58:46.0526 0x1598  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
18:58:46.0526 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
18:58:46.0546 0x1598  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
18:58:49.0693 0x1598  Detect skipped due to KSN trusted
18:58:49.0693 0x1598  CompositeBus - ok
18:58:49.0723 0x1598  COMSysApp - ok
18:58:49.0803 0x1598  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
18:58:49.0803 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
18:58:49.0803 0x1598  crcdisk - detected LockedFile.Multi.Generic ( 1 )
18:58:52.0203 0x1598  Detect skipped due to KSN trusted
18:58:52.0203 0x1598  crcdisk - ok
18:58:52.0303 0x1598  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:58:52.0353 0x1598  CryptSvc - ok
18:58:52.0563 0x1598  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:58:52.0593 0x1598  cvhsvc - ok
18:58:52.0663 0x1598  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:58:52.0753 0x1598  DcomLaunch - ok
18:58:52.0863 0x1598  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
18:58:52.0933 0x1598  defragsvc - ok
18:58:53.0003 0x1598  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:58:53.0003 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F
18:58:53.0003 0x1598  DfsC - detected LockedFile.Multi.Generic ( 1 )
18:58:55.0374 0x1598  Detect skipped due to KSN trusted
18:58:55.0374 0x1598  DfsC - ok
18:58:55.0444 0x1598  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
18:58:55.0516 0x1598  Dhcp - ok
18:58:55.0546 0x1598  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
18:58:55.0546 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
18:58:55.0546 0x1598  discache - detected LockedFile.Multi.Generic ( 1 )
18:58:57.0917 0x1598  Detect skipped due to KSN trusted
18:58:57.0917 0x1598  discache - ok
18:58:57.0987 0x1598  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
18:58:57.0987 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
18:58:57.0987 0x1598  Disk - detected LockedFile.Multi.Generic ( 1 )
18:59:00.0347 0x1598  Detect skipped due to KSN trusted
18:59:00.0347 0x1598  Disk - ok
18:59:00.0437 0x1598  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:59:00.0517 0x1598  Dnscache - ok
18:59:00.0557 0x1598  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
18:59:00.0627 0x1598  dot3svc - ok
18:59:00.0697 0x1598  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
18:59:00.0767 0x1598  DPS - ok
18:59:00.0797 0x1598  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
18:59:00.0797 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
18:59:00.0797 0x1598  drmkaud - detected LockedFile.Multi.Generic ( 1 )
18:59:03.0169 0x1598  Detect skipped due to KSN trusted
18:59:03.0169 0x1598  drmkaud - ok
18:59:03.0249 0x1598  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
18:59:03.0249 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\drivers\dxgkrnl.sys. md5: 88612F1CE3BF42256913BF6E61C70D52, sha256: 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7
18:59:03.0249 0x1598  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
18:59:05.0599 0x1598  Detect skipped due to KSN trusted
18:59:05.0599 0x1598  DXGKrnl - ok
18:59:05.0629 0x1598  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
18:59:05.0709 0x1598  EapHost - ok
18:59:05.0859 0x1598  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
18:59:05.0859 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
18:59:05.0869 0x1598  ebdrv - detected LockedFile.Multi.Generic ( 1 )
18:59:08.0211 0x1598  Detect skipped due to KSN trusted
18:59:08.0211 0x1598  ebdrv - ok
18:59:08.0241 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\windows\System32\lsass.exe
18:59:08.0271 0x1598  EFS - ok
18:59:08.0411 0x1598  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
18:59:08.0511 0x1598  ehRecvr - ok
18:59:08.0561 0x1598  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
18:59:08.0591 0x1598  ehSched - ok
18:59:08.0731 0x1598  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
18:59:08.0731 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
18:59:08.0731 0x1598  elxstor - detected LockedFile.Multi.Generic ( 1 )
18:59:11.0101 0x1598  Detect skipped due to KSN trusted
18:59:11.0101 0x1598  elxstor - ok
18:59:11.0151 0x1598  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:59:11.0151 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
18:59:11.0151 0x1598  ErrDev - detected LockedFile.Multi.Generic ( 1 )
18:59:13.0543 0x1598  Detect skipped due to KSN trusted
18:59:13.0543 0x1598  ErrDev - ok
18:59:13.0643 0x1598  [ FD621C77B762BF1E5BB1887F02B515DF, 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
18:59:13.0643 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ETD.sys. md5: FD621C77B762BF1E5BB1887F02B515DF, sha256: 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388
18:59:13.0643 0x1598  ETD - detected LockedFile.Multi.Generic ( 1 )
18:59:16.0003 0x1598  Detect skipped due to KSN trusted
18:59:16.0003 0x1598  ETD - ok
18:59:16.0103 0x1598  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
18:59:16.0163 0x1598  EventSystem - ok
18:59:16.0193 0x1598  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
18:59:16.0193 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
18:59:16.0193 0x1598  exfat - detected LockedFile.Multi.Generic ( 1 )
18:59:18.0605 0x1598  Detect skipped due to KSN trusted
18:59:18.0605 0x1598  exfat - ok
18:59:18.0615 0x1598  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
18:59:18.0615 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
18:59:18.0625 0x1598  fastfat - detected LockedFile.Multi.Generic ( 1 )
18:59:20.0985 0x1598  Detect skipped due to KSN trusted
18:59:20.0985 0x1598  fastfat - ok
18:59:21.0045 0x1598  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
18:59:21.0095 0x1598  Fax - ok
18:59:21.0115 0x1598  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
18:59:21.0115 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
18:59:21.0115 0x1598  fdc - detected LockedFile.Multi.Generic ( 1 )
18:59:23.0507 0x1598  Detect skipped due to KSN trusted
18:59:23.0507 0x1598  fdc - ok
18:59:23.0557 0x1598  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
18:59:23.0627 0x1598  fdPHost - ok
18:59:23.0647 0x1598  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
18:59:23.0697 0x1598  FDResPub - ok
18:59:23.0717 0x1598  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:59:23.0717 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
18:59:23.0717 0x1598  FileInfo - detected LockedFile.Multi.Generic ( 1 )
18:59:26.0137 0x1598  Detect skipped due to KSN trusted
18:59:26.0137 0x1598  FileInfo - ok
18:59:26.0197 0x1598  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
18:59:26.0197 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
18:59:26.0197 0x1598  Filetrace - detected LockedFile.Multi.Generic ( 1 )
18:59:28.0569 0x1598  Detect skipped due to KSN trusted
18:59:28.0569 0x1598  Filetrace - ok
18:59:28.0619 0x1598  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
18:59:28.0619 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
18:59:28.0619 0x1598  flpydisk - detected LockedFile.Multi.Generic ( 1 )
18:59:30.0989 0x1598  Detect skipped due to KSN trusted
18:59:30.0989 0x1598  flpydisk - ok
18:59:31.0029 0x1598  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:59:31.0029 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
18:59:31.0029 0x1598  FltMgr - detected LockedFile.Multi.Generic ( 1 )
18:59:38.0406 0x1598  Detect skipped due to KSN trusted
18:59:38.0406 0x1598  FltMgr - ok
18:59:38.0526 0x1598  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
18:59:38.0596 0x1598  FontCache - ok
18:59:38.0626 0x1598  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:38.0646 0x1598  FontCache3.0.0.0 - ok
18:59:38.0646 0x1598  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
18:59:38.0656 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
18:59:38.0656 0x1598  FsDepends - detected LockedFile.Multi.Generic ( 1 )
18:59:41.0006 0x1598  Detect skipped due to KSN trusted
18:59:41.0006 0x1598  FsDepends - ok
18:59:41.0036 0x1598  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:59:41.0046 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
18:59:41.0046 0x1598  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
18:59:43.0438 0x1598  Detect skipped due to KSN trusted
18:59:43.0438 0x1598  Fs_Rec - ok
18:59:43.0518 0x1598  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:59:43.0518 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\fvevol.sys. md5: 8F6322049018354F45F05A2FD2D4E5E0, sha256: 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359
18:59:43.0518 0x1598  fvevol - detected LockedFile.Multi.Generic ( 1 )
18:59:45.0938 0x1598  Detect skipped due to KSN trusted
18:59:45.0938 0x1598  fvevol - ok
18:59:45.0998 0x1598  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
18:59:45.0998 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
18:59:45.0998 0x1598  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
18:59:48.0382 0x1598  Detect skipped due to KSN trusted
18:59:48.0382 0x1598  gagp30kx - ok
18:59:48.0462 0x1598  [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
18:59:48.0482 0x1598  GameConsoleService - ok
18:59:48.0522 0x1598  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:59:48.0522 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
18:59:48.0522 0x1598  GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
18:59:50.0882 0x1598  Detect skipped due to KSN trusted
18:59:50.0882 0x1598  GEARAspiWDM - ok
18:59:50.0942 0x1598  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
18:59:51.0012 0x1598  gpsvc - ok
18:59:51.0132 0x1598  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:51.0152 0x1598  gupdate - ok
18:59:51.0152 0x1598  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:51.0172 0x1598  gupdatem - ok
18:59:51.0202 0x1598  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:51.0212 0x1598  gusvc - ok
18:59:51.0242 0x1598  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:59:51.0242 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
18:59:51.0242 0x1598  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
18:59:53.0604 0x1598  Detect skipped due to KSN trusted
18:59:53.0604 0x1598  hcw85cir - ok
18:59:53.0684 0x1598  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:59:53.0684 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
18:59:53.0684 0x1598  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
18:59:56.0054 0x1598  Detect skipped due to KSN trusted
18:59:56.0054 0x1598  HdAudAddService - ok
18:59:56.0074 0x1598  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
18:59:56.0084 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
18:59:56.0084 0x1598  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
18:59:58.0457 0x1598  Detect skipped due to KSN trusted
18:59:58.0457 0x1598  HDAudBus - ok
18:59:58.0507 0x1598  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
18:59:58.0507 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
18:59:58.0507 0x1598  HidBatt - detected LockedFile.Multi.Generic ( 1 )
19:00:00.0887 0x1598  Detect skipped due to KSN trusted
19:00:00.0887 0x1598  HidBatt - ok
19:00:00.0897 0x1598  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:00:00.0897 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
19:00:00.0897 0x1598  HidBth - detected LockedFile.Multi.Generic ( 1 )
19:00:03.0279 0x1598  Detect skipped due to KSN trusted
19:00:03.0279 0x1598  HidBth - ok
19:00:03.0289 0x1598  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
19:00:03.0289 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
19:00:03.0289 0x1598  HidIr - detected LockedFile.Multi.Generic ( 1 )
19:00:05.0659 0x1598  Detect skipped due to KSN trusted
19:00:05.0659 0x1598  HidIr - ok
19:00:05.0719 0x1598  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
19:00:05.0799 0x1598  hidserv - ok
19:00:05.0849 0x1598  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
19:00:05.0849 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
19:00:05.0849 0x1598  HidUsb - detected LockedFile.Multi.Generic ( 1 )
19:00:08.0221 0x1598  Detect skipped due to KSN trusted
19:00:08.0221 0x1598  HidUsb - ok
19:00:08.0281 0x1598  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:00:08.0371 0x1598  hkmsvc - ok
19:00:08.0401 0x1598  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:00:08.0441 0x1598  HomeGroupListener - ok
19:00:08.0461 0x1598  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:00:08.0491 0x1598  HomeGroupProvider - ok
19:00:08.0531 0x1598  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:00:08.0531 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
19:00:08.0531 0x1598  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
19:00:10.0901 0x1598  Detect skipped due to KSN trusted
19:00:10.0901 0x1598  HpSAMD - ok
19:00:10.0961 0x1598  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:00:10.0961 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
19:00:10.0961 0x1598  HTTP - detected LockedFile.Multi.Generic ( 1 )
19:00:13.0333 0x1598  Detect skipped due to KSN trusted
19:00:13.0333 0x1598  HTTP - ok
19:00:13.0403 0x1598  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:00:13.0403 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
19:00:13.0403 0x1598  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
19:00:15.0773 0x1598  Detect skipped due to KSN trusted
19:00:15.0773 0x1598  hwpolicy - ok
19:00:15.0833 0x1598  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:00:15.0833 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
19:00:15.0843 0x1598  i8042prt - detected LockedFile.Multi.Generic ( 1 )
19:00:18.0215 0x1598  Detect skipped due to KSN trusted
19:00:18.0215 0x1598  i8042prt - ok
19:00:18.0305 0x1598  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
19:00:18.0305 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\iaStor.sys. md5: 53CC5BF8B5A219119953C7ABB19A7705, sha256: F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0
19:00:18.0325 0x1598  iaStor - detected LockedFile.Multi.Generic ( 1 )
19:00:20.0705 0x1598  Detect skipped due to KSN trusted
19:00:20.0705 0x1598  iaStor - ok
19:00:20.0795 0x1598  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:00:20.0795 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
19:00:20.0795 0x1598  iaStorV - detected LockedFile.Multi.Generic ( 1 )
19:00:23.0168 0x1598  Detect skipped due to KSN trusted
19:00:23.0168 0x1598  iaStorV - ok
19:00:23.0288 0x1598  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:00:23.0328 0x1598  idsvc - ok
19:00:23.0348 0x1598  IEEtwCollectorService - ok
19:00:23.0798 0x1598  [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
19:00:23.0798 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\igdkmd64.sys. md5: 8CB8667F5A3B5515F2585F3254F3AAF7, sha256: 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8
19:00:23.0828 0x1598  igfx - detected LockedFile.Multi.Generic ( 1 )
19:00:26.0188 0x1598  Detect skipped due to KSN trusted
19:00:26.0188 0x1598  igfx - ok
19:00:26.0218 0x1598  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:00:26.0218 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
19:00:26.0218 0x1598  iirsp - detected LockedFile.Multi.Generic ( 1 )
19:00:28.0595 0x1598  Detect skipped due to KSN trusted
19:00:28.0595 0x1598  iirsp - ok
19:00:28.0715 0x1598  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
19:00:28.0775 0x1598  IKEEXT - ok
19:00:28.0935 0x1598  [ 8E05ADB4B809B478B2EC65A1A1633DEB, E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:00:28.0935 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\RTKVHD64.sys. md5: 8E05ADB4B809B478B2EC65A1A1633DEB, sha256: E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8
19:00:28.0935 0x1598  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:00:31.0305 0x1598  Detect skipped due to KSN trusted
19:00:31.0305 0x1598  IntcAzAudAddService - ok
19:00:31.0395 0x1598  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
19:00:31.0395 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\IntcDAud.sys. md5: FC727061C0F47C8059E88E05D5C8E381, sha256: C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800
19:00:31.0395 0x1598  IntcDAud - detected LockedFile.Multi.Generic ( 1 )
19:00:33.0780 0x1598  Detect skipped due to KSN trusted
19:00:33.0780 0x1598  IntcDAud - ok
19:00:33.0800 0x1598  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
19:00:33.0800 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
19:00:33.0800 0x1598  intelide - detected LockedFile.Multi.Generic ( 1 )
19:00:36.0170 0x1598  Detect skipped due to KSN trusted
19:00:36.0170 0x1598  intelide - ok
19:00:36.0240 0x1598  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:00:36.0240 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
19:00:36.0250 0x1598  intelppm - detected LockedFile.Multi.Generic ( 1 )
19:00:38.0612 0x1598  Detect skipped due to KSN trusted
19:00:38.0612 0x1598  intelppm - ok
19:00:38.0682 0x1598  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:00:38.0742 0x1598  IPBusEnum - ok
19:00:38.0752 0x1598  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:00:38.0752 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
19:00:38.0762 0x1598  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
19:00:41.0142 0x1598  Detect skipped due to KSN trusted
19:00:41.0142 0x1598  IpFilterDriver - ok
19:00:41.0222 0x1598  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:00:41.0292 0x1598  iphlpsvc - ok
19:00:41.0302 0x1598  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:00:41.0302 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
19:00:41.0302 0x1598  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
19:00:43.0684 0x1598  Detect skipped due to KSN trusted
19:00:43.0684 0x1598  IPMIDRV - ok
19:00:43.0734 0x1598  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:00:43.0734 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
19:00:43.0734 0x1598  IPNAT - detected LockedFile.Multi.Generic ( 1 )
19:00:46.0104 0x1598  Detect skipped due to KSN trusted
19:00:46.0104 0x1598  IPNAT - ok
19:00:46.0194 0x1598  [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:00:46.0224 0x1598  iPod Service - ok
19:00:46.0244 0x1598  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:00:46.0244 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
19:00:46.0244 0x1598  IRENUM - detected LockedFile.Multi.Generic ( 1 )
19:00:48.0606 0x1598  Detect skipped due to KSN trusted
19:00:48.0606 0x1598  IRENUM - ok
19:00:48.0666 0x1598  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:00:48.0666 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
19:00:48.0666 0x1598  isapnp - detected LockedFile.Multi.Generic ( 1 )
19:00:51.0056 0x1598  Detect skipped due to KSN trusted
19:00:51.0056 0x1598  isapnp - ok
19:00:51.0126 0x1598  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:00:51.0126 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msiscsi.sys. md5: 96BB922A0981BC7432C8CF52B5410FE6, sha256: 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA
19:00:51.0126 0x1598  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
19:00:53.0538 0x1598  Detect skipped due to KSN trusted
19:00:53.0538 0x1598  iScsiPrt - ok
19:00:53.0588 0x1598  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:00:53.0588 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
19:00:53.0598 0x1598  kbdclass - detected LockedFile.Multi.Generic ( 1 )
19:00:55.0978 0x1598  Detect skipped due to KSN trusted
19:00:55.0978 0x1598  kbdclass - ok
19:00:56.0028 0x1598  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:00:56.0028 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
19:00:56.0028 0x1598  kbdhid - detected LockedFile.Multi.Generic ( 1 )
19:00:58.0470 0x1598  Detect skipped due to KSN trusted
19:00:58.0470 0x1598  kbdhid - ok
19:00:58.0530 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
19:00:58.0560 0x1598  KeyIso - ok
19:00:58.0580 0x1598  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:00:58.0580 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A
19:00:58.0580 0x1598  KSecDD - detected LockedFile.Multi.Generic ( 1 )
19:01:02.0480 0x1598  Detect skipped due to KSN trusted
19:01:02.0480 0x1598  KSecDD - ok
19:01:02.0520 0x1598  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:01:02.0520 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD
19:01:02.0520 0x1598  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
19:01:04.0946 0x1598  Detect skipped due to KSN trusted
19:01:04.0946 0x1598  KSecPkg - ok
19:01:05.0016 0x1598  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:01:05.0016 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
19:01:05.0016 0x1598  ksthunk - detected LockedFile.Multi.Generic ( 1 )
19:01:14.0420 0x1598  Detect skipped due to KSN trusted
19:01:14.0420 0x1598  ksthunk - ok
19:01:14.0490 0x1598  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
19:01:14.0570 0x1598  KtmRm - ok
19:01:14.0620 0x1598  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
19:01:14.0700 0x1598  LanmanServer - ok
19:01:14.0720 0x1598  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:01:14.0770 0x1598  LanmanWorkstation - ok
19:01:14.0790 0x1598  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:01:14.0790 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
19:01:14.0790 0x1598  lltdio - detected LockedFile.Multi.Generic ( 1 )
19:01:17.0160 0x1598  Detect skipped due to KSN trusted
19:01:17.0160 0x1598  lltdio - ok
19:01:17.0240 0x1598  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:01:17.0320 0x1598  lltdsvc - ok
19:01:17.0330 0x1598  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:01:17.0380 0x1598  lmhosts - ok
19:01:17.0460 0x1598  [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:01:17.0490 0x1598  LMS - ok
19:01:17.0520 0x1598  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:01:17.0520 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
19:01:17.0520 0x1598  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
19:01:19.0882 0x1598  Detect skipped due to KSN trusted
19:01:19.0882 0x1598  LSI_FC - ok
19:01:19.0942 0x1598  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:01:19.0942 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
19:01:19.0942 0x1598  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
19:01:22.0423 0x1598  Detect skipped due to KSN trusted
19:01:22.0423 0x1598  LSI_SAS - ok
19:01:22.0473 0x1598  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:01:22.0473 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
19:01:22.0473 0x1598  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
19:01:24.0865 0x1598  Detect skipped due to KSN trusted
19:01:24.0865 0x1598  LSI_SAS2 - ok
19:01:24.0925 0x1598  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:01:24.0925 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
19:01:24.0925 0x1598  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
19:01:27.0355 0x1598  Detect skipped due to KSN trusted
19:01:27.0355 0x1598  LSI_SCSI - ok
19:01:27.0415 0x1598  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
19:01:27.0415 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
19:01:27.0415 0x1598  luafv - detected LockedFile.Multi.Generic ( 1 )
19:01:31.0291 0x1598  Detect skipped due to KSN trusted
19:01:31.0291 0x1598  luafv - ok
19:01:31.0351 0x1598  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:01:31.0411 0x1598  Mcx2Svc - ok
19:01:31.0441 0x1598  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
19:01:31.0441 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
19:01:31.0441 0x1598  megasas - detected LockedFile.Multi.Generic ( 1 )
19:01:34.0053 0x1598  Detect skipped due to KSN trusted
19:01:34.0053 0x1598  megasas - ok
19:01:34.0143 0x1598  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:01:34.0143 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
19:01:34.0143 0x1598  MegaSR - detected LockedFile.Multi.Generic ( 1 )
19:01:36.0523 0x1598  Detect skipped due to KSN trusted
19:01:36.0523 0x1598  MegaSR - ok
19:01:36.0593 0x1598  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
19:01:36.0593 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\HECIx64.sys. md5: A6518DCC42F7A6E999BB3BEA8FD87567, sha256: 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC
19:01:36.0593 0x1598  MEIx64 - detected LockedFile.Multi.Generic ( 1 )
19:01:38.0985 0x1598  Detect skipped due to KSN trusted
19:01:38.0985 0x1598  MEIx64 - ok
19:01:39.0015 0x1598  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
19:01:39.0115 0x1598  MMCSS - ok
19:01:39.0125 0x1598  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
19:01:39.0125 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
19:01:39.0125 0x1598  Modem - detected LockedFile.Multi.Generic ( 1 )
19:01:41.0506 0x1598  Detect skipped due to KSN trusted
19:01:41.0506 0x1598  Modem - ok
19:01:41.0576 0x1598  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:01:41.0576 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
19:01:41.0576 0x1598  monitor - detected LockedFile.Multi.Generic ( 1 )
19:01:43.0998 0x1598  Detect skipped due to KSN trusted
19:01:43.0998 0x1598  monitor - ok
19:01:44.0048 0x1598  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:01:44.0048 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
19:01:44.0058 0x1598  mouclass - detected LockedFile.Multi.Generic ( 1 )
19:01:46.0448 0x1598  Detect skipped due to KSN trusted
19:01:46.0448 0x1598  mouclass - ok
19:01:46.0518 0x1598  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:01:46.0518 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
19:01:46.0518 0x1598  mouhid - detected LockedFile.Multi.Generic ( 1 )
19:01:48.0900 0x1598  Detect skipped due to KSN trusted
19:01:48.0900 0x1598  mouhid - ok
19:01:48.0940 0x1598  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:01:48.0940 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
19:01:48.0940 0x1598  mountmgr - detected LockedFile.Multi.Generic ( 1 )
19:01:54.0662 0x1598  Detect skipped due to KSN trusted
19:01:54.0662 0x1598  mountmgr - ok
19:01:54.0752 0x1598  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
19:01:54.0762 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
19:01:54.0762 0x1598  mpio - detected LockedFile.Multi.Generic ( 1 )
19:02:04.0764 0x1598  Object is SCO, delete is not allowed
19:02:04.0764 0x1598  mpio ( LockedFile.Multi.Generic ) - warning
19:02:18.0588 0x1598  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:02:18.0588 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
19:02:18.0588 0x1598  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
19:02:28.0590 0x1598  Object is SCO, delete is not allowed
19:02:28.0590 0x1598  mpsdrv ( LockedFile.Multi.Generic ) - warning
19:02:28.0590 0x1598  Force sending object to P2P due to detect: mpsdrv
19:02:34.0398 0x1598  Object send P2P result: false
19:02:34.0578 0x1598  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:02:34.0690 0x1598  MpsSvc - ok
19:02:34.0762 0x1598  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:02:34.0762 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mrxdav.sys. md5: 1A4F75E63C9FB84B85DFFC6B63FD5404, sha256: 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F
19:02:34.0762 0x1598  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0762 0x1598  Object is SCO, delete is not allowed
19:02:34.0762 0x1598  MRxDAV ( LockedFile.Multi.Generic ) - warning
19:02:34.0802 0x1598  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:02:34.0802 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
19:02:34.0802 0x1598  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0802 0x1598  Object is SCO, delete is not allowed
19:02:34.0802 0x1598  mrxsmb ( LockedFile.Multi.Generic ) - warning
19:02:34.0802 0x1598  Force sending object to P2P due to detect: mrxsmb
19:02:34.0812 0x1598  Object send P2P result: false
19:02:34.0832 0x1598  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:02:34.0832 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
19:02:34.0832 0x1598  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0832 0x1598  Object is SCO, delete is not allowed
19:02:34.0832 0x1598  mrxsmb10 ( LockedFile.Multi.Generic ) - warning
19:02:34.0862 0x1598  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:02:34.0862 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
19:02:34.0862 0x1598  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0862 0x1598  Object is SCO, delete is not allowed
19:02:34.0862 0x1598  mrxsmb20 ( LockedFile.Multi.Generic ) - warning
19:02:34.0862 0x1598  Force sending object to P2P due to detect: mrxsmb20
19:02:34.0862 0x1598  Object send P2P result: false
19:02:34.0892 0x1598  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
19:02:34.0892 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
19:02:34.0892 0x1598  msahci - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0892 0x1598  Object is SCO, delete is not allowed
19:02:34.0892 0x1598  msahci ( LockedFile.Multi.Generic ) - warning
19:02:34.0932 0x1598  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:02:34.0932 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
19:02:34.0932 0x1598  msdsm - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0932 0x1598  Object is SCO, delete is not allowed
19:02:34.0932 0x1598  msdsm ( LockedFile.Multi.Generic ) - warning
19:02:34.0952 0x1598  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
19:02:34.0982 0x1598  MSDTC - ok
19:02:35.0022 0x1598  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:02:35.0022 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
19:02:35.0022 0x1598  Msfs - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0022 0x1598  Object is SCO, delete is not allowed
19:02:35.0022 0x1598  Msfs ( LockedFile.Multi.Generic ) - warning
19:02:35.0022 0x1598  Force sending object to P2P due to detect: Msfs
19:02:35.0022 0x1598  Object send P2P result: false
19:02:35.0052 0x1598  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:02:35.0052 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
19:02:35.0052 0x1598  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0052 0x1598  mshidkmdf ( LockedFile.Multi.Generic ) - warning
19:02:35.0072 0x1598  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:02:35.0072 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
19:02:35.0072 0x1598  msisadrv - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0072 0x1598  Object is SCO, delete is not allowed
19:02:35.0072 0x1598  msisadrv ( LockedFile.Multi.Generic ) - warning
19:02:35.0072 0x1598  Force sending object to P2P due to detect: msisadrv
19:02:35.0082 0x1598  Object send P2P result: false
19:02:35.0102 0x1598  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:02:35.0152 0x1598  MSiSCSI - ok
19:02:35.0152 0x1598  msiserver - ok
19:02:35.0183 0x1598  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:02:35.0183 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
19:02:35.0183 0x1598  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0183 0x1598  Object is SCO, delete is not allowed
19:02:35.0183 0x1598  MSKSSRV ( LockedFile.Multi.Generic ) - warning
19:02:35.0202 0x1598  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:02:35.0202 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
19:02:35.0203 0x1598  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0203 0x1598  Object is SCO, delete is not allowed
19:02:35.0203 0x1598  MSPCLOCK ( LockedFile.Multi.Generic ) - warning
19:02:35.0203 0x1598  Force sending object to P2P due to detect: MSPCLOCK
19:02:35.0204 0x1598  Object send P2P result: false
19:02:35.0219 0x1598  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:02:35.0219 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
19:02:35.0220 0x1598  MSPQM - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0220 0x1598  Object is SCO, delete is not allowed
19:02:35.0220 0x1598  MSPQM ( LockedFile.Multi.Generic ) - warning
19:02:35.0220 0x1598  Force sending object to P2P due to detect: MSPQM
19:02:35.0221 0x1598  Object send P2P result: false
19:02:35.0246 0x1598  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:02:35.0246 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
19:02:35.0247 0x1598  MsRPC - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0247 0x1598  Object is SCO, delete is not allowed
19:02:35.0247 0x1598  MsRPC ( LockedFile.Multi.Generic ) - warning
19:02:35.0247 0x1598  Force sending object to P2P due to detect: MsRPC
19:02:35.0249 0x1598  Object send P2P result: false
19:02:35.0263 0x1598  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:02:35.0264 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
19:02:35.0264 0x1598  mssmbios - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0264 0x1598  Object is SCO, delete is not allowed
19:02:35.0264 0x1598  mssmbios ( LockedFile.Multi.Generic ) - warning
19:02:35.0283 0x1598  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:02:35.0283 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
19:02:35.0284 0x1598  MSTEE - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0284 0x1598  Object is SCO, delete is not allowed
19:02:35.0284 0x1598  MSTEE ( LockedFile.Multi.Generic ) - warning
19:02:35.0284 0x1598  Force sending object to P2P due to detect: MSTEE
19:02:35.0284 0x1598  Object send P2P result: false
19:02:35.0292 0x1598  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:02:35.0292 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
19:02:35.0293 0x1598  MTConfig - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0293 0x1598  MTConfig ( LockedFile.Multi.Generic ) - warning
19:02:35.0293 0x1598  Force sending object to P2P due to detect: MTConfig
19:02:35.0302 0x1598  Object send P2P result: false
19:02:35.0309 0x1598  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
19:02:35.0309 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
19:02:35.0309 0x1598  Mup - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0310 0x1598  Object is SCO, delete is not allowed
19:02:35.0310 0x1598  Mup ( LockedFile.Multi.Generic ) - warning
19:02:35.0347 0x1598  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
19:02:35.0424 0x1598  napagent - ok
19:02:35.0476 0x1598  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:02:35.0476 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
19:02:35.0476 0x1598  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0476 0x1598  Object is SCO, delete is not allowed
19:02:35.0476 0x1598  NativeWifiP ( LockedFile.Multi.Generic ) - warning
19:02:35.0476 0x1598  Force sending object to P2P due to detect: NativeWifiP
19:02:35.0476 0x1598  Object send P2P result: false
19:02:35.0536 0x1598  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
19:02:35.0536 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
19:02:35.0536 0x1598  NDIS - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0536 0x1598  Object is SCO, delete is not allowed
19:02:35.0536 0x1598  NDIS ( LockedFile.Multi.Generic ) - warning
19:02:35.0578 0x1598  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:02:35.0579 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
19:02:35.0579 0x1598  NdisCap - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0579 0x1598  NdisCap ( LockedFile.Multi.Generic ) - warning
19:02:35.0579 0x1598  Force sending object to P2P due to detect: NdisCap
19:02:35.0580 0x1598  Object send P2P result: false
19:02:35.0598 0x1598  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:02:35.0608 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
19:02:35.0608 0x1598  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0608 0x1598  Object is SCO, delete is not allowed
19:02:35.0608 0x1598  NdisTapi ( LockedFile.Multi.Generic ) - warning
19:02:35.0608 0x1598  Force sending object to P2P due to detect: NdisTapi
19:02:35.0608 0x1598  Object send P2P result: false
19:02:35.0608 0x1598  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:02:35.0608 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
19:02:35.0608 0x1598  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0608 0x1598  Object is SCO, delete is not allowed
19:02:35.0608 0x1598  Ndisuio ( LockedFile.Multi.Generic ) - warning
19:02:35.0608 0x1598  Force sending object to P2P due to detect: Ndisuio
19:02:35.0608 0x1598  Object send P2P result: false
19:02:35.0628 0x1598  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:02:35.0628 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
19:02:35.0628 0x1598  NdisWan - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0628 0x1598  Object is SCO, delete is not allowed
19:02:35.0628 0x1598  NdisWan ( LockedFile.Multi.Generic ) - warning
19:02:35.0638 0x1598  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:02:35.0638 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
19:02:35.0638 0x1598  NDProxy - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0638 0x1598  Object is SCO, delete is not allowed
19:02:35.0638 0x1598  NDProxy ( LockedFile.Multi.Generic ) - warning
19:02:35.0728 0x1598  [ 87C61A17E908AEF1C63FBAF915C0B452, 75B41D36CC82A7B770B32C8309258C61A705E6F7C12E61404125F76D81BE344E ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
19:02:35.0748 0x1598  NeroMediaHomeService.4 - ok
19:02:35.0758 0x1598  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:02:35.0758 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
19:02:35.0758 0x1598  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0758 0x1598  Object is SCO, delete is not allowed
19:02:35.0758 0x1598  NetBIOS ( LockedFile.Multi.Generic ) - warning
19:02:35.0788 0x1598  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:02:35.0788 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
19:02:35.0788 0x1598  NetBT - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0798 0x1598  Object is SCO, delete is not allowed
19:02:35.0798 0x1598  NetBT ( LockedFile.Multi.Generic ) - warning
19:02:35.0818 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
19:02:35.0828 0x1598  Netlogon - ok
19:02:35.0878 0x1598  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
19:02:35.0938 0x1598  Netman - ok
19:02:35.0998 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0058 0x1598  NetMsmqActivator - ok
19:02:36.0068 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0088 0x1598  NetPipeActivator - ok
19:02:36.0148 0x1598  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
19:02:36.0208 0x1598  netprofm - ok
19:02:36.0238 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0258 0x1598  NetTcpActivator - ok
19:02:36.0258 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0278 0x1598  NetTcpPortSharing - ok
19:02:36.0689 0x1598  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
19:02:36.0689 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\NETwNs64.sys. md5: B51E9AD4F4E4F8DBE0AB882756BC5DAB, sha256: 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3
19:02:36.0699 0x1598  NETwNs64 - detected LockedFile.Multi.Generic ( 1 )
19:02:36.0709 0x1598  NETwNs64 ( LockedFile.Multi.Generic ) - warning
19:02:36.0739 0x1598  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:02:36.0739 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
19:02:36.0749 0x1598  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
19:02:36.0749 0x1598  Object is SCO, delete is not allowed
19:02:36.0749 0x1598  nfrd960 ( LockedFile.Multi.Generic ) - warning
19:02:36.0799 0x1598  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:02:36.0839 0x1598  NlaSvc - ok
19:02:37.0069 0x1598  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:02:37.0149 0x1598  NOBU - ok
19:02:37.0169 0x1598  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:02:37.0169 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
19:02:37.0169 0x1598  Npfs - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0169 0x1598  Object is SCO, delete is not allowed
19:02:37.0169 0x1598  Npfs ( LockedFile.Multi.Generic ) - warning
19:02:37.0199 0x1598  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
19:02:37.0259 0x1598  nsi - ok
19:02:37.0269 0x1598  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:02:37.0269 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
19:02:37.0269 0x1598  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0269 0x1598  Object is SCO, delete is not allowed
19:02:37.0269 0x1598  nsiproxy ( LockedFile.Multi.Generic ) - warning
19:02:37.0269 0x1598  Force sending object to P2P due to detect: nsiproxy
19:02:37.0269 0x1598  Object send P2P result: false
19:02:37.0349 0x1598  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:02:37.0349 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Ntfs.sys. md5: 1A29A59A4C5BA6F8C85062A613B7E2B2, sha256: CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1
19:02:37.0359 0x1598  Ntfs - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0359 0x1598  Object is SCO, delete is not allowed
19:02:37.0359 0x1598  Ntfs ( LockedFile.Multi.Generic ) - warning
19:02:37.0369 0x1598  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
19:02:37.0369 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
19:02:37.0369 0x1598  Null - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0369 0x1598  Object is SCO, delete is not allowed
19:02:37.0369 0x1598  Null ( LockedFile.Multi.Generic ) - warning
19:02:37.0369 0x1598  Force sending object to P2P due to detect: Null
19:02:37.0369 0x1598  Object send P2P result: false
19:02:37.0882 0x1598  [ 70E89A21827B2669AF906B703C7C48B5, 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
19:02:37.0882 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\nvlddmkm.sys. md5: 70E89A21827B2669AF906B703C7C48B5, sha256: 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885
19:02:37.0931 0x1598  nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0931 0x1598  nvlddmkm ( LockedFile.Multi.Generic ) - warning
19:02:37.0951 0x1598  [ 4B9C0C2BF78289513101EB0D44834701, 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
19:02:37.0951 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\nvpciflt.sys. md5: 4B9C0C2BF78289513101EB0D44834701, sha256: 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8
19:02:37.0951 0x1598  nvpciflt - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0951 0x1598  nvpciflt ( LockedFile.Multi.Generic ) - warning
19:02:37.0991 0x1598  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:02:37.0991 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
19:02:37.0991 0x1598  nvraid - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0991 0x1598  Object is SCO, delete is not allowed
19:02:37.0991 0x1598  nvraid ( LockedFile.Multi.Generic ) - warning
19:02:38.0011 0x1598  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:02:38.0011 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
19:02:38.0011 0x1598  nvstor - detected LockedFile.Multi.Generic ( 1 )
19:02:38.0011 0x1598  Object is SCO, delete is not allowed
19:02:38.0011 0x1598  nvstor ( LockedFile.Multi.Generic ) - warning
19:02:38.0111 0x1598  [ E04FCE1D149CF05C3449E3171F9C3E41, 6BDD089B5A0C03CE1E9F63275AE35B8B66185B3E81DFF97F59423B9C35BEEBA7 ] NVSvc           C:\windows\system32\nvvsvc.exe
19:02:38.0141 0x1598  NVSvc - ok
19:02:38.0271 0x1598  [ D96DDEA6C699A99832E0186057801971, 374BB617335CC243F903447194B7EFC63222FD163BB9FA8C87616715C5120BF0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:02:38.0332 0x1598  nvUpdatusService - ok
19:02:38.0362 0x1598  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:02:38.0362 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
19:02:38.0362 0x1598  nv_agp - detected LockedFile.Multi.Generic ( 1 )
19:02:38.0362 0x1598  Object is SCO, delete is not allowed
19:02:38.0362 0x1598  nv_agp ( LockedFile.Multi.Generic ) - warning
19:02:38.0372 0x1598  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:02:38.0372 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
19:02:38.0372 0x1598  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
19:02:38.0372 0x1598  Object is SCO, delete is not allowed
19:02:38.0372 0x1598  ohci1394 ( LockedFile.Multi.Generic ) - warning
19:02:38.0372 0x1598  Force sending object to P2P due to detect: ohci1394
19:02:38.0372 0x1598  Object send P2P result: false
19:02:38.0402 0x1598  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:38.0412 0x1598  ose - ok
         
Teil 1
VG Mirko

Geändert von lumija (08.01.2015 um 17:50 Uhr) Grund: klappt doch

Alt 08.01.2015, 18:18   #13
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber und hier teil 2
zu viele Zeichen daher in 2 Teilen

Code:
ATTFilter
18:55:11.0152 0x04a4  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:55:11.0776 0x04a4  ============================================================
18:55:11.0776 0x04a4  Current date / time: 2015/01/08 18:55:11.0776
18:55:11.0776 0x04a4  SystemInfo:
18:55:11.0776 0x04a4  
18:55:11.0776 0x04a4  OS Version: 6.1.7601 ServicePack: 1.0
18:55:11.0776 0x04a4  Product type: Workstation
18:55:11.0776 0x04a4  ComputerName: LUISE-PC
18:55:11.0776 0x04a4  UserName: Luise
18:55:11.0776 0x04a4  Windows directory: C:\windows
18:55:11.0776 0x04a4  System windows directory: C:\windows
18:55:11.0776 0x04a4  Running under WOW64
18:55:11.0776 0x04a4  Processor architecture: Intel x64
18:55:11.0776 0x04a4  Number of processors: 2
18:55:11.0776 0x04a4  Page size: 0x1000
18:55:11.0776 0x04a4  Boot type: Normal boot
18:55:11.0776 0x04a4  ============================================================
18:55:11.0776 0x04a4  BG loaded
18:55:15.0145 0x04a4  System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
18:55:16.0505 0x04a4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:55:16.0515 0x04a4  ============================================================
18:55:16.0515 0x04a4  \Device\Harddisk0\DR0:
18:55:16.0525 0x04a4  MBR partitions:
18:55:16.0525 0x04a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:55:16.0525 0x04a4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
18:55:16.0787 0x04a4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
18:55:16.0787 0x04a4  ============================================================
18:55:17.0177 0x04a4  C: <-> \Device\Harddisk0\DR0\Partition2
18:55:19.0697 0x04a4  D: <-> \Device\Harddisk0\DR0\Partition3
18:55:19.0697 0x04a4  ============================================================
18:55:19.0697 0x04a4  Initialize success
18:55:19.0697 0x04a4  ============================================================
18:57:40.0789 0x1598  ============================================================
18:57:40.0789 0x1598  Scan started
18:57:40.0789 0x1598  Mode: Manual; SigCheck; TDLFS; 
18:57:40.0789 0x1598  ============================================================
18:57:40.0789 0x1598  KSN ping started
18:57:43.0182 0x1598  KSN ping finished: true
18:57:47.0034 0x1598  ================ Scan system memory ========================
18:57:47.0034 0x1598  System memory - ok
18:57:47.0034 0x1598  ================ Scan services =============================
18:57:47.0194 0x1598  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:57:47.0284 0x1598  1394ohci - ok
18:57:47.0294 0x1598  Suspicious service (NoAccess): 6ab48a75c5156135
18:57:47.0334 0x1598  [ FDD39022F97C37337AEFE97E23BB0B7F, 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5 ] 6ab48a75c5156135 C:\windows\System32\Drivers\6ab48a75c5156135.sys
18:57:47.0334 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\6ab48a75c5156135.sys. md5: FDD39022F97C37337AEFE97E23BB0B7F, sha256: 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5
18:57:47.0374 0x1598  6ab48a75c5156135 - detected Rootkit.Win32.Necurs.gen ( 0 )
18:57:49.0995 0x1598  6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - infected
18:57:49.0995 0x1598  Force sending object to P2P due to detect: 6ab48a75c5156135
18:57:52.0989 0x1598  Object send P2P result: true
18:57:55.0539 0x1598  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:57:55.0569 0x1598  ACPI - ok
18:57:55.0589 0x1598  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
18:57:55.0659 0x1598  AcpiPmi - ok
18:57:55.0789 0x1598  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:57:55.0829 0x1598  AdobeFlashPlayerUpdateSvc - ok
18:57:55.0899 0x1598  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
18:57:55.0929 0x1598  adp94xx - ok
18:57:55.0969 0x1598  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
18:57:55.0999 0x1598  adpahci - ok
18:57:56.0039 0x1598  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
18:57:56.0069 0x1598  adpu320 - ok
18:57:56.0109 0x1598  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
18:57:56.0259 0x1598  AeLookupSvc - ok
18:57:56.0319 0x1598  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
18:57:56.0389 0x1598  AFD - ok
18:57:56.0419 0x1598  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
18:57:56.0449 0x1598  agp440 - ok
18:57:56.0489 0x1598  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
18:57:56.0559 0x1598  ALG - ok
18:57:56.0599 0x1598  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
18:57:56.0629 0x1598  aliide - ok
18:57:56.0639 0x1598  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
18:57:56.0659 0x1598  amdide - ok
18:57:56.0679 0x1598  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
18:57:56.0719 0x1598  AmdK8 - ok
18:57:56.0729 0x1598  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
18:57:56.0769 0x1598  AmdPPM - ok
18:57:56.0809 0x1598  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
18:57:56.0829 0x1598  amdsata - ok
18:57:56.0869 0x1598  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
18:57:56.0889 0x1598  amdsbs - ok
18:57:56.0909 0x1598  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
18:57:56.0911 0x1598  amdxata - ok
18:57:56.0941 0x1598  [ 48CD7E6520D47D62EAB0E6CE3EC30C65, D5E6206081202A005888F6F576DDE37C1EE973D7FD155B6C41C7BFE07DEE61F8 ] Andbus          C:\windows\system32\DRIVERS\lgandbus64.sys
18:57:57.0001 0x1598  Andbus - ok
18:57:57.0041 0x1598  [ 08CBACC00D15DCDBBAAE1A7C8F231C61, E713CA0A7A1DC50408004523FC91149CB99AF443E511D00899244AA7C5D1E0EC ] AndDiag         C:\windows\system32\DRIVERS\lganddiag64.sys
18:57:57.0071 0x1598  AndDiag - ok
18:57:57.0081 0x1598  [ CEA9A4CD6B3A83428CE8501240833668, B382AD9E0D5CBB057D64C505A6E1A1A1C3769C83981C60F4EDF966D7BB13A459 ] AndGps          C:\windows\system32\DRIVERS\lgandgps64.sys
18:57:57.0111 0x1598  AndGps - ok
18:57:57.0131 0x1598  [ E2B5663E547FA5E756B253EFA8EC8286, 78FC406BF15615A6BA9AF9CDC49AC0B8EE7F54628BDB1B1FF8596AB2C65E5925 ] ANDModem        C:\windows\system32\DRIVERS\lgandmodem64.sys
18:57:57.0181 0x1598  ANDModem - ok
18:57:57.0331 0x1598  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:57:57.0361 0x1598  AntiVirSchedulerService - ok
18:57:57.0391 0x1598  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:57:57.0411 0x1598  AntiVirService - ok
18:57:57.0511 0x1598  [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
18:57:57.0551 0x1598  AntiVirWebService - ok
18:57:57.0581 0x1598  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
18:57:57.0731 0x1598  AppID - ok
18:57:57.0761 0x1598  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:57:57.0821 0x1598  AppIDSvc - ok
18:57:57.0861 0x1598  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
18:57:57.0891 0x1598  Appinfo - ok
18:57:57.0991 0x1598  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:58.0021 0x1598  Apple Mobile Device - ok
18:57:58.0061 0x1598  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
18:57:58.0081 0x1598  arc - ok
18:57:58.0101 0x1598  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
18:57:58.0121 0x1598  arcsas - ok
18:57:58.0251 0x1598  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:57:58.0301 0x1598  aspnet_state - ok
18:57:58.0351 0x1598  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:57:58.0411 0x1598  AsyncMac - ok
18:57:58.0431 0x1598  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
18:57:58.0441 0x1598  atapi - ok
18:57:58.0451 0x1598  AthBTPort - ok
18:57:58.0581 0x1598  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
18:57:58.0801 0x1598  athr - ok
18:57:58.0861 0x1598  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:57:58.0921 0x1598  AudioEndpointBuilder - ok
18:57:58.0941 0x1598  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:57:59.0001 0x1598  AudioSrv - ok
18:57:59.0061 0x1598  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
18:57:59.0081 0x1598  avgntflt - ok
18:57:59.0121 0x1598  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
18:57:59.0141 0x1598  avipbb - ok
18:57:59.0161 0x1598  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
18:57:59.0181 0x1598  avkmgr - ok
18:57:59.0231 0x1598  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:57:59.0331 0x1598  AxInstSV - ok
18:57:59.0381 0x1598  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
18:57:59.0441 0x1598  b06bdrv - ok
18:57:59.0481 0x1598  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:57:59.0521 0x1598  b57nd60a - ok
18:57:59.0601 0x1598  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:57:59.0621 0x1598  BBSvc - ok
18:57:59.0671 0x1598  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
18:57:59.0741 0x1598  BDESVC - ok
18:57:59.0781 0x1598  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
18:57:59.0841 0x1598  Beep - ok
18:57:59.0951 0x1598  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
18:58:00.0061 0x1598  BFE - ok
18:58:00.0211 0x1598  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
18:58:00.0301 0x1598  BITS - ok
18:58:00.0331 0x1598  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:58:00.0351 0x1598  blbdrive - ok
18:58:00.0421 0x1598  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:58:00.0441 0x1598  Bonjour Service - ok
18:58:00.0471 0x1598  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:58:00.0471 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5, sha256: AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28
18:58:00.0471 0x1598  bowser - detected LockedFile.Multi.Generic ( 1 )
18:58:02.0833 0x1598  Detect skipped due to KSN trusted
18:58:02.0833 0x1598  bowser - ok
18:58:02.0873 0x1598  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
18:58:02.0913 0x1598  BrFiltLo - ok
18:58:02.0923 0x1598  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
18:58:02.0943 0x1598  BrFiltUp - ok
18:58:02.0953 0x1598  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
18:58:02.0993 0x1598  BridgeMP - ok
18:58:03.0043 0x1598  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
18:58:03.0093 0x1598  Browser - ok
18:58:03.0143 0x1598  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
18:58:03.0203 0x1598  Brserid - ok
18:58:03.0223 0x1598  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:58:03.0223 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
18:58:03.0223 0x1598  BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
18:58:05.0593 0x1598  Detect skipped due to KSN trusted
18:58:05.0593 0x1598  BrSerWdm - ok
18:58:05.0643 0x1598  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:58:05.0643 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
18:58:05.0643 0x1598  BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
18:58:08.0075 0x1598  Detect skipped due to KSN trusted
18:58:08.0075 0x1598  BrUsbMdm - ok
18:58:08.0105 0x1598  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:58:08.0105 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
18:58:08.0105 0x1598  BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
18:58:10.0565 0x1598  Detect skipped due to KSN trusted
18:58:10.0565 0x1598  BrUsbSer - ok
18:58:10.0585 0x1598  BTATH_A2DP - ok
18:58:10.0595 0x1598  btath_avdt - ok
18:58:10.0605 0x1598  BTATH_BUS - ok
18:58:10.0625 0x1598  BTATH_HCRP - ok
18:58:10.0625 0x1598  BTATH_LWFLT - ok
18:58:10.0635 0x1598  BTATH_RCP - ok
18:58:10.0645 0x1598  BtFilter - ok
18:58:10.0695 0x1598  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
18:58:10.0695 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\BthEnum.sys. md5: CF98190A94F62E405C8CB255018B2315, sha256: E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781
18:58:10.0695 0x1598  BthEnum - detected LockedFile.Multi.Generic ( 1 )
18:58:13.0167 0x1598  Detect skipped due to KSN trusted
18:58:13.0167 0x1598  BthEnum - ok
18:58:13.0197 0x1598  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
18:58:13.0197 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
18:58:13.0197 0x1598  BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
18:58:15.0577 0x1598  Detect skipped due to KSN trusted
18:58:15.0577 0x1598  BTHMODEM - ok
18:58:15.0657 0x1598  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
18:58:15.0657 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\bthpan.sys. md5: 02DD601B708DD0667E1331FA8518E9FF, sha256: 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1
18:58:15.0657 0x1598  BthPan - detected LockedFile.Multi.Generic ( 1 )
18:58:18.0039 0x1598  Detect skipped due to KSN trusted
18:58:18.0039 0x1598  BthPan - ok
18:58:18.0149 0x1598  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
18:58:18.0149 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BTHport.sys. md5: 738D0E9272F59EB7A1449C3EC118E6C4, sha256: FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080
18:58:18.0149 0x1598  BTHPORT - detected LockedFile.Multi.Generic ( 1 )
18:58:20.0529 0x1598  Detect skipped due to KSN trusted
18:58:20.0529 0x1598  BTHPORT - ok
18:58:20.0609 0x1598  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
18:58:20.0679 0x1598  bthserv - ok
18:58:20.0709 0x1598  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
18:58:20.0709 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BTHUSB.sys. md5: F188B7394D81010767B6DF3178519A37, sha256: 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B
18:58:20.0709 0x1598  BTHUSB - detected LockedFile.Multi.Generic ( 1 )
18:58:23.0071 0x1598  Detect skipped due to KSN trusted
18:58:23.0071 0x1598  BTHUSB - ok
18:58:23.0101 0x1598  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:58:23.0101 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
18:58:23.0101 0x1598  cdfs - detected LockedFile.Multi.Generic ( 1 )
18:58:25.0473 0x1598  Detect skipped due to KSN trusted
18:58:25.0473 0x1598  cdfs - ok
18:58:25.0523 0x1598  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
18:58:25.0523 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
18:58:25.0533 0x1598  cdrom - detected LockedFile.Multi.Generic ( 1 )
18:58:27.0925 0x1598  Detect skipped due to KSN trusted
18:58:27.0925 0x1598  cdrom - ok
18:58:27.0965 0x1598  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
18:58:28.0025 0x1598  CertPropSvc - ok
18:58:28.0055 0x1598  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
18:58:28.0055 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
18:58:28.0055 0x1598  circlass - detected LockedFile.Multi.Generic ( 1 )
18:58:30.0415 0x1598  Detect skipped due to KSN trusted
18:58:30.0415 0x1598  circlass - ok
18:58:30.0485 0x1598  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
18:58:30.0485 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
18:58:30.0495 0x1598  CLFS - detected LockedFile.Multi.Generic ( 1 )
18:58:32.0888 0x1598  Detect skipped due to KSN trusted
18:58:32.0888 0x1598  CLFS - ok
18:58:32.0938 0x1598  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:58:32.0958 0x1598  clr_optimization_v2.0.50727_32 - ok
18:58:32.0978 0x1598  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:58:33.0038 0x1598  clr_optimization_v2.0.50727_64 - ok
18:58:33.0138 0x1598  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:58:33.0338 0x1598  clr_optimization_v4.0.30319_32 - ok
18:58:33.0368 0x1598  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:58:33.0498 0x1598  clr_optimization_v4.0.30319_64 - ok
18:58:33.0538 0x1598  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
18:58:33.0538 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\clwvd.sys. md5: E13A438F9E51DD034730678E33B73290, sha256: 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A
18:58:33.0538 0x1598  clwvd - detected LockedFile.Multi.Generic ( 1 )
18:58:35.0898 0x1598  Detect skipped due to KSN trusted
18:58:35.0898 0x1598  clwvd - ok
18:58:35.0968 0x1598  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:58:35.0968 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
18:58:35.0968 0x1598  CmBatt - detected LockedFile.Multi.Generic ( 1 )
18:58:38.0350 0x1598  Detect skipped due to KSN trusted
18:58:38.0350 0x1598  CmBatt - ok
18:58:38.0430 0x1598  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:58:38.0430 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
18:58:38.0430 0x1598  cmdide - detected LockedFile.Multi.Generic ( 1 )
18:58:40.0810 0x1598  Detect skipped due to KSN trusted
18:58:40.0810 0x1598  cmdide - ok
18:58:40.0930 0x1598  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
18:58:40.0940 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\cng.sys. md5: EBF28856F69CF094A902F884CF989706, sha256: AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F
18:58:40.0940 0x1598  CNG - detected LockedFile.Multi.Generic ( 1 )
18:58:43.0305 0x1598  Detect skipped due to KSN trusted
18:58:43.0305 0x1598  CNG - ok
18:58:43.0365 0x1598  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
18:58:43.0365 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
18:58:43.0365 0x1598  Compbatt - detected LockedFile.Multi.Generic ( 1 )
18:58:46.0476 0x1598  Detect skipped due to KSN trusted
18:58:46.0476 0x1598  Compbatt - ok
18:58:46.0526 0x1598  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
18:58:46.0526 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
18:58:46.0546 0x1598  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
18:58:49.0693 0x1598  Detect skipped due to KSN trusted
18:58:49.0693 0x1598  CompositeBus - ok
18:58:49.0723 0x1598  COMSysApp - ok
18:58:49.0803 0x1598  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
18:58:49.0803 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
18:58:49.0803 0x1598  crcdisk - detected LockedFile.Multi.Generic ( 1 )
18:58:52.0203 0x1598  Detect skipped due to KSN trusted
18:58:52.0203 0x1598  crcdisk - ok
18:58:52.0303 0x1598  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:58:52.0353 0x1598  CryptSvc - ok
18:58:52.0563 0x1598  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:58:52.0593 0x1598  cvhsvc - ok
18:58:52.0663 0x1598  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:58:52.0753 0x1598  DcomLaunch - ok
18:58:52.0863 0x1598  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
18:58:52.0933 0x1598  defragsvc - ok
18:58:53.0003 0x1598  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:58:53.0003 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F
18:58:53.0003 0x1598  DfsC - detected LockedFile.Multi.Generic ( 1 )
18:58:55.0374 0x1598  Detect skipped due to KSN trusted
18:58:55.0374 0x1598  DfsC - ok
18:58:55.0444 0x1598  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
18:58:55.0516 0x1598  Dhcp - ok
18:58:55.0546 0x1598  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
18:58:55.0546 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
18:58:55.0546 0x1598  discache - detected LockedFile.Multi.Generic ( 1 )
18:58:57.0917 0x1598  Detect skipped due to KSN trusted
18:58:57.0917 0x1598  discache - ok
18:58:57.0987 0x1598  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
18:58:57.0987 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
18:58:57.0987 0x1598  Disk - detected LockedFile.Multi.Generic ( 1 )
18:59:00.0347 0x1598  Detect skipped due to KSN trusted
18:59:00.0347 0x1598  Disk - ok
18:59:00.0437 0x1598  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:59:00.0517 0x1598  Dnscache - ok
18:59:00.0557 0x1598  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
18:59:00.0627 0x1598  dot3svc - ok
18:59:00.0697 0x1598  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
18:59:00.0767 0x1598  DPS - ok
18:59:00.0797 0x1598  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
18:59:00.0797 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
18:59:00.0797 0x1598  drmkaud - detected LockedFile.Multi.Generic ( 1 )
18:59:03.0169 0x1598  Detect skipped due to KSN trusted
18:59:03.0169 0x1598  drmkaud - ok
18:59:03.0249 0x1598  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
18:59:03.0249 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\drivers\dxgkrnl.sys. md5: 88612F1CE3BF42256913BF6E61C70D52, sha256: 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7
18:59:03.0249 0x1598  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
18:59:05.0599 0x1598  Detect skipped due to KSN trusted
18:59:05.0599 0x1598  DXGKrnl - ok
18:59:05.0629 0x1598  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
18:59:05.0709 0x1598  EapHost - ok
18:59:05.0859 0x1598  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
18:59:05.0859 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
18:59:05.0869 0x1598  ebdrv - detected LockedFile.Multi.Generic ( 1 )
18:59:08.0211 0x1598  Detect skipped due to KSN trusted
18:59:08.0211 0x1598  ebdrv - ok
18:59:08.0241 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\windows\System32\lsass.exe
18:59:08.0271 0x1598  EFS - ok
18:59:08.0411 0x1598  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
18:59:08.0511 0x1598  ehRecvr - ok
18:59:08.0561 0x1598  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
18:59:08.0591 0x1598  ehSched - ok
18:59:08.0731 0x1598  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
18:59:08.0731 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
18:59:08.0731 0x1598  elxstor - detected LockedFile.Multi.Generic ( 1 )
18:59:11.0101 0x1598  Detect skipped due to KSN trusted
18:59:11.0101 0x1598  elxstor - ok
18:59:11.0151 0x1598  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:59:11.0151 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
18:59:11.0151 0x1598  ErrDev - detected LockedFile.Multi.Generic ( 1 )
18:59:13.0543 0x1598  Detect skipped due to KSN trusted
18:59:13.0543 0x1598  ErrDev - ok
18:59:13.0643 0x1598  [ FD621C77B762BF1E5BB1887F02B515DF, 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
18:59:13.0643 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ETD.sys. md5: FD621C77B762BF1E5BB1887F02B515DF, sha256: 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388
18:59:13.0643 0x1598  ETD - detected LockedFile.Multi.Generic ( 1 )
18:59:16.0003 0x1598  Detect skipped due to KSN trusted
18:59:16.0003 0x1598  ETD - ok
18:59:16.0103 0x1598  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
18:59:16.0163 0x1598  EventSystem - ok
18:59:16.0193 0x1598  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
18:59:16.0193 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
18:59:16.0193 0x1598  exfat - detected LockedFile.Multi.Generic ( 1 )
18:59:18.0605 0x1598  Detect skipped due to KSN trusted
18:59:18.0605 0x1598  exfat - ok
18:59:18.0615 0x1598  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
18:59:18.0615 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
18:59:18.0625 0x1598  fastfat - detected LockedFile.Multi.Generic ( 1 )
18:59:20.0985 0x1598  Detect skipped due to KSN trusted
18:59:20.0985 0x1598  fastfat - ok
18:59:21.0045 0x1598  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
18:59:21.0095 0x1598  Fax - ok
18:59:21.0115 0x1598  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
18:59:21.0115 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
18:59:21.0115 0x1598  fdc - detected LockedFile.Multi.Generic ( 1 )
18:59:23.0507 0x1598  Detect skipped due to KSN trusted
18:59:23.0507 0x1598  fdc - ok
18:59:23.0557 0x1598  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
18:59:23.0627 0x1598  fdPHost - ok
18:59:23.0647 0x1598  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
18:59:23.0697 0x1598  FDResPub - ok
18:59:23.0717 0x1598  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:59:23.0717 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
18:59:23.0717 0x1598  FileInfo - detected LockedFile.Multi.Generic ( 1 )
18:59:26.0137 0x1598  Detect skipped due to KSN trusted
18:59:26.0137 0x1598  FileInfo - ok
18:59:26.0197 0x1598  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
18:59:26.0197 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
18:59:26.0197 0x1598  Filetrace - detected LockedFile.Multi.Generic ( 1 )
18:59:28.0569 0x1598  Detect skipped due to KSN trusted
18:59:28.0569 0x1598  Filetrace - ok
18:59:28.0619 0x1598  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
18:59:28.0619 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
18:59:28.0619 0x1598  flpydisk - detected LockedFile.Multi.Generic ( 1 )
18:59:30.0989 0x1598  Detect skipped due to KSN trusted
18:59:30.0989 0x1598  flpydisk - ok
18:59:31.0029 0x1598  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:59:31.0029 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
18:59:31.0029 0x1598  FltMgr - detected LockedFile.Multi.Generic ( 1 )
18:59:38.0406 0x1598  Detect skipped due to KSN trusted
18:59:38.0406 0x1598  FltMgr - ok
18:59:38.0526 0x1598  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
18:59:38.0596 0x1598  FontCache - ok
18:59:38.0626 0x1598  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:38.0646 0x1598  FontCache3.0.0.0 - ok
18:59:38.0646 0x1598  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
18:59:38.0656 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
18:59:38.0656 0x1598  FsDepends - detected LockedFile.Multi.Generic ( 1 )
18:59:41.0006 0x1598  Detect skipped due to KSN trusted
18:59:41.0006 0x1598  FsDepends - ok
18:59:41.0036 0x1598  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:59:41.0046 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
18:59:41.0046 0x1598  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
18:59:43.0438 0x1598  Detect skipped due to KSN trusted
18:59:43.0438 0x1598  Fs_Rec - ok
18:59:43.0518 0x1598  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:59:43.0518 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\fvevol.sys. md5: 8F6322049018354F45F05A2FD2D4E5E0, sha256: 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359
18:59:43.0518 0x1598  fvevol - detected LockedFile.Multi.Generic ( 1 )
18:59:45.0938 0x1598  Detect skipped due to KSN trusted
18:59:45.0938 0x1598  fvevol - ok
18:59:45.0998 0x1598  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
18:59:45.0998 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
18:59:45.0998 0x1598  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
18:59:48.0382 0x1598  Detect skipped due to KSN trusted
18:59:48.0382 0x1598  gagp30kx - ok
18:59:48.0462 0x1598  [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
18:59:48.0482 0x1598  GameConsoleService - ok
18:59:48.0522 0x1598  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:59:48.0522 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
18:59:48.0522 0x1598  GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
18:59:50.0882 0x1598  Detect skipped due to KSN trusted
18:59:50.0882 0x1598  GEARAspiWDM - ok
18:59:50.0942 0x1598  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
18:59:51.0012 0x1598  gpsvc - ok
18:59:51.0132 0x1598  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:51.0152 0x1598  gupdate - ok
18:59:51.0152 0x1598  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:51.0172 0x1598  gupdatem - ok
18:59:51.0202 0x1598  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:51.0212 0x1598  gusvc - ok
18:59:51.0242 0x1598  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:59:51.0242 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
18:59:51.0242 0x1598  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
18:59:53.0604 0x1598  Detect skipped due to KSN trusted
18:59:53.0604 0x1598  hcw85cir - ok
18:59:53.0684 0x1598  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:59:53.0684 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
18:59:53.0684 0x1598  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
18:59:56.0054 0x1598  Detect skipped due to KSN trusted
18:59:56.0054 0x1598  HdAudAddService - ok
18:59:56.0074 0x1598  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
18:59:56.0084 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
18:59:56.0084 0x1598  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
18:59:58.0457 0x1598  Detect skipped due to KSN trusted
18:59:58.0457 0x1598  HDAudBus - ok
18:59:58.0507 0x1598  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
18:59:58.0507 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
18:59:58.0507 0x1598  HidBatt - detected LockedFile.Multi.Generic ( 1 )
19:00:00.0887 0x1598  Detect skipped due to KSN trusted
19:00:00.0887 0x1598  HidBatt - ok
19:00:00.0897 0x1598  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:00:00.0897 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
19:00:00.0897 0x1598  HidBth - detected LockedFile.Multi.Generic ( 1 )
19:00:03.0279 0x1598  Detect skipped due to KSN trusted
19:00:03.0279 0x1598  HidBth - ok
19:00:03.0289 0x1598  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
19:00:03.0289 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
19:00:03.0289 0x1598  HidIr - detected LockedFile.Multi.Generic ( 1 )
19:00:05.0659 0x1598  Detect skipped due to KSN trusted
19:00:05.0659 0x1598  HidIr - ok
19:00:05.0719 0x1598  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
19:00:05.0799 0x1598  hidserv - ok
19:00:05.0849 0x1598  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
19:00:05.0849 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
19:00:05.0849 0x1598  HidUsb - detected LockedFile.Multi.Generic ( 1 )
19:00:08.0221 0x1598  Detect skipped due to KSN trusted
19:00:08.0221 0x1598  HidUsb - ok
19:00:08.0281 0x1598  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:00:08.0371 0x1598  hkmsvc - ok
19:00:08.0401 0x1598  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:00:08.0441 0x1598  HomeGroupListener - ok
19:00:08.0461 0x1598  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:00:08.0491 0x1598  HomeGroupProvider - ok
19:00:08.0531 0x1598  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:00:08.0531 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
19:00:08.0531 0x1598  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
19:00:10.0901 0x1598  Detect skipped due to KSN trusted
19:00:10.0901 0x1598  HpSAMD - ok
19:00:10.0961 0x1598  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:00:10.0961 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
19:00:10.0961 0x1598  HTTP - detected LockedFile.Multi.Generic ( 1 )
19:00:13.0333 0x1598  Detect skipped due to KSN trusted
19:00:13.0333 0x1598  HTTP - ok
19:00:13.0403 0x1598  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:00:13.0403 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
19:00:13.0403 0x1598  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
19:00:15.0773 0x1598  Detect skipped due to KSN trusted
19:00:15.0773 0x1598  hwpolicy - ok
19:00:15.0833 0x1598  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:00:15.0833 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
19:00:15.0843 0x1598  i8042prt - detected LockedFile.Multi.Generic ( 1 )
19:00:18.0215 0x1598  Detect skipped due to KSN trusted
19:00:18.0215 0x1598  i8042prt - ok
19:00:18.0305 0x1598  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
19:00:18.0305 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\iaStor.sys. md5: 53CC5BF8B5A219119953C7ABB19A7705, sha256: F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0
19:00:18.0325 0x1598  iaStor - detected LockedFile.Multi.Generic ( 1 )
19:00:20.0705 0x1598  Detect skipped due to KSN trusted
19:00:20.0705 0x1598  iaStor - ok
19:00:20.0795 0x1598  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:00:20.0795 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
19:00:20.0795 0x1598  iaStorV - detected LockedFile.Multi.Generic ( 1 )
19:00:23.0168 0x1598  Detect skipped due to KSN trusted
19:00:23.0168 0x1598  iaStorV - ok
19:00:23.0288 0x1598  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:00:23.0328 0x1598  idsvc - ok
19:00:23.0348 0x1598  IEEtwCollectorService - ok
19:00:23.0798 0x1598  [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
19:00:23.0798 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\igdkmd64.sys. md5: 8CB8667F5A3B5515F2585F3254F3AAF7, sha256: 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8
19:00:23.0828 0x1598  igfx - detected LockedFile.Multi.Generic ( 1 )
19:00:26.0188 0x1598  Detect skipped due to KSN trusted
19:00:26.0188 0x1598  igfx - ok
19:00:26.0218 0x1598  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:00:26.0218 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
19:00:26.0218 0x1598  iirsp - detected LockedFile.Multi.Generic ( 1 )
19:00:28.0595 0x1598  Detect skipped due to KSN trusted
19:00:28.0595 0x1598  iirsp - ok
19:00:28.0715 0x1598  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
19:00:28.0775 0x1598  IKEEXT - ok
19:00:28.0935 0x1598  [ 8E05ADB4B809B478B2EC65A1A1633DEB, E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:00:28.0935 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\RTKVHD64.sys. md5: 8E05ADB4B809B478B2EC65A1A1633DEB, sha256: E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8
19:00:28.0935 0x1598  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:00:31.0305 0x1598  Detect skipped due to KSN trusted
19:00:31.0305 0x1598  IntcAzAudAddService - ok
19:00:31.0395 0x1598  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
19:00:31.0395 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\IntcDAud.sys. md5: FC727061C0F47C8059E88E05D5C8E381, sha256: C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800
19:00:31.0395 0x1598  IntcDAud - detected LockedFile.Multi.Generic ( 1 )
19:00:33.0780 0x1598  Detect skipped due to KSN trusted
19:00:33.0780 0x1598  IntcDAud - ok
19:00:33.0800 0x1598  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
19:00:33.0800 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
19:00:33.0800 0x1598  intelide - detected LockedFile.Multi.Generic ( 1 )
19:00:36.0170 0x1598  Detect skipped due to KSN trusted
19:00:36.0170 0x1598  intelide - ok
19:00:36.0240 0x1598  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:00:36.0240 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
19:00:36.0250 0x1598  intelppm - detected LockedFile.Multi.Generic ( 1 )
19:00:38.0612 0x1598  Detect skipped due to KSN trusted
19:00:38.0612 0x1598  intelppm - ok
19:00:38.0682 0x1598  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:00:38.0742 0x1598  IPBusEnum - ok
19:00:38.0752 0x1598  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:00:38.0752 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
19:00:38.0762 0x1598  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
19:00:41.0142 0x1598  Detect skipped due to KSN trusted
19:00:41.0142 0x1598  IpFilterDriver - ok
19:00:41.0222 0x1598  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:00:41.0292 0x1598  iphlpsvc - ok
19:00:41.0302 0x1598  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:00:41.0302 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
19:00:41.0302 0x1598  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
19:00:43.0684 0x1598  Detect skipped due to KSN trusted
19:00:43.0684 0x1598  IPMIDRV - ok
19:00:43.0734 0x1598  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:00:43.0734 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
19:00:43.0734 0x1598  IPNAT - detected LockedFile.Multi.Generic ( 1 )
19:00:46.0104 0x1598  Detect skipped due to KSN trusted
19:00:46.0104 0x1598  IPNAT - ok
19:00:46.0194 0x1598  [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:00:46.0224 0x1598  iPod Service - ok
19:00:46.0244 0x1598  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:00:46.0244 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
19:00:46.0244 0x1598  IRENUM - detected LockedFile.Multi.Generic ( 1 )
19:00:48.0606 0x1598  Detect skipped due to KSN trusted
19:00:48.0606 0x1598  IRENUM - ok
19:00:48.0666 0x1598  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:00:48.0666 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
19:00:48.0666 0x1598  isapnp - detected LockedFile.Multi.Generic ( 1 )
19:00:51.0056 0x1598  Detect skipped due to KSN trusted
19:00:51.0056 0x1598  isapnp - ok
19:00:51.0126 0x1598  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:00:51.0126 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msiscsi.sys. md5: 96BB922A0981BC7432C8CF52B5410FE6, sha256: 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA
19:00:51.0126 0x1598  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
19:00:53.0538 0x1598  Detect skipped due to KSN trusted
19:00:53.0538 0x1598  iScsiPrt - ok
19:00:53.0588 0x1598  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:00:53.0588 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
19:00:53.0598 0x1598  kbdclass - detected LockedFile.Multi.Generic ( 1 )
19:00:55.0978 0x1598  Detect skipped due to KSN trusted
19:00:55.0978 0x1598  kbdclass - ok
19:00:56.0028 0x1598  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:00:56.0028 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
19:00:56.0028 0x1598  kbdhid - detected LockedFile.Multi.Generic ( 1 )
19:00:58.0470 0x1598  Detect skipped due to KSN trusted
19:00:58.0470 0x1598  kbdhid - ok
19:00:58.0530 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
19:00:58.0560 0x1598  KeyIso - ok
19:00:58.0580 0x1598  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:00:58.0580 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A
19:00:58.0580 0x1598  KSecDD - detected LockedFile.Multi.Generic ( 1 )
19:01:02.0480 0x1598  Detect skipped due to KSN trusted
19:01:02.0480 0x1598  KSecDD - ok
19:01:02.0520 0x1598  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:01:02.0520 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD
19:01:02.0520 0x1598  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
19:01:04.0946 0x1598  Detect skipped due to KSN trusted
19:01:04.0946 0x1598  KSecPkg - ok
19:01:05.0016 0x1598  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:01:05.0016 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
19:01:05.0016 0x1598  ksthunk - detected LockedFile.Multi.Generic ( 1 )
19:01:14.0420 0x1598  Detect skipped due to KSN trusted
19:01:14.0420 0x1598  ksthunk - ok
19:01:14.0490 0x1598  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
19:01:14.0570 0x1598  KtmRm - ok
19:01:14.0620 0x1598  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
19:01:14.0700 0x1598  LanmanServer - ok
19:01:14.0720 0x1598  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:01:14.0770 0x1598  LanmanWorkstation - ok
19:01:14.0790 0x1598  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:01:14.0790 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
19:01:14.0790 0x1598  lltdio - detected LockedFile.Multi.Generic ( 1 )
19:01:17.0160 0x1598  Detect skipped due to KSN trusted
19:01:17.0160 0x1598  lltdio - ok
19:01:17.0240 0x1598  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:01:17.0320 0x1598  lltdsvc - ok
19:01:17.0330 0x1598  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:01:17.0380 0x1598  lmhosts - ok
19:01:17.0460 0x1598  [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:01:17.0490 0x1598  LMS - ok
19:01:17.0520 0x1598  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:01:17.0520 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
19:01:17.0520 0x1598  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
19:01:19.0882 0x1598  Detect skipped due to KSN trusted
19:01:19.0882 0x1598  LSI_FC - ok
19:01:19.0942 0x1598  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:01:19.0942 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
19:01:19.0942 0x1598  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
19:01:22.0423 0x1598  Detect skipped due to KSN trusted
19:01:22.0423 0x1598  LSI_SAS - ok
19:01:22.0473 0x1598  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:01:22.0473 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
19:01:22.0473 0x1598  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
19:01:24.0865 0x1598  Detect skipped due to KSN trusted
19:01:24.0865 0x1598  LSI_SAS2 - ok
19:01:24.0925 0x1598  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:01:24.0925 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
19:01:24.0925 0x1598  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
19:01:27.0355 0x1598  Detect skipped due to KSN trusted
19:01:27.0355 0x1598  LSI_SCSI - ok
19:01:27.0415 0x1598  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
19:01:27.0415 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
19:01:27.0415 0x1598  luafv - detected LockedFile.Multi.Generic ( 1 )
19:01:31.0291 0x1598  Detect skipped due to KSN trusted
19:01:31.0291 0x1598  luafv - ok
19:01:31.0351 0x1598  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:01:31.0411 0x1598  Mcx2Svc - ok
19:01:31.0441 0x1598  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
19:01:31.0441 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
19:01:31.0441 0x1598  megasas - detected LockedFile.Multi.Generic ( 1 )
19:01:34.0053 0x1598  Detect skipped due to KSN trusted
19:01:34.0053 0x1598  megasas - ok
19:01:34.0143 0x1598  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:01:34.0143 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
19:01:34.0143 0x1598  MegaSR - detected LockedFile.Multi.Generic ( 1 )
19:01:36.0523 0x1598  Detect skipped due to KSN trusted
19:01:36.0523 0x1598  MegaSR - ok
19:01:36.0593 0x1598  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
19:01:36.0593 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\HECIx64.sys. md5: A6518DCC42F7A6E999BB3BEA8FD87567, sha256: 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC
19:01:36.0593 0x1598  MEIx64 - detected LockedFile.Multi.Generic ( 1 )
19:01:38.0985 0x1598  Detect skipped due to KSN trusted
19:01:38.0985 0x1598  MEIx64 - ok
19:01:39.0015 0x1598  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
19:01:39.0115 0x1598  MMCSS - ok
19:01:39.0125 0x1598  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
19:01:39.0125 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
19:01:39.0125 0x1598  Modem - detected LockedFile.Multi.Generic ( 1 )
19:01:41.0506 0x1598  Detect skipped due to KSN trusted
19:01:41.0506 0x1598  Modem - ok
19:01:41.0576 0x1598  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:01:41.0576 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
19:01:41.0576 0x1598  monitor - detected LockedFile.Multi.Generic ( 1 )
19:01:43.0998 0x1598  Detect skipped due to KSN trusted
19:01:43.0998 0x1598  monitor - ok
19:01:44.0048 0x1598  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:01:44.0048 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
19:01:44.0058 0x1598  mouclass - detected LockedFile.Multi.Generic ( 1 )
19:01:46.0448 0x1598  Detect skipped due to KSN trusted
19:01:46.0448 0x1598  mouclass - ok
19:01:46.0518 0x1598  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:01:46.0518 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
19:01:46.0518 0x1598  mouhid - detected LockedFile.Multi.Generic ( 1 )
19:01:48.0900 0x1598  Detect skipped due to KSN trusted
19:01:48.0900 0x1598  mouhid - ok
19:01:48.0940 0x1598  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:01:48.0940 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
19:01:48.0940 0x1598  mountmgr - detected LockedFile.Multi.Generic ( 1 )
19:01:54.0662 0x1598  Detect skipped due to KSN trusted
19:01:54.0662 0x1598  mountmgr - ok
19:01:54.0752 0x1598  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
19:01:54.0762 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
19:01:54.0762 0x1598  mpio - detected LockedFile.Multi.Generic ( 1 )
19:02:04.0764 0x1598  Object is SCO, delete is not allowed
19:02:04.0764 0x1598  mpio ( LockedFile.Multi.Generic ) - warning
19:02:18.0588 0x1598  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:02:18.0588 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
19:02:18.0588 0x1598  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
19:02:28.0590 0x1598  Object is SCO, delete is not allowed
19:02:28.0590 0x1598  mpsdrv ( LockedFile.Multi.Generic ) - warning
19:02:28.0590 0x1598  Force sending object to P2P due to detect: mpsdrv
19:02:34.0398 0x1598  Object send P2P result: false
19:02:34.0578 0x1598  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:02:34.0690 0x1598  MpsSvc - ok
19:02:34.0762 0x1598  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:02:34.0762 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\mrxdav.sys. md5: 1A4F75E63C9FB84B85DFFC6B63FD5404, sha256: 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F
19:02:34.0762 0x1598  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0762 0x1598  Object is SCO, delete is not allowed
19:02:34.0762 0x1598  MRxDAV ( LockedFile.Multi.Generic ) - warning
19:02:34.0802 0x1598  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:02:34.0802 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
19:02:34.0802 0x1598  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0802 0x1598  Object is SCO, delete is not allowed
19:02:34.0802 0x1598  mrxsmb ( LockedFile.Multi.Generic ) - warning
19:02:34.0802 0x1598  Force sending object to P2P due to detect: mrxsmb
19:02:34.0812 0x1598  Object send P2P result: false
19:02:34.0832 0x1598  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:02:34.0832 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
19:02:34.0832 0x1598  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0832 0x1598  Object is SCO, delete is not allowed
19:02:34.0832 0x1598  mrxsmb10 ( LockedFile.Multi.Generic ) - warning
19:02:34.0862 0x1598  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:02:34.0862 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
19:02:34.0862 0x1598  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0862 0x1598  Object is SCO, delete is not allowed
19:02:34.0862 0x1598  mrxsmb20 ( LockedFile.Multi.Generic ) - warning
19:02:34.0862 0x1598  Force sending object to P2P due to detect: mrxsmb20
19:02:34.0862 0x1598  Object send P2P result: false
19:02:34.0892 0x1598  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
19:02:34.0892 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
19:02:34.0892 0x1598  msahci - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0892 0x1598  Object is SCO, delete is not allowed
19:02:34.0892 0x1598  msahci ( LockedFile.Multi.Generic ) - warning
19:02:34.0932 0x1598  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:02:34.0932 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
19:02:34.0932 0x1598  msdsm - detected LockedFile.Multi.Generic ( 1 )
19:02:34.0932 0x1598  Object is SCO, delete is not allowed
19:02:34.0932 0x1598  msdsm ( LockedFile.Multi.Generic ) - warning
19:02:34.0952 0x1598  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
19:02:34.0982 0x1598  MSDTC - ok
19:02:35.0022 0x1598  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:02:35.0022 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
19:02:35.0022 0x1598  Msfs - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0022 0x1598  Object is SCO, delete is not allowed
19:02:35.0022 0x1598  Msfs ( LockedFile.Multi.Generic ) - warning
19:02:35.0022 0x1598  Force sending object to P2P due to detect: Msfs
19:02:35.0022 0x1598  Object send P2P result: false
19:02:35.0052 0x1598  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:02:35.0052 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
19:02:35.0052 0x1598  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0052 0x1598  mshidkmdf ( LockedFile.Multi.Generic ) - warning
19:02:35.0072 0x1598  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:02:35.0072 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
19:02:35.0072 0x1598  msisadrv - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0072 0x1598  Object is SCO, delete is not allowed
19:02:35.0072 0x1598  msisadrv ( LockedFile.Multi.Generic ) - warning
19:02:35.0072 0x1598  Force sending object to P2P due to detect: msisadrv
19:02:35.0082 0x1598  Object send P2P result: false
19:02:35.0102 0x1598  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:02:35.0152 0x1598  MSiSCSI - ok
19:02:35.0152 0x1598  msiserver - ok
19:02:35.0183 0x1598  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:02:35.0183 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
19:02:35.0183 0x1598  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0183 0x1598  Object is SCO, delete is not allowed
19:02:35.0183 0x1598  MSKSSRV ( LockedFile.Multi.Generic ) - warning
19:02:35.0202 0x1598  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:02:35.0202 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
19:02:35.0203 0x1598  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0203 0x1598  Object is SCO, delete is not allowed
19:02:35.0203 0x1598  MSPCLOCK ( LockedFile.Multi.Generic ) - warning
19:02:35.0203 0x1598  Force sending object to P2P due to detect: MSPCLOCK
19:02:35.0204 0x1598  Object send P2P result: false
19:02:35.0219 0x1598  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:02:35.0219 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
19:02:35.0220 0x1598  MSPQM - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0220 0x1598  Object is SCO, delete is not allowed
19:02:35.0220 0x1598  MSPQM ( LockedFile.Multi.Generic ) - warning
19:02:35.0220 0x1598  Force sending object to P2P due to detect: MSPQM
19:02:35.0221 0x1598  Object send P2P result: false
19:02:35.0246 0x1598  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:02:35.0246 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
19:02:35.0247 0x1598  MsRPC - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0247 0x1598  Object is SCO, delete is not allowed
19:02:35.0247 0x1598  MsRPC ( LockedFile.Multi.Generic ) - warning
19:02:35.0247 0x1598  Force sending object to P2P due to detect: MsRPC
19:02:35.0249 0x1598  Object send P2P result: false
19:02:35.0263 0x1598  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:02:35.0264 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
19:02:35.0264 0x1598  mssmbios - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0264 0x1598  Object is SCO, delete is not allowed
19:02:35.0264 0x1598  mssmbios ( LockedFile.Multi.Generic ) - warning
19:02:35.0283 0x1598  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:02:35.0283 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
19:02:35.0284 0x1598  MSTEE - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0284 0x1598  Object is SCO, delete is not allowed
19:02:35.0284 0x1598  MSTEE ( LockedFile.Multi.Generic ) - warning
19:02:35.0284 0x1598  Force sending object to P2P due to detect: MSTEE
19:02:35.0284 0x1598  Object send P2P result: false
19:02:35.0292 0x1598  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:02:35.0292 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
19:02:35.0293 0x1598  MTConfig - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0293 0x1598  MTConfig ( LockedFile.Multi.Generic ) - warning
19:02:35.0293 0x1598  Force sending object to P2P due to detect: MTConfig
19:02:35.0302 0x1598  Object send P2P result: false
19:02:35.0309 0x1598  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
19:02:35.0309 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
19:02:35.0309 0x1598  Mup - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0310 0x1598  Object is SCO, delete is not allowed
19:02:35.0310 0x1598  Mup ( LockedFile.Multi.Generic ) - warning
19:02:35.0347 0x1598  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
19:02:35.0424 0x1598  napagent - ok
19:02:35.0476 0x1598  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:02:35.0476 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
19:02:35.0476 0x1598  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0476 0x1598  Object is SCO, delete is not allowed
19:02:35.0476 0x1598  NativeWifiP ( LockedFile.Multi.Generic ) - warning
19:02:35.0476 0x1598  Force sending object to P2P due to detect: NativeWifiP
19:02:35.0476 0x1598  Object send P2P result: false
19:02:35.0536 0x1598  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
19:02:35.0536 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
19:02:35.0536 0x1598  NDIS - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0536 0x1598  Object is SCO, delete is not allowed
19:02:35.0536 0x1598  NDIS ( LockedFile.Multi.Generic ) - warning
19:02:35.0578 0x1598  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:02:35.0579 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
19:02:35.0579 0x1598  NdisCap - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0579 0x1598  NdisCap ( LockedFile.Multi.Generic ) - warning
19:02:35.0579 0x1598  Force sending object to P2P due to detect: NdisCap
19:02:35.0580 0x1598  Object send P2P result: false
19:02:35.0598 0x1598  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:02:35.0608 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
19:02:35.0608 0x1598  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0608 0x1598  Object is SCO, delete is not allowed
19:02:35.0608 0x1598  NdisTapi ( LockedFile.Multi.Generic ) - warning
19:02:35.0608 0x1598  Force sending object to P2P due to detect: NdisTapi
19:02:35.0608 0x1598  Object send P2P result: false
19:02:35.0608 0x1598  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:02:35.0608 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
19:02:35.0608 0x1598  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0608 0x1598  Object is SCO, delete is not allowed
19:02:35.0608 0x1598  Ndisuio ( LockedFile.Multi.Generic ) - warning
19:02:35.0608 0x1598  Force sending object to P2P due to detect: Ndisuio
19:02:35.0608 0x1598  Object send P2P result: false
19:02:35.0628 0x1598  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:02:35.0628 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
19:02:35.0628 0x1598  NdisWan - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0628 0x1598  Object is SCO, delete is not allowed
19:02:35.0628 0x1598  NdisWan ( LockedFile.Multi.Generic ) - warning
19:02:35.0638 0x1598  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:02:35.0638 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
19:02:35.0638 0x1598  NDProxy - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0638 0x1598  Object is SCO, delete is not allowed
19:02:35.0638 0x1598  NDProxy ( LockedFile.Multi.Generic ) - warning
19:02:35.0728 0x1598  [ 87C61A17E908AEF1C63FBAF915C0B452, 75B41D36CC82A7B770B32C8309258C61A705E6F7C12E61404125F76D81BE344E ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
19:02:35.0748 0x1598  NeroMediaHomeService.4 - ok
19:02:35.0758 0x1598  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:02:35.0758 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
19:02:35.0758 0x1598  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0758 0x1598  Object is SCO, delete is not allowed
19:02:35.0758 0x1598  NetBIOS ( LockedFile.Multi.Generic ) - warning
19:02:35.0788 0x1598  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:02:35.0788 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
19:02:35.0788 0x1598  NetBT - detected LockedFile.Multi.Generic ( 1 )
19:02:35.0798 0x1598  Object is SCO, delete is not allowed
19:02:35.0798 0x1598  NetBT ( LockedFile.Multi.Generic ) - warning
19:02:35.0818 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
19:02:35.0828 0x1598  Netlogon - ok
19:02:35.0878 0x1598  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
19:02:35.0938 0x1598  Netman - ok
19:02:35.0998 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0058 0x1598  NetMsmqActivator - ok
19:02:36.0068 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0088 0x1598  NetPipeActivator - ok
19:02:36.0148 0x1598  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
19:02:36.0208 0x1598  netprofm - ok
19:02:36.0238 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0258 0x1598  NetTcpActivator - ok
19:02:36.0258 0x1598  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:36.0278 0x1598  NetTcpPortSharing - ok
19:02:36.0689 0x1598  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
19:02:36.0689 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\NETwNs64.sys. md5: B51E9AD4F4E4F8DBE0AB882756BC5DAB, sha256: 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3
19:02:36.0699 0x1598  NETwNs64 - detected LockedFile.Multi.Generic ( 1 )
19:02:36.0709 0x1598  NETwNs64 ( LockedFile.Multi.Generic ) - warning
19:02:36.0739 0x1598  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:02:36.0739 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
19:02:36.0749 0x1598  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
19:02:36.0749 0x1598  Object is SCO, delete is not allowed
19:02:36.0749 0x1598  nfrd960 ( LockedFile.Multi.Generic ) - warning
19:02:36.0799 0x1598  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:02:36.0839 0x1598  NlaSvc - ok
19:02:37.0069 0x1598  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:02:37.0149 0x1598  NOBU - ok
19:02:37.0169 0x1598  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:02:37.0169 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
19:02:37.0169 0x1598  Npfs - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0169 0x1598  Object is SCO, delete is not allowed
19:02:37.0169 0x1598  Npfs ( LockedFile.Multi.Generic ) - warning
19:02:37.0199 0x1598  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
19:02:37.0259 0x1598  nsi - ok
19:02:37.0269 0x1598  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:02:37.0269 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
19:02:37.0269 0x1598  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0269 0x1598  Object is SCO, delete is not allowed
19:02:37.0269 0x1598  nsiproxy ( LockedFile.Multi.Generic ) - warning
19:02:37.0269 0x1598  Force sending object to P2P due to detect: nsiproxy
19:02:37.0269 0x1598  Object send P2P result: false
19:02:37.0349 0x1598  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:02:37.0349 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Ntfs.sys. md5: 1A29A59A4C5BA6F8C85062A613B7E2B2, sha256: CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1
19:02:37.0359 0x1598  Ntfs - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0359 0x1598  Object is SCO, delete is not allowed
19:02:37.0359 0x1598  Ntfs ( LockedFile.Multi.Generic ) - warning
19:02:37.0369 0x1598  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
19:02:37.0369 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
19:02:37.0369 0x1598  Null - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0369 0x1598  Object is SCO, delete is not allowed
19:02:37.0369 0x1598  Null ( LockedFile.Multi.Generic ) - warning
19:02:37.0369 0x1598  Force sending object to P2P due to detect: Null
19:02:37.0369 0x1598  Object send P2P result: false
19:02:37.0882 0x1598  [ 70E89A21827B2669AF906B703C7C48B5, 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
19:02:37.0882 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\nvlddmkm.sys. md5: 70E89A21827B2669AF906B703C7C48B5, sha256: 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885
19:02:37.0931 0x1598  nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0931 0x1598  nvlddmkm ( LockedFile.Multi.Generic ) - warning
19:02:37.0951 0x1598  [ 4B9C0C2BF78289513101EB0D44834701, 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
19:02:37.0951 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\nvpciflt.sys. md5: 4B9C0C2BF78289513101EB0D44834701, sha256: 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8
19:02:37.0951 0x1598  nvpciflt - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0951 0x1598  nvpciflt ( LockedFile.Multi.Generic ) - warning
19:02:37.0991 0x1598  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:02:37.0991 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
19:02:37.0991 0x1598  nvraid - detected LockedFile.Multi.Generic ( 1 )
19:02:37.0991 0x1598  Object is SCO, delete is not allowed
19:02:37.0991 0x1598  nvraid ( LockedFile.Multi.Generic ) - warning
19:02:38.0011 0x1598  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:02:38.0011 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
19:02:38.0011 0x1598  nvstor - detected LockedFile.Multi.Generic ( 1 )
19:02:38.0011 0x1598  Object is SCO, delete is not allowed
19:02:38.0011 0x1598  nvstor ( LockedFile.Multi.Generic ) - warning
19:02:38.0111 0x1598  [ E04FCE1D149CF05C3449E3171F9C3E41, 6BDD089B5A0C03CE1E9F63275AE35B8B66185B3E81DFF97F59423B9C35BEEBA7 ] NVSvc           C:\windows\system32\nvvsvc.exe
19:02:38.0141 0x1598  NVSvc - ok
19:02:38.0271 0x1598  [ D96DDEA6C699A99832E0186057801971, 374BB617335CC243F903447194B7EFC63222FD163BB9FA8C87616715C5120BF0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:02:38.0332 0x1598  nvUpdatusService - ok
19:02:38.0362 0x1598  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:02:38.0362 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
19:02:38.0362 0x1598  nv_agp - detected LockedFile.Multi.Generic ( 1 )
19:02:38.0362 0x1598  Object is SCO, delete is not allowed
19:02:38.0362 0x1598  nv_agp ( LockedFile.Multi.Generic ) - warning
19:02:38.0372 0x1598  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:02:38.0372 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
19:02:38.0372 0x1598  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
19:02:38.0372 0x1598  Object is SCO, delete is not allowed
19:02:38.0372 0x1598  ohci1394 ( LockedFile.Multi.Generic ) - warning
19:02:38.0372 0x1598  Force sending object to P2P due to detect: ohci1394
19:02:38.0372 0x1598  Object send P2P result: false
19:02:38.0402 0x1598  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:38.0412 0x1598  ose - ok
         

Alt 08.01.2015, 19:37   #14
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Das Log ist unvollständig, schau mal bitte nochma.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2015, 21:04   #15
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Das ist in 2 Teile zerlegt weil das mit den Zeichen zu viel war und trotzdem unvollständig?
Wie kann ich dies sonst alles in einem hochladen??

VG Mirko

Sorry ja habe meinen Fehler gesehen die untere Hälfte fehlt
VG Mirko

so jetzt die untere Hälfte des Logs:
Code:
ATTFilter
19:02:38.0652 0x1598  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:02:38.0892 0x1598  osppsvc - ok
19:02:38.0942 0x1598  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:02:39.0002 0x1598  p2pimsvc - ok
19:02:39.0042 0x1598  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
19:02:39.0082 0x1598  p2psvc - ok
19:02:39.0112 0x1598  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
19:02:39.0112 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
19:02:39.0112 0x1598  Parport - detected LockedFile.Multi.Generic ( 1 )
19:02:39.0112 0x1598  Object is SCO, delete is not allowed
19:02:39.0112 0x1598  Parport ( LockedFile.Multi.Generic ) - warning
19:02:39.0112 0x1598  Force sending object to P2P due to detect: Parport
19:02:39.0112 0x1598  Object send P2P result: false
19:02:39.0142 0x1598  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:02:39.0142 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
19:02:39.0142 0x1598  partmgr - detected LockedFile.Multi.Generic ( 1 )
19:02:39.0142 0x1598  Object is SCO, delete is not allowed
19:02:39.0142 0x1598  partmgr ( LockedFile.Multi.Generic ) - warning
19:02:39.0142 0x1598  Force sending object to P2P due to detect: partmgr
19:02:39.0142 0x1598  Object send P2P result: false
19:02:39.0182 0x1598  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
19:02:39.0212 0x1598  PcaSvc - ok
19:02:39.0232 0x1598  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
19:02:39.0232 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
19:02:39.0232 0x1598  pci - detected LockedFile.Multi.Generic ( 1 )
19:02:39.0232 0x1598  Object is SCO, delete is not allowed
19:02:39.0232 0x1598  pci ( LockedFile.Multi.Generic ) - warning
19:02:39.0232 0x1598  Force sending object to P2P due to detect: pci
19:02:39.0232 0x1598  Object send P2P result: false
19:02:39.0262 0x1598  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
19:02:39.0262 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
19:02:39.0262 0x1598  pciide - detected LockedFile.Multi.Generic ( 1 )
19:02:39.0262 0x1598  Object is SCO, delete is not allowed
19:02:39.0262 0x1598  pciide ( LockedFile.Multi.Generic ) - warning
19:02:39.0282 0x1598  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:02:39.0282 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
19:02:39.0282 0x1598  pcmcia - detected LockedFile.Multi.Generic ( 1 )
19:02:39.0282 0x1598  Object is SCO, delete is not allowed
19:02:39.0282 0x1598  pcmcia ( LockedFile.Multi.Generic ) - warning
19:02:39.0282 0x1598  Force sending object to P2P due to detect: pcmcia
19:02:39.0282 0x1598  Object send P2P result: false
19:02:39.0302 0x1598  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
19:02:39.0302 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
19:02:39.0302 0x1598  pcw - detected LockedFile.Multi.Generic ( 1 )
19:02:39.0302 0x1598  pcw ( LockedFile.Multi.Generic ) - warning
19:02:39.0302 0x1598  Force sending object to P2P due to detect: pcw
19:02:39.0302 0x1598  Object send P2P result: false
19:02:39.0342 0x1598  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:02:39.0342 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
19:02:39.0362 0x1598  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
19:02:39.0362 0x1598  Object is SCO, delete is not allowed
19:02:39.0362 0x1598  PEAUTH ( LockedFile.Multi.Generic ) - warning
19:02:39.0362 0x1598  Force sending object to P2P due to detect: PEAUTH
19:02:39.0362 0x1598  Object send P2P result: false
19:02:39.0442 0x1598  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:02:39.0472 0x1598  PerfHost - ok
19:02:39.0572 0x1598  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
19:02:39.0672 0x1598  pla - ok
19:02:39.0742 0x1598  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:02:39.0812 0x1598  PlugPlay - ok
19:02:39.0832 0x1598  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:02:39.0862 0x1598  PNRPAutoReg - ok
19:02:39.0892 0x1598  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:02:39.0922 0x1598  PNRPsvc - ok
19:02:39.0962 0x1598  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:02:40.0012 0x1598  PolicyAgent - ok
19:02:40.0042 0x1598  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
19:02:40.0092 0x1598  Power - ok
19:02:40.0122 0x1598  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:02:40.0122 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
19:02:40.0122 0x1598  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0122 0x1598  Object is SCO, delete is not allowed
19:02:40.0122 0x1598  PptpMiniport ( LockedFile.Multi.Generic ) - warning
19:02:40.0122 0x1598  Force sending object to P2P due to detect: PptpMiniport
19:02:40.0122 0x1598  Object send P2P result: false
19:02:40.0142 0x1598  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
19:02:40.0142 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
19:02:40.0142 0x1598  Processor - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0142 0x1598  Object is SCO, delete is not allowed
19:02:40.0142 0x1598  Processor ( LockedFile.Multi.Generic ) - warning
19:02:40.0142 0x1598  Force sending object to P2P due to detect: Processor
19:02:40.0142 0x1598  Object send P2P result: false
19:02:40.0162 0x1598  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
19:02:40.0212 0x1598  ProfSvc - ok
19:02:40.0232 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
19:02:40.0242 0x1598  ProtectedStorage - ok
19:02:40.0272 0x1598  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:02:40.0272 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
19:02:40.0272 0x1598  Psched - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0272 0x1598  Object is SCO, delete is not allowed
19:02:40.0272 0x1598  Psched ( LockedFile.Multi.Generic ) - warning
19:02:40.0272 0x1598  Force sending object to P2P due to detect: Psched
19:02:40.0272 0x1598  Object send P2P result: false
19:02:40.0342 0x1598  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:02:40.0342 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
19:02:40.0342 0x1598  ql2300 - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0352 0x1598  Object is SCO, delete is not allowed
19:02:40.0352 0x1598  ql2300 ( LockedFile.Multi.Generic ) - warning
19:02:40.0362 0x1598  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:02:40.0362 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
19:02:40.0362 0x1598  ql40xx - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0362 0x1598  Object is SCO, delete is not allowed
19:02:40.0362 0x1598  ql40xx ( LockedFile.Multi.Generic ) - warning
19:02:40.0362 0x1598  Force sending object to P2P due to detect: ql40xx
19:02:40.0362 0x1598  Object send P2P result: false
19:02:40.0402 0x1598  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
19:02:40.0422 0x1598  QWAVE - ok
19:02:40.0452 0x1598  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:02:40.0452 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
19:02:40.0452 0x1598  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0452 0x1598  Object is SCO, delete is not allowed
19:02:40.0452 0x1598  QWAVEdrv ( LockedFile.Multi.Generic ) - warning
19:02:40.0452 0x1598  Force sending object to P2P due to detect: QWAVEdrv
19:02:40.0452 0x1598  Object send P2P result: false
19:02:40.0452 0x1598  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:02:40.0452 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
19:02:40.0452 0x1598  RasAcd - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0452 0x1598  Object is SCO, delete is not allowed
19:02:40.0452 0x1598  RasAcd ( LockedFile.Multi.Generic ) - warning
19:02:40.0452 0x1598  Force sending object to P2P due to detect: RasAcd
19:02:40.0452 0x1598  Object send P2P result: false
19:02:40.0492 0x1598  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:02:40.0492 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
19:02:40.0492 0x1598  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0492 0x1598  RasAgileVpn ( LockedFile.Multi.Generic ) - warning
19:02:40.0492 0x1598  Force sending object to P2P due to detect: RasAgileVpn
19:02:40.0492 0x1598  Object send P2P result: false
19:02:40.0512 0x1598  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
19:02:40.0562 0x1598  RasAuto - ok
19:02:40.0592 0x1598  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:02:40.0592 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
19:02:40.0592 0x1598  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0592 0x1598  Object is SCO, delete is not allowed
19:02:40.0592 0x1598  Rasl2tp ( LockedFile.Multi.Generic ) - warning
19:02:40.0592 0x1598  Force sending object to P2P due to detect: Rasl2tp
19:02:40.0592 0x1598  Object send P2P result: false
19:02:40.0622 0x1598  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
19:02:40.0672 0x1598  RasMan - ok
19:02:40.0702 0x1598  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:02:40.0702 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
19:02:40.0702 0x1598  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0702 0x1598  Object is SCO, delete is not allowed
19:02:40.0702 0x1598  RasPppoe ( LockedFile.Multi.Generic ) - warning
19:02:40.0702 0x1598  Force sending object to P2P due to detect: RasPppoe
19:02:40.0702 0x1598  Object send P2P result: false
19:02:40.0722 0x1598  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:02:40.0722 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
19:02:40.0722 0x1598  RasSstp - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0722 0x1598  Object is SCO, delete is not allowed
19:02:40.0722 0x1598  RasSstp ( LockedFile.Multi.Generic ) - warning
19:02:40.0722 0x1598  Force sending object to P2P due to detect: RasSstp
19:02:40.0722 0x1598  Object send P2P result: false
19:02:40.0752 0x1598  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:02:40.0752 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
19:02:40.0752 0x1598  rdbss - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0752 0x1598  Object is SCO, delete is not allowed
19:02:40.0752 0x1598  rdbss ( LockedFile.Multi.Generic ) - warning
19:02:40.0772 0x1598  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:02:40.0772 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
19:02:40.0772 0x1598  rdpbus - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0772 0x1598  rdpbus ( LockedFile.Multi.Generic ) - warning
19:02:40.0792 0x1598  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:02:40.0792 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
19:02:40.0792 0x1598  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0792 0x1598  Object is SCO, delete is not allowed
19:02:40.0792 0x1598  RDPCDD ( LockedFile.Multi.Generic ) - warning
19:02:40.0822 0x1598  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:02:40.0822 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
19:02:40.0822 0x1598  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0822 0x1598  Object is SCO, delete is not allowed
19:02:40.0822 0x1598  RDPENCDD ( LockedFile.Multi.Generic ) - warning
19:02:40.0822 0x1598  Force sending object to P2P due to detect: RDPENCDD
19:02:40.0822 0x1598  Object send P2P result: false
19:02:40.0822 0x1598  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:02:40.0822 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
19:02:40.0822 0x1598  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0822 0x1598  RDPREFMP ( LockedFile.Multi.Generic ) - warning
19:02:40.0912 0x1598  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:02:40.0912 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
19:02:40.0912 0x1598  RDPWD - detected LockedFile.Multi.Generic ( 1 )
19:02:40.0912 0x1598  Object is SCO, delete is not allowed
19:02:40.0912 0x1598  RDPWD ( LockedFile.Multi.Generic ) - warning
19:02:41.0012 0x1598  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:02:41.0012 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
19:02:41.0032 0x1598  rdyboost - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0032 0x1598  rdyboost ( LockedFile.Multi.Generic ) - warning
19:02:41.0062 0x1598  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:02:41.0142 0x1598  RemoteAccess - ok
19:02:41.0162 0x1598  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:02:41.0222 0x1598  RemoteRegistry - ok
19:02:41.0252 0x1598  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:02:41.0252 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932, sha256: 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D
19:02:41.0262 0x1598  RFCOMM - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0262 0x1598  RFCOMM ( LockedFile.Multi.Generic ) - warning
19:02:41.0332 0x1598  [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:02:41.0362 0x1598  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
19:02:41.0362 0x1598  RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:02:41.0392 0x1598  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:02:41.0432 0x1598  RpcEptMapper - ok
19:02:41.0452 0x1598  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
19:02:41.0472 0x1598  RpcLocator - ok
19:02:41.0502 0x1598  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
19:02:41.0552 0x1598  RpcSs - ok
19:02:41.0592 0x1598  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:02:41.0592 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
19:02:41.0592 0x1598  rspndr - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0592 0x1598  Object is SCO, delete is not allowed
19:02:41.0592 0x1598  rspndr ( LockedFile.Multi.Generic ) - warning
19:02:41.0662 0x1598  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
19:02:41.0672 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\Rt64win7.sys. md5: F4C374B1C46DE294B573BB43723AC3F6, sha256: 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10
19:02:41.0672 0x1598  RTL8167 - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0672 0x1598  RTL8167 ( LockedFile.Multi.Generic ) - warning
19:02:41.0732 0x1598  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
19:02:41.0732 0x1598  Suspicious file ( NoAccess ): C:\windows\SysWOW64\drivers\rtport.sys. md5: 4CA0DBA9E224473D664C25E411F5A3BD, sha256: 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5
19:02:41.0732 0x1598  rtport - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0732 0x1598  rtport ( LockedFile.Multi.Generic ) - warning
19:02:41.0772 0x1598  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
19:02:41.0772 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\SABI.sys. md5: 62DB6CC4B0818F1B5F3441241B098F12, sha256: 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21
19:02:41.0772 0x1598  SABI - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0772 0x1598  SABI ( LockedFile.Multi.Generic ) - warning
19:02:41.0772 0x1598  Force sending object to P2P due to detect: SABI
19:02:41.0772 0x1598  Object send P2P result: false
19:02:41.0802 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\windows\system32\lsass.exe
19:02:41.0822 0x1598  SamSs - ok
19:02:41.0862 0x1598  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:02:41.0862 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
19:02:41.0862 0x1598  sbp2port - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0862 0x1598  Object is SCO, delete is not allowed
19:02:41.0862 0x1598  sbp2port ( LockedFile.Multi.Generic ) - warning
19:02:41.0862 0x1598  Force sending object to P2P due to detect: sbp2port
19:02:41.0862 0x1598  Object send P2P result: false
19:02:41.0912 0x1598  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:02:41.0972 0x1598  SCardSvr - ok
19:02:41.0982 0x1598  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:02:41.0982 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
19:02:41.0982 0x1598  scfilter - detected LockedFile.Multi.Generic ( 1 )
19:02:41.0982 0x1598  scfilter ( LockedFile.Multi.Generic ) - warning
19:02:42.0032 0x1598  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
19:02:42.0112 0x1598  Schedule - ok
19:02:42.0142 0x1598  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
19:02:42.0172 0x1598  SCPolicySvc - ok
19:02:42.0202 0x1598  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:02:42.0242 0x1598  SDRSVC - ok
19:02:42.0382 0x1598  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:02:42.0442 0x1598  SDScannerService - ok
19:02:42.0542 0x1598  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:02:42.0612 0x1598  SDUpdateService - ok
19:02:42.0622 0x1598  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:02:42.0642 0x1598  SDWSCService - ok
19:02:42.0692 0x1598  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:02:42.0722 0x1598  SeaPort - ok
19:02:42.0742 0x1598  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:02:42.0752 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
19:02:42.0752 0x1598  secdrv - detected LockedFile.Multi.Generic ( 1 )
19:02:42.0752 0x1598  secdrv ( LockedFile.Multi.Generic ) - warning
19:02:42.0772 0x1598  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
19:02:42.0822 0x1598  seclogon - ok
19:02:42.0832 0x1598  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
19:02:42.0892 0x1598  SENS - ok
19:02:42.0932 0x1598  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:02:42.0992 0x1598  SensrSvc - ok
19:02:43.0022 0x1598  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
19:02:43.0022 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
19:02:43.0022 0x1598  Serenum - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0022 0x1598  Object is SCO, delete is not allowed
19:02:43.0022 0x1598  Serenum ( LockedFile.Multi.Generic ) - warning
19:02:43.0022 0x1598  Force sending object to P2P due to detect: Serenum
19:02:43.0022 0x1598  Object send P2P result: false
19:02:43.0052 0x1598  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
19:02:43.0052 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
19:02:43.0052 0x1598  Serial - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0052 0x1598  Object is SCO, delete is not allowed
19:02:43.0052 0x1598  Serial ( LockedFile.Multi.Generic ) - warning
19:02:43.0052 0x1598  Force sending object to P2P due to detect: Serial
19:02:43.0052 0x1598  Object send P2P result: false
19:02:43.0072 0x1598  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:02:43.0072 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
19:02:43.0072 0x1598  sermouse - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0072 0x1598  Object is SCO, delete is not allowed
19:02:43.0072 0x1598  sermouse ( LockedFile.Multi.Generic ) - warning
19:02:43.0072 0x1598  Force sending object to P2P due to detect: sermouse
19:02:43.0072 0x1598  Object send P2P result: false
19:02:43.0102 0x1598  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
19:02:43.0152 0x1598  SessionEnv - ok
19:02:43.0162 0x1598  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:02:43.0162 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
19:02:43.0162 0x1598  sffdisk - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0162 0x1598  Object is SCO, delete is not allowed
19:02:43.0162 0x1598  sffdisk ( LockedFile.Multi.Generic ) - warning
19:02:43.0182 0x1598  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:02:43.0182 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
19:02:43.0182 0x1598  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0182 0x1598  Object is SCO, delete is not allowed
19:02:43.0182 0x1598  sffp_mmc ( LockedFile.Multi.Generic ) - warning
19:02:43.0182 0x1598  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:02:43.0182 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
19:02:43.0182 0x1598  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0182 0x1598  Object is SCO, delete is not allowed
19:02:43.0182 0x1598  sffp_sd ( LockedFile.Multi.Generic ) - warning
19:02:43.0182 0x1598  Force sending object to P2P due to detect: sffp_sd
19:02:43.0182 0x1598  Object send P2P result: false
19:02:43.0192 0x1598  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:02:43.0192 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
19:02:43.0192 0x1598  sfloppy - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0192 0x1598  Object is SCO, delete is not allowed
19:02:43.0192 0x1598  sfloppy ( LockedFile.Multi.Generic ) - warning
19:02:43.0262 0x1598  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
19:02:43.0262 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\Sftfslh.sys. md5: 2046AA7491DE7EFA4D70E615D9BC9D09, sha256: A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489
19:02:43.0272 0x1598  Sftfs - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0272 0x1598  Sftfs ( LockedFile.Multi.Generic ) - warning
19:02:43.0333 0x1598  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:02:43.0363 0x1598  sftlist - ok
19:02:43.0383 0x1598  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
19:02:43.0383 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\Sftplaylh.sys. md5: 0E0446BC4D51BE4263ACB7E33491191C, sha256: 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70
19:02:43.0383 0x1598  Sftplay - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0383 0x1598  Sftplay ( LockedFile.Multi.Generic ) - warning
19:02:43.0413 0x1598  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
19:02:43.0413 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\Sftredirlh.sys. md5: C5FB982CD266E604ED3142102C26D62C, sha256: A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5
19:02:43.0413 0x1598  Sftredir - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0413 0x1598  Sftredir ( LockedFile.Multi.Generic ) - warning
19:02:43.0413 0x1598  Force sending object to P2P due to detect: Sftredir
19:02:43.0413 0x1598  Object send P2P result: false
19:02:43.0433 0x1598  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
19:02:43.0433 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\Sftvollh.sys. md5: 2575511AF67AA1FA068CCC4918E2C2A3, sha256: 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D
19:02:43.0433 0x1598  Sftvol - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0433 0x1598  Sftvol ( LockedFile.Multi.Generic ) - warning
19:02:43.0433 0x1598  Force sending object to P2P due to detect: Sftvol
19:02:43.0433 0x1598  Object send P2P result: false
19:02:43.0453 0x1598  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:02:43.0463 0x1598  sftvsa - ok
19:02:43.0493 0x1598  [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv           C:\windows\system32\DRIVERS\SGdrv64.sys
19:02:43.0503 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\SGdrv64.sys. md5: 2FE1CD3AA602414841DB10AD96C95A5E, sha256: 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326
19:02:43.0503 0x1598  SGDrv - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0503 0x1598  SGDrv ( LockedFile.Multi.Generic ) - warning
19:02:43.0543 0x1598  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:02:43.0603 0x1598  SharedAccess - ok
19:02:43.0633 0x1598  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:02:43.0683 0x1598  ShellHWDetection - ok
19:02:43.0713 0x1598  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:02:43.0713 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
19:02:43.0713 0x1598  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0713 0x1598  Object is SCO, delete is not allowed
19:02:43.0713 0x1598  SiSRaid2 ( LockedFile.Multi.Generic ) - warning
19:02:43.0733 0x1598  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:02:43.0733 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
19:02:43.0733 0x1598  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0733 0x1598  Object is SCO, delete is not allowed
19:02:43.0733 0x1598  SiSRaid4 ( LockedFile.Multi.Generic ) - warning
19:02:43.0783 0x1598  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:02:43.0823 0x1598  SkypeUpdate - ok
19:02:43.0853 0x1598  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:02:43.0853 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
19:02:43.0853 0x1598  Smb - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0853 0x1598  Object is SCO, delete is not allowed
19:02:43.0853 0x1598  Smb ( LockedFile.Multi.Generic ) - warning
19:02:43.0853 0x1598  Force sending object to P2P due to detect: Smb
19:02:43.0853 0x1598  Object send P2P result: false
19:02:43.0903 0x1598  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:02:43.0943 0x1598  SNMPTRAP - ok
19:02:43.0963 0x1598  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
19:02:43.0963 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
19:02:43.0963 0x1598  spldr - detected LockedFile.Multi.Generic ( 1 )
19:02:43.0963 0x1598  Object is SCO, delete is not allowed
19:02:43.0963 0x1598  spldr ( LockedFile.Multi.Generic ) - warning
19:02:43.0963 0x1598  Force sending object to P2P due to detect: spldr
19:02:43.0963 0x1598  Object send P2P result: false
19:02:44.0013 0x1598  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
19:02:44.0063 0x1598  Spooler - ok
19:02:44.0213 0x1598  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
19:02:44.0363 0x1598  sppsvc - ok
19:02:44.0383 0x1598  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:02:44.0433 0x1598  sppuinotify - ok
19:02:44.0473 0x1598  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
19:02:44.0473 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
19:02:44.0473 0x1598  srv - detected LockedFile.Multi.Generic ( 1 )
19:02:44.0473 0x1598  Object is SCO, delete is not allowed
19:02:44.0473 0x1598  srv ( LockedFile.Multi.Generic ) - warning
19:02:44.0473 0x1598  Force sending object to P2P due to detect: srv
19:02:44.0483 0x1598  Object send P2P result: false
19:02:44.0493 0x1598  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:02:44.0493 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
19:02:44.0493 0x1598  srv2 - detected LockedFile.Multi.Generic ( 1 )
19:02:44.0493 0x1598  Object is SCO, delete is not allowed
19:02:44.0493 0x1598  srv2 ( LockedFile.Multi.Generic ) - warning
19:02:44.0513 0x1598  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:02:44.0513 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
19:02:44.0513 0x1598  srvnet - detected LockedFile.Multi.Generic ( 1 )
19:02:44.0513 0x1598  Object is SCO, delete is not allowed
19:02:44.0513 0x1598  srvnet ( LockedFile.Multi.Generic ) - warning
19:02:44.0543 0x1598  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:02:44.0623 0x1598  SSDPSRV - ok
19:02:44.0653 0x1598  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:02:44.0683 0x1598  SstpSvc - ok
19:02:44.0713 0x1598  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:02:44.0713 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
19:02:44.0713 0x1598  stexstor - detected LockedFile.Multi.Generic ( 1 )
19:02:44.0713 0x1598  stexstor ( LockedFile.Multi.Generic ) - warning
19:02:44.0763 0x1598  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
19:02:44.0813 0x1598  stisvc - ok
19:02:44.0843 0x1598  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:02:44.0843 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
19:02:44.0863 0x1598  swenum - detected LockedFile.Multi.Generic ( 1 )
19:02:44.0863 0x1598  Object is SCO, delete is not allowed
19:02:44.0863 0x1598  swenum ( LockedFile.Multi.Generic ) - warning
19:02:44.0863 0x1598  Force sending object to P2P due to detect: swenum
19:02:44.0863 0x1598  Object send P2P result: false
19:02:44.0923 0x1598  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
19:02:44.0993 0x1598  swprv - ok
19:02:45.0073 0x1598  SWUpdateService - ok
19:02:45.0183 0x1598  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
19:02:45.0263 0x1598  SysMain - ok
19:02:45.0293 0x1598  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
19:02:45.0333 0x1598  TabletInputService - ok
19:02:45.0353 0x1598  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
19:02:45.0403 0x1598  TapiSrv - ok
19:02:45.0423 0x1598  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
19:02:45.0473 0x1598  TBS - ok
19:02:45.0593 0x1598  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:02:45.0593 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\tcpip.sys. md5: 40AF23633D197905F03AB5628C558C51, sha256: 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C
19:02:45.0613 0x1598  Tcpip - detected LockedFile.Multi.Generic ( 1 )
19:02:45.0613 0x1598  Object is SCO, delete is not allowed
19:02:45.0613 0x1598  Tcpip ( LockedFile.Multi.Generic ) - warning
19:02:45.0613 0x1598  Force sending object to P2P due to detect: Tcpip
19:02:45.0613 0x1598  Object send P2P result: false
19:02:45.0693 0x1598  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:02:45.0693 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\tcpip.sys. md5: 40AF23633D197905F03AB5628C558C51, sha256: 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C
19:02:45.0703 0x1598  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
19:02:45.0703 0x1598  Object is SCO, delete is not allowed
19:02:45.0703 0x1598  TCPIP6 ( LockedFile.Multi.Generic ) - warning
19:02:45.0733 0x1598  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:02:45.0733 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\tcpipreg.sys. md5: 1B16D0BD9841794A6E0CDE0CEF744ABC, sha256: 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C
19:02:45.0733 0x1598  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
19:02:45.0733 0x1598  Object is SCO, delete is not allowed
19:02:45.0733 0x1598  tcpipreg ( LockedFile.Multi.Generic ) - warning
19:02:45.0733 0x1598  Force sending object to P2P due to detect: tcpipreg
19:02:45.0733 0x1598  Object send P2P result: false
19:02:45.0763 0x1598  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:02:45.0763 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
19:02:45.0763 0x1598  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
19:02:45.0763 0x1598  Object is SCO, delete is not allowed
19:02:45.0763 0x1598  TDPIPE ( LockedFile.Multi.Generic ) - warning
19:02:45.0763 0x1598  Force sending object to P2P due to detect: TDPIPE
19:02:45.0773 0x1598  Object send P2P result: false
19:02:45.0793 0x1598  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:02:45.0793 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
19:02:45.0803 0x1598  TDTCP - detected LockedFile.Multi.Generic ( 1 )
19:02:45.0803 0x1598  Object is SCO, delete is not allowed
19:02:45.0803 0x1598  TDTCP ( LockedFile.Multi.Generic ) - warning
19:02:45.0803 0x1598  Force sending object to P2P due to detect: TDTCP
19:02:45.0803 0x1598  Object send P2P result: false
19:02:45.0833 0x1598  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:02:45.0833 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
19:02:45.0833 0x1598  tdx - detected LockedFile.Multi.Generic ( 1 )
19:02:45.0833 0x1598  Object is SCO, delete is not allowed
19:02:45.0833 0x1598  tdx ( LockedFile.Multi.Generic ) - warning
19:02:45.0833 0x1598  Force sending object to P2P due to detect: tdx
19:02:45.0843 0x1598  Object send P2P result: false
19:02:45.0863 0x1598  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:02:45.0863 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
19:02:45.0863 0x1598  TermDD - detected LockedFile.Multi.Generic ( 1 )
19:02:45.0863 0x1598  Object is SCO, delete is not allowed
19:02:45.0863 0x1598  TermDD ( LockedFile.Multi.Generic ) - warning
19:02:45.0913 0x1598  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
19:02:45.0993 0x1598  TermService - ok
19:02:46.0013 0x1598  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
19:02:46.0033 0x1598  Themes - ok
19:02:46.0063 0x1598  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
19:02:46.0103 0x1598  THREADORDER - ok
19:02:46.0133 0x1598  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
19:02:46.0183 0x1598  TrkWks - ok
19:02:46.0243 0x1598  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:02:46.0293 0x1598  TrustedInstaller - ok
19:02:46.0323 0x1598  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:02:46.0323 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300
19:02:46.0323 0x1598  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0323 0x1598  Object is SCO, delete is not allowed
19:02:46.0323 0x1598  tssecsrv ( LockedFile.Multi.Generic ) - warning
19:02:46.0353 0x1598  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:02:46.0353 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
19:02:46.0353 0x1598  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0353 0x1598  TsUsbFlt ( LockedFile.Multi.Generic ) - warning
19:02:46.0353 0x1598  Force sending object to P2P due to detect: TsUsbFlt
19:02:46.0353 0x1598  Object send P2P result: false
19:02:46.0363 0x1598  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:02:46.0363 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\TsUsbGD.sys. md5: 9CC2CCAE8A84820EAECB886D477CBCB8, sha256: 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804
19:02:46.0363 0x1598  TsUsbGD - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0363 0x1598  TsUsbGD ( LockedFile.Multi.Generic ) - warning
19:02:46.0363 0x1598  Force sending object to P2P due to detect: TsUsbGD
19:02:46.0363 0x1598  Object send P2P result: false
19:02:46.0393 0x1598  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:02:46.0393 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
19:02:46.0393 0x1598  tunnel - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0393 0x1598  Object is SCO, delete is not allowed
19:02:46.0393 0x1598  tunnel ( LockedFile.Multi.Generic ) - warning
19:02:46.0393 0x1598  Force sending object to P2P due to detect: tunnel
19:02:46.0393 0x1598  Object send P2P result: false
19:02:46.0403 0x1598  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:02:46.0403 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
19:02:46.0403 0x1598  uagp35 - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0403 0x1598  Object is SCO, delete is not allowed
19:02:46.0403 0x1598  uagp35 ( LockedFile.Multi.Generic ) - warning
19:02:46.0423 0x1598  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:02:46.0423 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
19:02:46.0423 0x1598  udfs - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0423 0x1598  Object is SCO, delete is not allowed
19:02:46.0423 0x1598  udfs ( LockedFile.Multi.Generic ) - warning
19:02:46.0453 0x1598  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:02:46.0463 0x1598  UI0Detect - ok
19:02:46.0503 0x1598  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:02:46.0503 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
19:02:46.0503 0x1598  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0503 0x1598  Object is SCO, delete is not allowed
19:02:46.0503 0x1598  uliagpkx ( LockedFile.Multi.Generic ) - warning
19:02:46.0503 0x1598  Force sending object to P2P due to detect: uliagpkx
19:02:46.0503 0x1598  Object send P2P result: false
19:02:46.0533 0x1598  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:02:46.0533 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
19:02:46.0533 0x1598  umbus - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0533 0x1598  Object is SCO, delete is not allowed
19:02:46.0533 0x1598  umbus ( LockedFile.Multi.Generic ) - warning
19:02:46.0553 0x1598  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
19:02:46.0553 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
19:02:46.0553 0x1598  UmPass - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0553 0x1598  Object is SCO, delete is not allowed
19:02:46.0553 0x1598  UmPass ( LockedFile.Multi.Generic ) - warning
19:02:46.0553 0x1598  Force sending object to P2P due to detect: UmPass
19:02:46.0553 0x1598  Object send P2P result: false
19:02:46.0723 0x1598  [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:02:46.0803 0x1598  UNS - ok
19:02:46.0843 0x1598  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
19:02:46.0903 0x1598  upnphost - ok
19:02:46.0943 0x1598  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
19:02:46.0943 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\usbaapl64.sys. md5: C9E9D59C0099A9FF51697E9306A44240, sha256: 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1
19:02:46.0943 0x1598  USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0943 0x1598  USBAAPL64 ( LockedFile.Multi.Generic ) - warning
19:02:46.0943 0x1598  Force sending object to P2P due to detect: USBAAPL64
19:02:46.0943 0x1598  Object send P2P result: false
19:02:46.0993 0x1598  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
19:02:46.0993 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbaudio.sys. md5: B0435098C81D04CAFFF80DDB746CD3A2, sha256: A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A
19:02:46.0993 0x1598  usbaudio - detected LockedFile.Multi.Generic ( 1 )
19:02:46.0993 0x1598  usbaudio ( LockedFile.Multi.Generic ) - warning
19:02:47.0033 0x1598  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:02:47.0043 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
19:02:47.0043 0x1598  usbccgp - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0043 0x1598  Object is SCO, delete is not allowed
19:02:47.0043 0x1598  usbccgp ( LockedFile.Multi.Generic ) - warning
19:02:47.0093 0x1598  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:02:47.0093 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
19:02:47.0093 0x1598  usbcir - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0093 0x1598  Object is SCO, delete is not allowed
19:02:47.0093 0x1598  usbcir ( LockedFile.Multi.Generic ) - warning
19:02:47.0133 0x1598  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
19:02:47.0133 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
19:02:47.0133 0x1598  usbehci - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0133 0x1598  Object is SCO, delete is not allowed
19:02:47.0133 0x1598  usbehci ( LockedFile.Multi.Generic ) - warning
19:02:47.0133 0x1598  Force sending object to P2P due to detect: usbehci
19:02:47.0133 0x1598  Object send P2P result: false
19:02:47.0183 0x1598  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:02:47.0183 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
19:02:47.0183 0x1598  usbhub - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0183 0x1598  Object is SCO, delete is not allowed
19:02:47.0183 0x1598  usbhub ( LockedFile.Multi.Generic ) - warning
19:02:47.0183 0x1598  Force sending object to P2P due to detect: usbhub
19:02:47.0193 0x1598  Object send P2P result: false
19:02:47.0223 0x1598  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
19:02:47.0223 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
19:02:47.0223 0x1598  usbohci - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0223 0x1598  Object is SCO, delete is not allowed
19:02:47.0223 0x1598  usbohci ( LockedFile.Multi.Generic ) - warning
19:02:47.0223 0x1598  Force sending object to P2P due to detect: usbohci
19:02:47.0223 0x1598  Object send P2P result: false
19:02:47.0243 0x1598  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
19:02:47.0243 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
19:02:47.0253 0x1598  usbprint - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0253 0x1598  Object is SCO, delete is not allowed
19:02:47.0253 0x1598  usbprint ( LockedFile.Multi.Generic ) - warning
19:02:47.0253 0x1598  Force sending object to P2P due to detect: usbprint
19:02:47.0253 0x1598  Object send P2P result: false
19:02:47.0283 0x1598  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
19:02:47.0283 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbscan.sys. md5: 9661DA76B4531B2DA272ECCE25A8AF24, sha256: FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637
19:02:47.0283 0x1598  usbscan - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0283 0x1598  usbscan ( LockedFile.Multi.Generic ) - warning
19:02:47.0303 0x1598  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:02:47.0303 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
19:02:47.0303 0x1598  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0303 0x1598  USBSTOR ( LockedFile.Multi.Generic ) - warning
19:02:47.0303 0x1598  Force sending object to P2P due to detect: USBSTOR
19:02:47.0303 0x1598  Object send P2P result: false
19:02:47.0333 0x1598  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:02:47.0333 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
19:02:47.0333 0x1598  usbuhci - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0333 0x1598  Object is SCO, delete is not allowed
19:02:47.0333 0x1598  usbuhci ( LockedFile.Multi.Generic ) - warning
19:02:47.0383 0x1598  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
19:02:47.0383 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
19:02:47.0383 0x1598  usbvideo - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0383 0x1598  usbvideo ( LockedFile.Multi.Generic ) - warning
19:02:47.0413 0x1598  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
19:02:47.0474 0x1598  UxSms - ok
19:02:47.0484 0x1598  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\windows\system32\lsass.exe
19:02:47.0494 0x1598  VaultSvc - ok
19:02:47.0514 0x1598  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:02:47.0514 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
19:02:47.0514 0x1598  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0514 0x1598  Object is SCO, delete is not allowed
19:02:47.0514 0x1598  vdrvroot ( LockedFile.Multi.Generic ) - warning
19:02:47.0554 0x1598  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
19:02:47.0614 0x1598  vds - ok
19:02:47.0624 0x1598  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:02:47.0624 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
19:02:47.0624 0x1598  vga - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0624 0x1598  Object is SCO, delete is not allowed
19:02:47.0624 0x1598  vga ( LockedFile.Multi.Generic ) - warning
19:02:47.0624 0x1598  Force sending object to P2P due to detect: vga
19:02:47.0634 0x1598  Object send P2P result: false
19:02:47.0644 0x1598  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
19:02:47.0644 0x1598  Suspicious file ( NoAccess ): C:\windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
19:02:47.0644 0x1598  VgaSave - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0644 0x1598  Object is SCO, delete is not allowed
19:02:47.0644 0x1598  VgaSave ( LockedFile.Multi.Generic ) - warning
19:02:47.0674 0x1598  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:02:47.0674 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
19:02:47.0674 0x1598  vhdmp - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0674 0x1598  vhdmp ( LockedFile.Multi.Generic ) - warning
19:02:47.0674 0x1598  Force sending object to P2P due to detect: vhdmp
19:02:47.0674 0x1598  Object send P2P result: false
19:02:47.0704 0x1598  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
19:02:47.0704 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
19:02:47.0704 0x1598  viaide - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0704 0x1598  Object is SCO, delete is not allowed
19:02:47.0704 0x1598  viaide ( LockedFile.Multi.Generic ) - warning
19:02:47.0724 0x1598  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:02:47.0724 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
19:02:47.0724 0x1598  volmgr - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0724 0x1598  Object is SCO, delete is not allowed
19:02:47.0724 0x1598  volmgr ( LockedFile.Multi.Generic ) - warning
19:02:47.0754 0x1598  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:02:47.0754 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
19:02:47.0754 0x1598  volmgrx - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0754 0x1598  Object is SCO, delete is not allowed
19:02:47.0754 0x1598  volmgrx ( LockedFile.Multi.Generic ) - warning
19:02:47.0754 0x1598  Force sending object to P2P due to detect: volmgrx
19:02:47.0764 0x1598  Object send P2P result: false
19:02:47.0784 0x1598  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:02:47.0784 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\volsnap.sys. md5: DF8126BD41180351A093A3AD2FC8903B, sha256: AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A
19:02:47.0784 0x1598  volsnap - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0794 0x1598  Object is SCO, delete is not allowed
19:02:47.0794 0x1598  volsnap ( LockedFile.Multi.Generic ) - warning
19:02:47.0844 0x1598  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:02:47.0844 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
19:02:47.0844 0x1598  vsmraid - detected LockedFile.Multi.Generic ( 1 )
19:02:47.0844 0x1598  Object is SCO, delete is not allowed
19:02:47.0844 0x1598  vsmraid ( LockedFile.Multi.Generic ) - warning
19:02:47.0944 0x1598  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
19:02:48.0044 0x1598  VSS - ok
19:02:48.0064 0x1598  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:02:48.0064 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
19:02:48.0074 0x1598  vwifibus - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0074 0x1598  vwifibus ( LockedFile.Multi.Generic ) - warning
19:02:48.0104 0x1598  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:02:48.0104 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwififlt.sys. md5: 13A0DECD1794DE60A8427862C8669D27, sha256: 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF
19:02:48.0104 0x1598  vwififlt - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0104 0x1598  vwififlt ( LockedFile.Multi.Generic ) - warning
19:02:48.0134 0x1598  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
19:02:48.0134 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwifimp.sys. md5: 49003B357D101CDC474937437ECF5ABC, sha256: D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6
19:02:48.0134 0x1598  vwifimp - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0134 0x1598  vwifimp ( LockedFile.Multi.Generic ) - warning
19:02:48.0174 0x1598  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
19:02:48.0234 0x1598  W32Time - ok
19:02:48.0264 0x1598  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:02:48.0264 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
19:02:48.0264 0x1598  WacomPen - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0264 0x1598  Object is SCO, delete is not allowed
19:02:48.0264 0x1598  WacomPen ( LockedFile.Multi.Generic ) - warning
19:02:48.0294 0x1598  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:02:48.0294 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:02:48.0294 0x1598  WANARP - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0294 0x1598  Object is SCO, delete is not allowed
19:02:48.0294 0x1598  WANARP ( LockedFile.Multi.Generic ) - warning
19:02:48.0294 0x1598  Force sending object to P2P due to detect: WANARP
19:02:48.0294 0x1598  Object send P2P result: false
19:02:48.0304 0x1598  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:02:48.0304 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:02:48.0304 0x1598  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0304 0x1598  Object is SCO, delete is not allowed
19:02:48.0304 0x1598  Wanarpv6 ( LockedFile.Multi.Generic ) - warning
19:02:48.0364 0x1598  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
19:02:48.0454 0x1598  wbengine - ok
19:02:48.0474 0x1598  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:02:48.0504 0x1598  WbioSrvc - ok
19:02:48.0534 0x1598  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:02:48.0564 0x1598  wcncsvc - ok
19:02:48.0574 0x1598  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:02:48.0614 0x1598  WcsPlugInService - ok
19:02:48.0634 0x1598  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
19:02:48.0634 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
19:02:48.0634 0x1598  Wd - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0634 0x1598  Object is SCO, delete is not allowed
19:02:48.0634 0x1598  Wd ( LockedFile.Multi.Generic ) - warning
19:02:48.0634 0x1598  Force sending object to P2P due to detect: Wd
19:02:48.0634 0x1598  Object send P2P result: false
19:02:48.0684 0x1598  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:02:48.0684 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
19:02:48.0684 0x1598  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
19:02:48.0684 0x1598  Object is SCO, delete is not allowed
19:02:48.0684 0x1598  Wdf01000 ( LockedFile.Multi.Generic ) - warning
19:02:48.0684 0x1598  Force sending object to P2P due to detect: Wdf01000
19:02:48.0684 0x1598  Object send P2P result: false
19:02:48.0704 0x1598  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:02:48.0784 0x1598  WdiServiceHost - ok
19:02:48.0794 0x1598  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:02:48.0814 0x1598  WdiSystemHost - ok
19:02:48.0854 0x1598  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
19:02:48.0944 0x1598  WebClient - ok
19:02:49.0024 0x1598  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:02:49.0124 0x1598  Wecsvc - ok
19:02:49.0154 0x1598  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:02:49.0204 0x1598  wercplsupport - ok
19:02:49.0244 0x1598  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
19:02:49.0294 0x1598  WerSvc - ok
19:02:49.0324 0x1598  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:02:49.0324 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
19:02:49.0324 0x1598  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
19:02:49.0324 0x1598  WfpLwf ( LockedFile.Multi.Generic ) - warning
19:02:49.0354 0x1598  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:02:49.0354 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
19:02:49.0354 0x1598  WIMMount - detected LockedFile.Multi.Generic ( 1 )
19:02:49.0354 0x1598  WIMMount ( LockedFile.Multi.Generic ) - warning
19:02:49.0364 0x1598  WinDefend - ok
19:02:49.0394 0x1598  WinHttpAutoProxySvc - ok
19:02:49.0474 0x1598  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:02:49.0534 0x1598  Winmgmt - ok
19:02:49.0614 0x1598  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
19:02:49.0734 0x1598  WinRM - ok
19:02:49.0784 0x1598  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
19:02:49.0784 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
19:02:49.0804 0x1598  WinUsb - detected LockedFile.Multi.Generic ( 1 )
19:02:49.0804 0x1598  WinUsb ( LockedFile.Multi.Generic ) - warning
19:02:49.0894 0x1598  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
19:02:49.0944 0x1598  Wlansvc - ok
19:02:50.0014 0x1598  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:02:50.0034 0x1598  wlcrasvc - ok
19:02:50.0214 0x1598  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:02:50.0284 0x1598  wlidsvc - ok
19:02:50.0304 0x1598  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
19:02:50.0304 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
19:02:50.0304 0x1598  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
19:02:50.0304 0x1598  Object is SCO, delete is not allowed
19:02:50.0304 0x1598  WmiAcpi ( LockedFile.Multi.Generic ) - warning
19:02:50.0334 0x1598  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:02:50.0354 0x1598  wmiApSrv - ok
19:02:50.0384 0x1598  WMPNetworkSvc - ok
19:02:50.0424 0x1598  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:02:50.0444 0x1598  WPCSvc - ok
19:02:50.0464 0x1598  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:02:50.0474 0x1598  WPDBusEnum - ok
19:02:50.0504 0x1598  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:02:50.0504 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
19:02:50.0504 0x1598  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
19:02:50.0504 0x1598  Object is SCO, delete is not allowed
19:02:50.0504 0x1598  ws2ifsl ( LockedFile.Multi.Generic ) - warning
19:02:50.0504 0x1598  Force sending object to P2P due to detect: ws2ifsl
19:02:50.0504 0x1598  Object send P2P result: false
19:02:50.0534 0x1598  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
19:02:50.0564 0x1598  wscsvc - ok
19:02:50.0564 0x1598  WSearch - ok
19:02:50.0674 0x1598  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
19:02:50.0754 0x1598  wuauserv - ok
19:02:50.0794 0x1598  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:02:50.0794 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6
19:02:50.0794 0x1598  WudfPf - detected LockedFile.Multi.Generic ( 1 )
19:02:50.0794 0x1598  Object is SCO, delete is not allowed
19:02:50.0794 0x1598  WudfPf ( LockedFile.Multi.Generic ) - warning
19:02:50.0794 0x1598  Force sending object to P2P due to detect: WudfPf
19:02:50.0794 0x1598  Object send P2P result: false
19:02:50.0834 0x1598  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:02:50.0834 0x1598  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978
19:02:50.0834 0x1598  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
19:02:50.0834 0x1598  Object is SCO, delete is not allowed
19:02:50.0834 0x1598  WUDFRd ( LockedFile.Multi.Generic ) - warning
19:02:50.0864 0x1598  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:02:50.0904 0x1598  wudfsvc - ok
19:02:50.0944 0x1598  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
19:02:50.0984 0x1598  WwanSvc - ok
19:02:51.0014 0x1598  ================ Scan global ===============================
19:02:51.0044 0x1598  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
19:02:51.0084 0x1598  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
19:02:51.0104 0x1598  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
19:02:51.0134 0x1598  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
19:02:51.0164 0x1598  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
19:02:51.0174 0x1598  [ Global ] - ok
19:02:51.0174 0x1598  ================ Scan MBR ==================================
19:02:51.0184 0x1598  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:02:51.0734 0x1598  \Device\Harddisk0\DR0 - ok
19:02:51.0744 0x1598  ================ Scan VBR ==================================
19:02:51.0744 0x1598  [ 12DAF88A34F6BBCA003BC600F4B3E7BD ] \Device\Harddisk0\DR0\Partition1
19:02:51.0754 0x1598  \Device\Harddisk0\DR0\Partition1 - ok
19:02:51.0764 0x1598  [ 722C8CA0C3066ADB168BDEDE7EDF626E ] \Device\Harddisk0\DR0\Partition2
19:02:51.0774 0x1598  \Device\Harddisk0\DR0\Partition2 - ok
19:02:51.0784 0x1598  [ A0812CB5A031E4013F7EEEDDE0A4AEC5 ] \Device\Harddisk0\DR0\Partition3
19:02:51.0794 0x1598  \Device\Harddisk0\DR0\Partition3 - ok
19:02:51.0794 0x1598  ================ Scan generic autorun ======================
19:02:52.0284 0x1598  [ 71BC8F95B5E5AFA85D66881EAF919C6F, AF88E6BDA52BAAAEBC640F21BB7C16F3ED3F4127EFA48E0752A55C3D807D0CA3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:02:52.0624 0x1598  RtHDVCpl - ok
19:02:52.0644 0x1598  ETDCtrl - ok
19:02:52.0904 0x1598  [ 5F3939E2FBA9BFE055E545826ACC0D97, C8C3C691B33E3B5F3F0E6FB79996F5753AC69C09827E03BE9FF73A4E6DE9A732 ] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
19:02:53.0044 0x1598  Nero MediaHome 4 - ok
19:02:53.0084 0x1598  [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:02:53.0094 0x1598  APSDaemon - ok
19:02:53.0144 0x1598  [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
19:02:53.0164 0x1598  iTunesHelper - ok
19:02:53.0264 0x1598  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
19:02:53.0294 0x1598  avgnt - ok
19:02:53.0455 0x1598  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
19:02:53.0575 0x1598  SDTray - ok
19:02:53.0645 0x1598  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:02:53.0725 0x1598  Sidebar - ok
19:02:53.0745 0x1598  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:02:53.0775 0x1598  mctadmin - ok
19:02:53.0915 0x1598  [ D6B3AF9E3CE610B69AB1D38262DAE833, CBE366A5459A651537466B9F5017AB87FA8AD5B28F4FADE3FA66B4D97950B5D7 ] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
19:02:53.0995 0x1598  Plex Media Server - ok
19:02:54.0725 0x1598  [ BA5819A23150B3B7C4F94125E7F11E83, 0EAFE4931B4EDD9A67DDCD9DAF83BFD190DADC2FCB149733071F956228E4D1E5 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
19:02:55.0385 0x1598  Skype - ok
19:02:55.0595 0x1598  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
19:02:55.0725 0x1598  Spybot-S&D Cleaning - ok
19:02:55.0785 0x1598  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:02:55.0825 0x1598  Sidebar - ok
19:02:55.0845 0x1598  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:02:55.0865 0x1598  mctadmin - ok
19:02:55.0905 0x1598  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
19:02:55.0915 0x1598  Win FW state via NFP2: enabled
19:02:55.0915 0x1598  ============================================================
19:02:55.0915 0x1598  Scan finished
19:02:55.0915 0x1598  ============================================================
19:02:55.0925 0x0a9c  Detected object count: 148
19:02:55.0925 0x0a9c  Actual detected object count: 148
19:03:50.0303 0x0a9c  6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - skipped by user
19:03:50.0303 0x0a9c  6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
19:03:50.0303 0x0a9c  mpio ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0303 0x0a9c  mpio ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0303 0x0a9c  mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0303 0x0a9c  mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0313 0x0a9c  MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0313 0x0a9c  MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0313 0x0a9c  mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0313 0x0a9c  mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0313 0x0a9c  mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0313 0x0a9c  mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0313 0x0a9c  mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0313 0x0a9c  mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0313 0x0a9c  msahci ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0313 0x0a9c  msahci ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0313 0x0a9c  msdsm ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0313 0x0a9c  msdsm ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0313 0x0a9c  Msfs ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0313 0x0a9c  Msfs ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0323 0x0a9c  mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0323 0x0a9c  mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0323 0x0a9c  msisadrv ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0323 0x0a9c  msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0323 0x0a9c  MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0323 0x0a9c  MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0323 0x0a9c  MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0323 0x0a9c  MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0323 0x0a9c  MSPQM ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0323 0x0a9c  MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0323 0x0a9c  MsRPC ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0323 0x0a9c  MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0323 0x0a9c  mssmbios ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0323 0x0a9c  mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0333 0x0a9c  MSTEE ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0333 0x0a9c  MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0333 0x0a9c  MTConfig ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0333 0x0a9c  MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0333 0x0a9c  Mup ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0333 0x0a9c  Mup ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0333 0x0a9c  NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0333 0x0a9c  NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0333 0x0a9c  NDIS ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0333 0x0a9c  NDIS ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0333 0x0a9c  NdisCap ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0333 0x0a9c  NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0333 0x0a9c  NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0333 0x0a9c  NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0343 0x0a9c  Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0343 0x0a9c  Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0343 0x0a9c  NdisWan ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0343 0x0a9c  NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0343 0x0a9c  NDProxy ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0343 0x0a9c  NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0343 0x0a9c  NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0343 0x0a9c  NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0343 0x0a9c  NetBT ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0343 0x0a9c  NetBT ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0343 0x0a9c  NETwNs64 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0343 0x0a9c  NETwNs64 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0343 0x0a9c  nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0343 0x0a9c  nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0353 0x0a9c  Npfs ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0353 0x0a9c  Npfs ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0353 0x0a9c  nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0353 0x0a9c  nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0353 0x0a9c  Ntfs ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0353 0x0a9c  Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0353 0x0a9c  Null ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0353 0x0a9c  Null ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0353 0x0a9c  nvlddmkm ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0353 0x0a9c  nvlddmkm ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0353 0x0a9c  nvpciflt ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0353 0x0a9c  nvpciflt ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0353 0x0a9c  nvraid ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0353 0x0a9c  nvraid ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0363 0x0a9c  nvstor ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0363 0x0a9c  nvstor ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0363 0x0a9c  nv_agp ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0363 0x0a9c  nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0363 0x0a9c  ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0363 0x0a9c  ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0363 0x0a9c  Parport ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0363 0x0a9c  Parport ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0363 0x0a9c  partmgr ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0363 0x0a9c  partmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0363 0x0a9c  pci ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0363 0x0a9c  pci ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0363 0x0a9c  pciide ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0363 0x0a9c  pciide ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0373 0x0a9c  pcmcia ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0373 0x0a9c  pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0373 0x0a9c  pcw ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0373 0x0a9c  pcw ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0373 0x0a9c  PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0373 0x0a9c  PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0373 0x0a9c  PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0373 0x0a9c  PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0373 0x0a9c  Processor ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0373 0x0a9c  Processor ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0373 0x0a9c  Psched ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0373 0x0a9c  Psched ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0383 0x0a9c  ql2300 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0383 0x0a9c  ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0383 0x0a9c  ql40xx ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0383 0x0a9c  ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0383 0x0a9c  QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0383 0x0a9c  QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0383 0x0a9c  RasAcd ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0383 0x0a9c  RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0383 0x0a9c  RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0383 0x0a9c  RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0383 0x0a9c  Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0383 0x0a9c  Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0383 0x0a9c  RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0383 0x0a9c  RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0393 0x0a9c  RasSstp ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0393 0x0a9c  RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0393 0x0a9c  rdbss ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0393 0x0a9c  rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0393 0x0a9c  rdpbus ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0393 0x0a9c  rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0393 0x0a9c  RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0393 0x0a9c  RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0393 0x0a9c  RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0393 0x0a9c  RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0393 0x0a9c  RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0393 0x0a9c  RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0393 0x0a9c  RDPWD ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0393 0x0a9c  RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0403 0x0a9c  rdyboost ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0403 0x0a9c  rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0403 0x0a9c  RFCOMM ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0403 0x0a9c  RFCOMM ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0403 0x0a9c  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:50.0403 0x0a9c  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0403 0x0a9c  rspndr ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0403 0x0a9c  rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0403 0x0a9c  RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0403 0x0a9c  RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0403 0x0a9c  rtport ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0403 0x0a9c  rtport ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0403 0x0a9c  SABI ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0403 0x0a9c  SABI ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  sbp2port ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  scfilter ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  secdrv ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  Serenum ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  Serenum ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  Serial ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  Serial ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  sermouse ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  sermouse ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  sffdisk ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0413 0x0a9c  sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0413 0x0a9c  sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0423 0x0a9c  sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0423 0x0a9c  sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0423 0x0a9c  sfloppy ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0423 0x0a9c  sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0423 0x0a9c  Sftfs ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0423 0x0a9c  Sftfs ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0423 0x0a9c  Sftplay ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0423 0x0a9c  Sftplay ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0423 0x0a9c  Sftredir ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0423 0x0a9c  Sftredir ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0423 0x0a9c  Sftvol ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0423 0x0a9c  Sftvol ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0423 0x0a9c  SGDrv ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0423 0x0a9c  SGDrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0433 0x0a9c  SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0433 0x0a9c  SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0433 0x0a9c  SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0433 0x0a9c  SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0433 0x0a9c  Smb ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0433 0x0a9c  Smb ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0433 0x0a9c  spldr ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0433 0x0a9c  spldr ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0433 0x0a9c  srv ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0433 0x0a9c  srv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0433 0x0a9c  srv2 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0433 0x0a9c  srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  srvnet ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  srvnet ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  stexstor ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  stexstor ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  swenum ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  swenum ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  Tcpip ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0443 0x0a9c  TDTCP ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0443 0x0a9c  TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0453 0x0a9c  tdx ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0453 0x0a9c  tdx ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0453 0x0a9c  TermDD ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0453 0x0a9c  TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0453 0x0a9c  tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0453 0x0a9c  tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0453 0x0a9c  TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0453 0x0a9c  TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0453 0x0a9c  TsUsbGD ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0453 0x0a9c  TsUsbGD ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0453 0x0a9c  tunnel ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0453 0x0a9c  tunnel ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0453 0x0a9c  uagp35 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0453 0x0a9c  uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0463 0x0a9c  udfs ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0463 0x0a9c  udfs ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0463 0x0a9c  uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0463 0x0a9c  uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0463 0x0a9c  umbus ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0463 0x0a9c  umbus ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0463 0x0a9c  UmPass ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0463 0x0a9c  UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0463 0x0a9c  USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0463 0x0a9c  USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0463 0x0a9c  usbaudio ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0463 0x0a9c  usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0463 0x0a9c  usbccgp ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0463 0x0a9c  usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0473 0x0a9c  usbcir ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0473 0x0a9c  usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0473 0x0a9c  usbehci ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0473 0x0a9c  usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0473 0x0a9c  usbhub ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0473 0x0a9c  usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0473 0x0a9c  usbohci ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0473 0x0a9c  usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0473 0x0a9c  usbprint ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0473 0x0a9c  usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0473 0x0a9c  usbscan ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0473 0x0a9c  usbscan ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0473 0x0a9c  USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0473 0x0a9c  USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0483 0x0a9c  usbuhci ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0483 0x0a9c  usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0483 0x0a9c  usbvideo ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0483 0x0a9c  usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0483 0x0a9c  vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0483 0x0a9c  vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0483 0x0a9c  vga ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0483 0x0a9c  vga ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0483 0x0a9c  VgaSave ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0483 0x0a9c  VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0483 0x0a9c  vhdmp ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0483 0x0a9c  vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  viaide ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  volmgr ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  volmgrx ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  volsnap ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  vsmraid ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  vwifibus ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  vwififlt ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0493 0x0a9c  vwifimp ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0493 0x0a9c  vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0503 0x0a9c  WacomPen ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0503 0x0a9c  WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0503 0x0a9c  WANARP ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0503 0x0a9c  WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0503 0x0a9c  Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0503 0x0a9c  Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0503 0x0a9c  Wd ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0503 0x0a9c  Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0503 0x0a9c  Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0503 0x0a9c  Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0503 0x0a9c  WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0503 0x0a9c  WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0513 0x0a9c  WIMMount ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0513 0x0a9c  WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0513 0x0a9c  WinUsb ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0513 0x0a9c  WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0513 0x0a9c  WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0513 0x0a9c  WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0513 0x0a9c  ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0513 0x0a9c  ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0513 0x0a9c  WudfPf ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0513 0x0a9c  WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:50.0513 0x0a9c  WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
19:03:50.0513 0x0a9c  WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:06:04.0384 0x090c  Deinitialize success
         

Geändert von lumija (08.01.2015 um 21:01 Uhr) Grund: Fehler gefunden 2. Teil des Log folgt

Antwort

Themen zu TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren
adware, aktiviere, aktivieren, andere, avira, beiträge, hallo zusammen, hoffe, löschen, neu, neue, neuen, nicht löschen, nichts, norton, registry, scan, scanner, suche, thread, tools, troja, trojaner, zusammen, öffnen



Ähnliche Themen: TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren


  1. McAfee: Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 04.09.2015 (10)
  2. Windows7 taskmgr lässt sich nicht starten, Avira Echtzeitscanner lässt sich nicht aktivieren, USB wird nicht angenommen, ohne Meldung,
    Log-Analyse und Auswertung - 01.06.2015 (15)
  3. Windows 7: Avira Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 26.03.2015 (13)
  4. Antivir Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 13.01.2015 (19)
  5. Windows XP: Avira Echtzeitscanner lässt sich nicht aktivieren / AVG Residente Komponente inaktiv
    Log-Analyse und Auswertung - 12.08.2014 (9)
  6. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  7. Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'
    Log-Analyse und Auswertung - 04.06.2014 (15)
  8. Echtzeitscanner lässt sich nicht aktivieren - weisser Desktopbildschirm
    Log-Analyse und Auswertung - 17.09.2012 (16)
  9. Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 11.09.2012 (11)
  10. Trojeaner TR/Crypt.fkm.gen lässt sich durch AntiVir nicht löschen
    Log-Analyse und Auswertung - 16.10.2011 (3)
  11. TR/crypt.ZPACK.gen lässt sich nicht endgültig löschen!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (24)
  12. Sicherheitscenter lässt sich nicht aktivieren/deaktiviert sich sofort wieder
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (26)
  13. TR/Crypt.ZPACK.Gen lässt sich nicht vom System löschen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (2)
  14. Trojaner TR/Crypt.XPACK.Gen2 lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (1)
  15. TR/Crypt.ZPACK.Gen von Antivir entdeckt. Lässt sich nicht löschen.
    Plagegeister aller Art und deren Bekämpfung - 10.11.2009 (10)
  16. Trojaner TR/Crypt.XPACK.Gen lässt sich nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 30.03.2008 (42)
  17. TR/Crypt.XPACK.Gen lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 01.06.2007 (28)

Zum Thema TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Hallo zusammen, bin neu hier und habe schon viele Beiträge gelesen, muss jetzt aber doch einen neuen Thread öffnen, da ich den Trojaner nicht los werde. Ich habe nur andere - TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren...
Archiv
Du betrachtest: TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.