Win 7 - Rechner wird sehr langsam und Internet hängt sich auf

AB12398 · 15.02.2015, 15:15

seit einiger Zeit wird mein Rechner immer langsamer. Genauso ist es, dass die Internetverbindung auf einmal aussetzt und ich den Rechner neu starten muss, damit ich wieder online gehen kann. Die Internetverbidung läuft über WLAN

Noch die 2 FRST-Logs

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Sonja (administrator) on LÄPPI on 15-02-2015 15:00:34
Running from C:\Users\Sonja\Desktop
Loaded Profiles: Sonja (Available profiles: Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\DCService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1302722312\ee\aolsoftware.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [Ivekuhtie] => C:\Users\Sonja\AppData\Roaming\Laaz\yqed.exe
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [IExplorer Util] => C:\Users\Sonja\AppData\Roaming\ie_util.exe
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE [50480 2007-06-21] (AOL, LLC.)
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\MountPoints2: {98e29962-e60f-11e0-9062-00038a000015} - E:\AutoRun.exe
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\MountPoints2: {98e29966-e60f-11e0-9062-00038a000015} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
ShortcutTarget: VideoWebCamera.exe.lnk -> C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1217486657-1501702325-3848289321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1217486657-1501702325-3848289321-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 15:00 - 2015-02-15 15:01 - 00013893 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-02-15 15:00 - 2015-02-15 15:00 - 02134528 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe
2015-02-15 15:00 - 2015-02-15 15:00 - 00000000 ____D () C:\FRST
2015-01-16 21:38 - 2015-01-16 21:39 - 00000000 ____D () C:\Users\Sonja\Documents\Astragalus
2015-01-16 21:38 - 2015-01-16 21:38 - 00060488 _____ () C:\Users\Sonja\Documents\Astragalus.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 14:53 - 2012-04-09 19:30 - 00000000 ____D () C:\Users\Sonja\Documents\1
2015-02-15 14:50 - 2010-12-08 17:57 - 01129132 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 12:52 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 12:52 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 12:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 12:44 - 2009-07-14 05:51 - 00126115 _____ () C:\Windows\setupact.log
2015-02-12 21:43 - 2012-06-20 20:14 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\SoftGrid Client
2015-01-27 08:14 - 2010-12-08 18:02 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-23 16:48 - 2013-06-23 16:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Sonja\bigfishgames_p150955713_s2_l2.exe


Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\AcsInstall.dll
C:\Users\Sonja\AppData\Local\Temp\AskSLib.dll
C:\Users\Sonja\AppData\Local\Temp\bfguni.exe
C:\Users\Sonja\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Sonja\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Sonja\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Sonja\AppData\Local\Temp\MSNE763.exe
C:\Users\Sonja\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Sonja\AppData\Local\Temp\tempmessage.bfg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-14 11:33

==================== End Of Log ============================

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by Sonja at 2015-02-15 15:01:30
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10 Tage Unter Dem Meer (HKLM-x32\...\BFG-10 Tage Unter Dem Meer) (Version:  - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version:  - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Amaranthine Voyage: Die Schatten des Wanderers Sammleredition (HKLM-x32\...\BFG-Amaranthine Voyage - Die Schatten des Wanderers Sammleredition) (Version:  - )
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Quest (HKLM-x32\...\BFG-Arctic Quest) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Ausfüllen und ankreuzen: Piratenrätsel (HKLM-x32\...\BFG-Ausfuellen und ankreuzen - Piratenraetsel) (Version:  - )
Avalon Legends Solitaire (HKLM-x32\...\BFG-Avalon Legends Solitaire) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barn Yarn (HKLM-x32\...\BFG-Barn Yarn) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 16.001.06.00.761 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Bubble Shooter (HKLM-x32\...\fbe83e4b6f63f3e850ac3907350adb95) (Version:  - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calavera: Tag der Toten Sammleredition (HKLM-x32\...\BFG-Calavera - Tag der Toten Sammleredition) (Version:  - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version:  - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version:  - )
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
Christmas Stories: Eine Weihnachtsgeschichte (HKLM-x32\...\BFG-Christmas Stories - Eine Weihnachtsgeschichte) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cooking Dash(R) 3 - Thrills & Spills (HKLM-x32\...\08ab9cbf5344299c7d466bd8e94d7e0a) (Version:  - )
Dark Dimensions: Stadt im Nebel Sammleredition (HKLM-x32\...\BFG-Dark Dimensions - Stadt im Nebel Sammleredition) (Version:  - )
Das Haus am See - Kinder der Stille Sammleredition (HKLM-x32\...\BFG-Das Haus am See - Kinder der Stille Sammleredition) (Version:  - )
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version:  - )
Die verzauberten Inseln (HKLM-x32\...\BFG-Die verzauberten Inseln) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dr. Mal: Practice of Horror (HKLM-x32\...\BFG-Dr. Mal - Practice of Horror) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
Dream Hills: Gestohlene Magie (HKLM-x32\...\BFG-Dream Hills - Gestohlene Magie) (Version:  - )
Druid Kingdom (HKLM-x32\...\BFG-Druid Kingdom) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.1.1.8531 - Landesfinanzdirektion Thüringen)
ElsterFormular-Update (HKLM-x32\...\ElsterFormular für Unternehmer 12.2.1.6570u) (Version: 1.0 - Landesfinanzdirektion Thüringen)
Evy: Magische Kugeln (HKLM-x32\...\BFG-Evy - Magische Kugeln) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy 3 (HKLM-x32\...\BFG-Farm Frenzy 3) (Version:  - )
Farm Frenzy: Frische Fische (HKLM-x32\...\BFG-Farm Frenzy - Frische Fische) (Version:  - )
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes(TM) Premium Edition (HKLM-x32\...\00e1b559ced624f1a3ef930630c2d865) (Version:  - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version:  - )
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version:  - )
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Hyperballoid 2 (HKLM-x32\...\BFG-Hyperballoid 2) (Version:  - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Ice Cream Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\BFG-Imperial Island - Ursprung eines Imperiums) (Version:  - )
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Island Tribe 4 (HKLM-x32\...\BFG-Island Tribe 4) (Version:  - )
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Jewel Match 3 (HKLM-x32\...\BFG-Jewel Match 3) (Version:  - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle vs. Droids (HKLM-x32\...\BFG-Jungle vs. Droids) (Version:  - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kingdom Chronicles Sammleredition (HKLM-x32\...\BFG-Kingdom Chronicles Sammleredition) (Version:  - )
Kingdom Tales (HKLM-x32\...\BFG-Kingdom Tales) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\BFG-Legends of Solitaire - Der Fluch des Drachen) (Version:  - )
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version:  - )
Malwarebytes Anti-Malware Version 1.65.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
Mein Landleben 2 (HKLM-x32\...\BFG-Mein Landleben 2) (Version:  - )
Meridian: Zeitalter der Erfindungen (HKLM-x32\...\BFG-Meridian - Zeitalter der Erfindungen) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MOAI: Erschaffe deinen Traum (HKLM-x32\...\BFG-MOAI - Erschaffe deinen Traum) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystika 2: Die Zuflucht (HKLM-x32\...\BFG-Mystika 2 - Die Zuflucht) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{3b53cb85-2662-4bb8-968c-a4f4e8e06353}) (Version:  - Nero AG)
Netzwerkhandbuch EPSON SX440 Series (HKLM-x32\...\EPSON SX440 Series Netg) (Version:  - )
Northern Tale 4 (HKLM-x32\...\BFG-Northern Tale 4) (Version:  - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Rainbow Web 3 (HKLM-x32\...\BFG-Rainbow Web 3) (Version:  - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version:  - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version:  - )
Royal Envoy 3 (HKLM-x32\...\BFG-Royal Envoy 3) (Version:  - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version:  - )
Rush for Gold: Alaska (HKLM-x32\...\BFG-Rush for Gold - Alaska) (Version:  - )
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version:  - )
Spooky Mall (HKLM-x32\...\BFG-Spooky Mall) (Version:  - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
The Treasures of Montezuma 2 (HKLM-x32\...\b3dd4d4fb8b29537c9286bf9aa3be254) (Version:  - )
Tibet Quest (HKLM-x32\...\BFG-Tibet Quest) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.4.6 - liteon)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Weihnachtswunderland (HKLM-x32\...\BFG-Weihnachtswunderland) (Version:  - )
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3005 - Packard Bell)
WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Word Monaco (HKLM-x32\...\BFG-Word Monaco) (Version:  - )
World Mosaics 2 (HKLM-x32\...\BFG-World Mosaics 2) (Version:  - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version:  - )
Youda Survivor 2 (HKLM-x32\...\BFG-Youda Survivor 2) (Version:  - )
Youda Survivor 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zombie Solitaire (HKLM-x32\...\BFG-Zombie Solitaire) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

30-09-2014 19:42:41 Geplanter Prüfpunkt
24-10-2014 13:09:03 Geplanter Prüfpunkt
02-11-2014 20:09:52 Geplanter Prüfpunkt
11-11-2014 17:59:51 Geplanter Prüfpunkt
23-11-2014 20:34:25 Geplanter Prüfpunkt
30-11-2014 20:49:57 Geplanter Prüfpunkt
09-12-2014 18:28:43 Geplanter Prüfpunkt
23-12-2014 11:02:09 Geplanter Prüfpunkt
03-01-2015 20:43:27 Geplanter Prüfpunkt
19-01-2015 13:10:46 Geplanter Prüfpunkt
26-01-2015 19:03:51 Geplanter Prüfpunkt
04-02-2015 21:24:47 Geplanter Prüfpunkt
14-02-2015 11:40:34 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {045C0764-10AA-44D6-8A74-6569D0DD7A7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A79FCD3E-A7F5-4509-B2BC-067FF1539D85} - System32\Tasks\{97D45397-06F7-4FCB-B931-1382A8F0BFB1} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.370/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B899A2CB-EB5B-4489-BD42-6848BC970444} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F12E6247-518A-4F2D-BD21-86C9BD4C8F2C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) ==============

2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2010-06-08 15:38 - 2010-06-08 15:38 - 06329160 _____ () C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2011-01-17 15:19 - 2011-04-16 16:05 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-12-09 02:31 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2004-01-09 21:02 - 2004-01-09 21:02 - 00045056 _____ () C:\Program Files (x86)\AOL 9.0 VR\zlib.dll
2002-04-22 22:08 - 2002-04-22 22:08 - 00053248 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll
2002-04-22 22:08 - 2002-04-22 22:08 - 00081920 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:0406003C
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:06B8FE62
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:08D8BB20
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:113787F5
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:14D29229
AlternateDataStreams: C:\ProgramData\Temp:18B3AE54
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
AlternateDataStreams: C:\ProgramData\Temp:20EB6823
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:3B622E21
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3D033DEC
AlternateDataStreams: C:\ProgramData\Temp:3E988A0F
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:425759C6
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:436BE28C
AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:4A853310
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4FE884C2
AlternateDataStreams: C:\ProgramData\Temp:51E83E25
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:587F3582
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5A437AC3
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5BC73C48
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:61FEC5E3
AlternateDataStreams: C:\ProgramData\Temp:639F0420
AlternateDataStreams: C:\ProgramData\Temp:66AA0486
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:6AD65294
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6EA64886
AlternateDataStreams: C:\ProgramData\Temp:701B92FB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:73461BFA
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:803039D6
AlternateDataStreams: C:\ProgramData\Temp:8140CB50
AlternateDataStreams: C:\ProgramData\Temp:81653DC8
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:85376176
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:8866C899
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:938EC881
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9CF728A6
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D2DE4B4
AlternateDataStreams: C:\ProgramData\Temp:9DA44E6B
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4ACFB14
AlternateDataStreams: C:\ProgramData\Temp:A745DB5D
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A899E64E
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA92F7C7
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:AD020DC3
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8
AlternateDataStreams: C:\ProgramData\Temp:B268A25C
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B83F1B83
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BACB6B6C
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BEB6D0B2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C3392F75
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D1979811
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DEEA5B0E
AlternateDataStreams: C:\ProgramData\Temp:E06963C0
AlternateDataStreams: C:\ProgramData\Temp:E07230CC
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E2CB42C9
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
AlternateDataStreams: C:\ProgramData\Temp:E4FD113F
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EB333CFC
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED221572
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F43B7E8F
AlternateDataStreams: C:\ProgramData\Temp:F53B274A
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1217486657-1501702325-3848289321-500 - Administrator - Disabled)
Gast (S-1-5-21-1217486657-1501702325-3848289321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1217486657-1501702325-3848289321-1003 - Limited - Enabled)
Sonja (S-1-5-21-1217486657-1501702325-3848289321-1001 - Administrator - Enabled) => C:\Users\Sonja

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 11:35:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/14/2015 11:34:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/14/2015 10:47:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16483 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 73c

Startzeit: 01d0483506fa7d02

Endzeit: 159

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (02/13/2015 02:18:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16483 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10f4

Startzeit: 01d0477eeb32c5f8

Endzeit: 157

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (02/09/2015 07:13:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/09/2015 07:12:34 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/04/2015 09:20:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/04/2015 09:18:48 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/30/2015 05:13:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/30/2015 05:13:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (02/03/2015 06:14:51 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (01/31/2015 07:28:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (01/27/2015 07:47:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/21/2015 08:12:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎21.‎01.‎2015 um 20:10:59 unerwartet heruntergefahren.

Error: (01/19/2015 08:24:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/09/2015 08:02:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/15/2014 07:58:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/06/2014 03:29:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/04/2014 08:35:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/30/2014 05:47:30 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.


Microsoft Office Sessions:
=========================
Error: (02/14/2015 11:35:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (02/14/2015 11:34:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/14/2015 10:47:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1648373c01d0483506fa7d02159C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (02/13/2015 02:18:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1648310f401d0477eeb32c5f8157C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (02/09/2015 07:13:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (02/09/2015 07:12:34 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/04/2015 09:20:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (02/04/2015 09:18:48 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/30/2015 05:13:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/30/2015 05:13:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II P340 Dual-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 3838.17 MB
Available physical RAM: 2654.04 MB
Total Pagefile: 7674.53 MB
Available Pagefile: 6382.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:388.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: ED94ED94)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 15.02.2015, 15:18

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

AB12398 · 15.02.2015, 17:06

Hi Schrauber, danke für eine Hilfe.

Anbei das combofix log

Code:

ATTFilter

ComboFix 15-02-13.02 - Sonja 15.02.2015  16:33:01.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3838.2699 [GMT 1:00]
ausgeführt von:: c:\users\Sonja\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
c:\windows\Temp\log.txt
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-15 bis 2015-02-15  ))))))))))))))))))))))))))))))
.
.
2015-02-15 15:46 . 2015-02-15 15:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-15 14:00 . 2015-02-15 14:04	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"AOL Fast Start"="c:\program files (x86)\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"HostManager"="c:\program files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe" [2006-09-26 50736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Ivekuhtie - c:\users\Sonja\AppData\Roaming\Laaz\yqed.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-15  17:03:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-15 16:03
.
Vor Suchlauf: 10 Verzeichnis(se), 416.888.537.088 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 417.308.672.000 Bytes frei
.
- - End Of File - - 1FFCDFC4A09B0DCAB6C2D39A359BAA66
5C616939100B85E558DA92B899A0FC36

schrauber · 16.02.2015, 06:49

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

AB12398 · 21.02.2015, 16:28

habe alles durchlaufen lassen. Anbei die Logs

MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.02.2015
Suchlauf-Zeit: 15:51:32
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.21.04
Rootkit Datenbank: v2015.02.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sonja

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 348974
Verstrichene Zeit: 9 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32, In Quarantäne, [81971908b0da39fd3f03ceff2bd942be], 

Registrierungswerte: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32|ImagePath, "C:\Windows\Installer\{16634891-9AED-5A78-7A62-EF675A1D2365}\syshost.exe" /service, In Quarantäne, [81971908b0da39fd3f03ceff2bd942be]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
PUP.Optional.OpenCandy, C:\Users\Sonja\Desktop\Zylom-Installer_GardenScapesManMakeoverPE_DE.exe, In Quarantäne, [59bfc75ad1b981b54bbf2ec20ff6e11f], 
PUP.Optional.OpenCandy, C:\Users\Sonja\Desktop\Zylom-Installer_SupermarketMania2_DE.exe, In Quarantäne, [7a9eb46ddab09f979b6f4fa1bf46df21], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

adwcleaner

Code:

ATTFilter

# AdwCleaner v4.111 - Bericht erstellt 21/02/2015 um 16:08:27
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sonja - LÄPPI
# Gestarted von : C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16483


*************************

AdwCleaner[R0].txt - [2363 Bytes] - [21/02/2015 16:06:01]
AdwCleaner[S0].txt - [2223 Bytes] - [21/02/2015 16:08:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2282  Bytes] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Sonja on 21.02.2015 at 16:11:56,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Alawar
Successfully deleted: [Folder] C:\ProgramData\Alawar Stargaze
Successfully deleted: [Folder] C:\ProgramData\AlawarEntertainment



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.02.2015 at 16:15:05,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Sonja (administrator) on LÄPPI on 21-02-2015 16:16:38
Running from C:\Users\Sonja\Desktop
Loaded Profiles: Sonja (Available profiles: Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1302722312\ee\aolsoftware.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "d14786642ba85cc9" service could not be unlocked. <===== ATTENTION

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] () [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2229608 2010-05-12] () [File not signed]
R3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [124944 2010-04-08] () [File not signed]
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-08-24] () [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [1311232 2009-06-10] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458704 2012-06-02] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed]
U5 d14786642ba85cc9; C:\Windows\System32\Drivers\d14786642ba85cc9.sys [75216 2015-02-15] () <===== ATTENTION Necurs Rootkit?
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983400 2013-04-10] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] () [File not signed]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] () [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [83456 2010-05-22] () [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [120704 2010-03-25] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] () [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2445672 2010-07-29] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-20] () [File not signed]
R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [406056 2010-06-08] () [File not signed]
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [50768 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-20] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95600 2012-06-02] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [151920 2012-06-02] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [54272 2009-06-20] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-20] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] ()
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2009-05-06] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55024 2008-06-16] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [721768 2009-12-02] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [269672 2009-12-02] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [25960 2009-12-02] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [22376 2009-12-02] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [292912 2009-09-18] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1913192 2013-01-03] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1913192 2013-01-03] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [16896 2009-05-06] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-25] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-03-25] () [File not signed]
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [38456 2009-12-22] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-25] () [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2011-03-25] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-03-25] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-20] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 16:16 - 2015-02-21 16:16 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion
2015-02-21 16:15 - 2015-02-21 16:15 - 00001403 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-02-21 16:04 - 2015-02-21 16:08 - 00000000 ____D () C:\AdwCleaner
2015-02-21 15:50 - 2015-02-21 15:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 15:50 - 2015-02-21 15:50 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 15:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 15:48 - 2015-02-21 15:48 - 01388274 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-02-21 15:47 - 2015-02-21 15:47 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-02-21 15:46 - 2015-02-21 15:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-15 19:30 - 2015-02-15 19:30 - 00075216 _____ () C:\Windows\system32\Drivers\d14786642ba85cc9.sys
2015-02-15 17:03 - 2015-02-15 17:03 - 00014219 _____ () C:\ComboFix.txt
2015-02-15 16:30 - 2015-02-15 17:04 - 00000000 ____D () C:\Qoobox
2015-02-15 16:30 - 2015-02-15 17:00 - 00000000 ____D () C:\Windows\erdnt
2015-02-15 16:30 - 2015-02-15 16:30 - 05611771 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-02-15 16:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 16:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 16:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 15:01 - 2015-02-15 15:04 - 00040140 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-02-15 15:00 - 2015-02-21 16:16 - 02086912 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe
2015-02-15 15:00 - 2015-02-21 16:16 - 00033994 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-02-15 15:00 - 2015-02-21 16:16 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 16:16 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 16:16 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 16:12 - 2010-12-08 17:57 - 01139561 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 16:09 - 2011-03-28 19:34 - 00290808 _____ () C:\Windows\PFRO.log
2015-02-21 16:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 16:09 - 2009-07-14 05:51 - 00126731 _____ () C:\Windows\setupact.log
2015-02-21 16:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Malwarebytes
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-15 16:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 16:48 - 2009-07-14 03:34 - 58982400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-15 14:53 - 2012-04-09 19:30 - 00000000 ____D () C:\Users\Sonja\Documents\1
2015-02-12 21:43 - 2012-06-20 20:14 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\SoftGrid Client
2015-01-27 08:14 - 2010-12-08 18:02 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-23 16:48 - 2013-06-23 16:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Sonja\bigfishgames_p150955713_s2_l2.exe


Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2012-06-08 11:23] - [2010-11-20 14:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-02-14 11:33

==================== End Of Log ============================

--- --- ---

addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Sonja at 2015-02-21 16:17:26
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10 Tage Unter Dem Meer (HKLM-x32\...\BFG-10 Tage Unter Dem Meer) (Version:  - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version:  - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Amaranthine Voyage: Die Schatten des Wanderers Sammleredition (HKLM-x32\...\BFG-Amaranthine Voyage - Die Schatten des Wanderers Sammleredition) (Version:  - )
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Quest (HKLM-x32\...\BFG-Arctic Quest) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Ausfüllen und ankreuzen: Piratenrätsel (HKLM-x32\...\BFG-Ausfuellen und ankreuzen - Piratenraetsel) (Version:  - )
Avalon Legends Solitaire (HKLM-x32\...\BFG-Avalon Legends Solitaire) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barn Yarn (HKLM-x32\...\BFG-Barn Yarn) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 16.001.06.00.761 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Bubble Shooter (HKLM-x32\...\fbe83e4b6f63f3e850ac3907350adb95) (Version:  - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calavera: Tag der Toten Sammleredition (HKLM-x32\...\BFG-Calavera - Tag der Toten Sammleredition) (Version:  - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version:  - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version:  - )
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
Christmas Stories: Eine Weihnachtsgeschichte (HKLM-x32\...\BFG-Christmas Stories - Eine Weihnachtsgeschichte) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cooking Dash(R) 3 - Thrills & Spills (HKLM-x32\...\08ab9cbf5344299c7d466bd8e94d7e0a) (Version:  - )
Dark Dimensions: Stadt im Nebel Sammleredition (HKLM-x32\...\BFG-Dark Dimensions - Stadt im Nebel Sammleredition) (Version:  - )
Das Haus am See - Kinder der Stille Sammleredition (HKLM-x32\...\BFG-Das Haus am See - Kinder der Stille Sammleredition) (Version:  - )
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version:  - )
Die verzauberten Inseln (HKLM-x32\...\BFG-Die verzauberten Inseln) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dr. Mal: Practice of Horror (HKLM-x32\...\BFG-Dr. Mal - Practice of Horror) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
Dream Hills: Gestohlene Magie (HKLM-x32\...\BFG-Dream Hills - Gestohlene Magie) (Version:  - )
Druid Kingdom (HKLM-x32\...\BFG-Druid Kingdom) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.1.1.8531 - Landesfinanzdirektion Thüringen)
ElsterFormular-Update (HKLM-x32\...\ElsterFormular für Unternehmer 12.2.1.6570u) (Version: 1.0 - Landesfinanzdirektion Thüringen)
Evy: Magische Kugeln (HKLM-x32\...\BFG-Evy - Magische Kugeln) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy 3 (HKLM-x32\...\BFG-Farm Frenzy 3) (Version:  - )
Farm Frenzy: Frische Fische (HKLM-x32\...\BFG-Farm Frenzy - Frische Fische) (Version:  - )
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes(TM) Premium Edition (HKLM-x32\...\00e1b559ced624f1a3ef930630c2d865) (Version:  - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version:  - )
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version:  - )
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Hyperballoid 2 (HKLM-x32\...\BFG-Hyperballoid 2) (Version:  - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Ice Cream Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\BFG-Imperial Island - Ursprung eines Imperiums) (Version:  - )
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Island Tribe 4 (HKLM-x32\...\BFG-Island Tribe 4) (Version:  - )
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Jewel Match 3 (HKLM-x32\...\BFG-Jewel Match 3) (Version:  - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle vs. Droids (HKLM-x32\...\BFG-Jungle vs. Droids) (Version:  - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kingdom Chronicles Sammleredition (HKLM-x32\...\BFG-Kingdom Chronicles Sammleredition) (Version:  - )
Kingdom Tales (HKLM-x32\...\BFG-Kingdom Tales) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\BFG-Legends of Solitaire - Der Fluch des Drachen) (Version:  - )
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein Landleben 2 (HKLM-x32\...\BFG-Mein Landleben 2) (Version:  - )
Meridian: Zeitalter der Erfindungen (HKLM-x32\...\BFG-Meridian - Zeitalter der Erfindungen) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MOAI: Erschaffe deinen Traum (HKLM-x32\...\BFG-MOAI - Erschaffe deinen Traum) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystika 2: Die Zuflucht (HKLM-x32\...\BFG-Mystika 2 - Die Zuflucht) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{3b53cb85-2662-4bb8-968c-a4f4e8e06353}) (Version:  - Nero AG)
Netzwerkhandbuch EPSON SX440 Series (HKLM-x32\...\EPSON SX440 Series Netg) (Version:  - )
Northern Tale 4 (HKLM-x32\...\BFG-Northern Tale 4) (Version:  - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Rainbow Web 3 (HKLM-x32\...\BFG-Rainbow Web 3) (Version:  - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version:  - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version:  - )
Royal Envoy 3 (HKLM-x32\...\BFG-Royal Envoy 3) (Version:  - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version:  - )
Rush for Gold: Alaska (HKLM-x32\...\BFG-Rush for Gold - Alaska) (Version:  - )
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version:  - )
Spooky Mall (HKLM-x32\...\BFG-Spooky Mall) (Version:  - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
The Treasures of Montezuma 2 (HKLM-x32\...\b3dd4d4fb8b29537c9286bf9aa3be254) (Version:  - )
Tibet Quest (HKLM-x32\...\BFG-Tibet Quest) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.4.6 - liteon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Weihnachtswunderland (HKLM-x32\...\BFG-Weihnachtswunderland) (Version:  - )
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3005 - Packard Bell)
WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Word Monaco (HKLM-x32\...\BFG-Word Monaco) (Version:  - )
World Mosaics 2 (HKLM-x32\...\BFG-World Mosaics 2) (Version:  - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version:  - )
Youda Survivor 2 (HKLM-x32\...\BFG-Youda Survivor 2) (Version:  - )
Youda Survivor 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zombie Solitaire (HKLM-x32\...\BFG-Zombie Solitaire) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-15 16:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {045C0764-10AA-44D6-8A74-6569D0DD7A7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A79FCD3E-A7F5-4509-B2BC-067FF1539D85} - System32\Tasks\{97D45397-06F7-4FCB-B931-1382A8F0BFB1} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.370/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B899A2CB-EB5B-4489-BD42-6848BC970444} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F12E6247-518A-4F2D-BD21-86C9BD4C8F2C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) ==============

2013-05-26 10:56 - 2013-03-19 06:46 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2011-01-17 15:19 - 2011-04-16 16:05 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-12-09 02:31 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:0406003C
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:06B8FE62
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:08D8BB20
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:113787F5
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:14D29229
AlternateDataStreams: C:\ProgramData\Temp:18B3AE54
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
AlternateDataStreams: C:\ProgramData\Temp:20EB6823
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:3B622E21
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3D033DEC
AlternateDataStreams: C:\ProgramData\Temp:3E988A0F
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:425759C6
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:436BE28C
AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:4A853310
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4FE884C2
AlternateDataStreams: C:\ProgramData\Temp:51E83E25
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:587F3582
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5A437AC3
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5BC73C48
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:61FEC5E3
AlternateDataStreams: C:\ProgramData\Temp:639F0420
AlternateDataStreams: C:\ProgramData\Temp:66AA0486
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:6AD65294
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6EA64886
AlternateDataStreams: C:\ProgramData\Temp:701B92FB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:73461BFA
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:803039D6
AlternateDataStreams: C:\ProgramData\Temp:8140CB50
AlternateDataStreams: C:\ProgramData\Temp:81653DC8
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:85376176
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:8866C899
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:938EC881
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9CF728A6
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D2DE4B4
AlternateDataStreams: C:\ProgramData\Temp:9DA44E6B
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4ACFB14
AlternateDataStreams: C:\ProgramData\Temp:A745DB5D
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A899E64E
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA92F7C7
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:AD020DC3
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8
AlternateDataStreams: C:\ProgramData\Temp:B268A25C
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B83F1B83
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BACB6B6C
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BEB6D0B2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C3392F75
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D1979811
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DEEA5B0E
AlternateDataStreams: C:\ProgramData\Temp:E06963C0
AlternateDataStreams: C:\ProgramData\Temp:E07230CC
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E2CB42C9
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
AlternateDataStreams: C:\ProgramData\Temp:E4FD113F
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EB333CFC
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED221572
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F43B7E8F
AlternateDataStreams: C:\ProgramData\Temp:F53B274A
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1217486657-1501702325-3848289321-500 - Administrator - Disabled)
Gast (S-1-5-21-1217486657-1501702325-3848289321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1217486657-1501702325-3848289321-1003 - Limited - Enabled)
Sonja (S-1-5-21-1217486657-1501702325-3848289321-1001 - Administrator - Enabled) => C:\Users\Sonja

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-15 19:29:27.666
  Description: N/A

  Date: 2015-02-15 19:29:27.417
  Description: N/A

  Date: 2015-02-15 16:41:58.983
  Description: N/A

  Date: 2015-02-15 16:41:58.749
  Description: N/A


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II P340 Dual-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 3838.17 MB
Available physical RAM: 2751.38 MB
Total Pagefile: 7674.53 MB
Available Pagefile: 6508.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:388.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: ED94ED94)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 22.02.2015, 08:43

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

AB12398 · 22.02.2015, 16:45

muss bei eset in den erweiterten Einstellungen nicht die Einstellung "Entdeckte Bedrohungen entfernen" aktiviert sein? Die Bedrohungen sind doch sonst nur erkannt und nicht gelöscht. Oder?

habe alles durchlaufen lassen. Nun die Logs

eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f923b6a22fb43f47938b42b0b1dad360
# engine=22593
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-22 03:22:58
# local_time=2015-02-22 04:22:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# scanned=282165
# found=4
# cleaned=0
# scan_time=6027
sh=28B9468949D5F3E4BE3207FD568D05E654493090 ft=0 fh=0000000000000000 vn="Variante von Win32/Exploit.CVE-2013-0074.EZ Trojaner" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L280DBE\f6d9[1]"
sh=FCFF9C1C863275795816C5C92ED4A6DA7084FD06 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B4FGSYX\script[1].js"
sh=799053D51534321CA37E4B695A210F1B5ADCD6F4 ft=1 fh=8473479ae6fdffb3 vn="Win32/TrojanDownloader.Necurs.B Trojaner" ac=I fn="C:\Windows\Installer\{16634891-9AED-5A78-7A62-EF675A1D2365}\syshost.exe"
sh=4EEC9D50360CD815211E3C4E6BDD08271B6EC8E6 ft=0 fh=0000000000000000 vn="BAT/Small.NAN Trojaner" ac=I fn="C:\Windows\Temp\9631267.bat"

checkup

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 26  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Online Games Manager ogmservice.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Sonja (administrator) on LÄPPI on 22-02-2015 16:37:23
Running from C:\Users\Sonja\Desktop
Loaded Profiles: Sonja (Available profiles: Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1302722312\ee\aolsoftware.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "d14786642ba85cc9" service could not be unlocked. <===== ATTENTION

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 d14786642ba85cc9; C:\Windows\System32\Drivers\d14786642ba85cc9.sys [75216 2015-02-15] () <===== ATTENTION Necurs Rootkit?
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] ()
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2009-05-06] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55024 2008-06-16] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [721768 2009-12-02] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [269672 2009-12-02] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [25960 2009-12-02] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [22376 2009-12-02] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [292912 2009-09-18] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1913192 2013-01-03] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1913192 2013-01-03] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [16896 2009-05-06] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-25] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-03-25] () [File not signed]
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [38456 2009-12-22] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-25] () [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2011-03-25] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-03-25] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-20] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 16:33 - 2015-02-22 16:33 - 00852594 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe
2015-02-22 14:31 - 2015-02-22 14:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-22 10:00 - 2015-02-22 10:00 - 02347384 _____ (ESET) C:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe
2015-02-21 16:25 - 2015-02-21 16:25 - 00001706 _____ () C:\Users\Sonja\Desktop\MBAM.txt
2015-02-21 16:16 - 2015-02-21 16:16 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion
2015-02-21 16:15 - 2015-02-21 16:15 - 00001403 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-02-21 16:04 - 2015-02-21 16:08 - 00000000 ____D () C:\AdwCleaner
2015-02-21 15:50 - 2015-02-21 16:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 15:50 - 2015-02-21 15:50 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 15:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 15:48 - 2015-02-21 15:48 - 01388274 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-02-21 15:47 - 2015-02-21 15:47 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-02-21 15:46 - 2015-02-21 15:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-15 19:30 - 2015-02-15 19:30 - 00075216 _____ () C:\Windows\system32\Drivers\d14786642ba85cc9.sys
2015-02-15 17:03 - 2015-02-15 17:03 - 00014219 _____ () C:\ComboFix.txt
2015-02-15 16:30 - 2015-02-15 17:04 - 00000000 ____D () C:\Qoobox
2015-02-15 16:30 - 2015-02-15 17:00 - 00000000 ____D () C:\Windows\erdnt
2015-02-15 16:30 - 2015-02-15 16:30 - 05611771 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-02-15 16:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 16:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 16:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 15:01 - 2015-02-21 16:17 - 00029301 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-02-15 15:00 - 2015-02-22 16:37 - 00024414 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-02-15 15:00 - 2015-02-22 16:37 - 00000000 ____D () C:\FRST
2015-02-15 15:00 - 2015-02-21 16:16 - 02086912 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 09:46 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 09:46 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 09:41 - 2010-12-08 17:57 - 01140601 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 09:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 09:38 - 2009-07-14 05:51 - 00126843 _____ () C:\Windows\setupact.log
2015-02-21 16:09 - 2011-03-28 19:34 - 00290808 _____ () C:\Windows\PFRO.log
2015-02-21 16:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Malwarebytes
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-15 16:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 16:48 - 2009-07-14 03:34 - 58982400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-15 14:53 - 2012-04-09 19:30 - 00000000 ____D () C:\Users\Sonja\Documents\1
2015-02-12 21:43 - 2012-06-20 20:14 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\SoftGrid Client
2015-01-27 08:14 - 2010-12-08 18:02 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-23 16:48 - 2013-06-23 16:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Sonja\bigfishgames_p150955713_s2_l2.exe


Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2012-06-08 11:23] - [2010-11-20 14:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-02-14 11:33

==================== End Of Log ============================

--- --- ---

--- --- ---

addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Sonja at 2015-02-22 16:38:11
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10 Tage Unter Dem Meer (HKLM-x32\...\BFG-10 Tage Unter Dem Meer) (Version:  - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version:  - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Amaranthine Voyage: Die Schatten des Wanderers Sammleredition (HKLM-x32\...\BFG-Amaranthine Voyage - Die Schatten des Wanderers Sammleredition) (Version:  - )
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Quest (HKLM-x32\...\BFG-Arctic Quest) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Ausfüllen und ankreuzen: Piratenrätsel (HKLM-x32\...\BFG-Ausfuellen und ankreuzen - Piratenraetsel) (Version:  - )
Avalon Legends Solitaire (HKLM-x32\...\BFG-Avalon Legends Solitaire) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barn Yarn (HKLM-x32\...\BFG-Barn Yarn) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 16.001.06.00.761 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Bubble Shooter (HKLM-x32\...\fbe83e4b6f63f3e850ac3907350adb95) (Version:  - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calavera: Tag der Toten Sammleredition (HKLM-x32\...\BFG-Calavera - Tag der Toten Sammleredition) (Version:  - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version:  - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version:  - )
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
Christmas Stories: Eine Weihnachtsgeschichte (HKLM-x32\...\BFG-Christmas Stories - Eine Weihnachtsgeschichte) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cooking Dash(R) 3 - Thrills & Spills (HKLM-x32\...\08ab9cbf5344299c7d466bd8e94d7e0a) (Version:  - )
Dark Dimensions: Stadt im Nebel Sammleredition (HKLM-x32\...\BFG-Dark Dimensions - Stadt im Nebel Sammleredition) (Version:  - )
Das Haus am See - Kinder der Stille Sammleredition (HKLM-x32\...\BFG-Das Haus am See - Kinder der Stille Sammleredition) (Version:  - )
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version:  - )
Die verzauberten Inseln (HKLM-x32\...\BFG-Die verzauberten Inseln) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dr. Mal: Practice of Horror (HKLM-x32\...\BFG-Dr. Mal - Practice of Horror) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
Dream Hills: Gestohlene Magie (HKLM-x32\...\BFG-Dream Hills - Gestohlene Magie) (Version:  - )
Druid Kingdom (HKLM-x32\...\BFG-Druid Kingdom) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.1.1.8531 - Landesfinanzdirektion Thüringen)
ElsterFormular-Update (HKLM-x32\...\ElsterFormular für Unternehmer 12.2.1.6570u) (Version: 1.0 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evy: Magische Kugeln (HKLM-x32\...\BFG-Evy - Magische Kugeln) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy 3 (HKLM-x32\...\BFG-Farm Frenzy 3) (Version:  - )
Farm Frenzy: Frische Fische (HKLM-x32\...\BFG-Farm Frenzy - Frische Fische) (Version:  - )
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes(TM) Premium Edition (HKLM-x32\...\00e1b559ced624f1a3ef930630c2d865) (Version:  - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version:  - )
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version:  - )
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Hyperballoid 2 (HKLM-x32\...\BFG-Hyperballoid 2) (Version:  - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Ice Cream Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\BFG-Imperial Island - Ursprung eines Imperiums) (Version:  - )
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Island Tribe 4 (HKLM-x32\...\BFG-Island Tribe 4) (Version:  - )
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Jewel Match 3 (HKLM-x32\...\BFG-Jewel Match 3) (Version:  - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle vs. Droids (HKLM-x32\...\BFG-Jungle vs. Droids) (Version:  - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kingdom Chronicles Sammleredition (HKLM-x32\...\BFG-Kingdom Chronicles Sammleredition) (Version:  - )
Kingdom Tales (HKLM-x32\...\BFG-Kingdom Tales) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\BFG-Legends of Solitaire - Der Fluch des Drachen) (Version:  - )
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein Landleben 2 (HKLM-x32\...\BFG-Mein Landleben 2) (Version:  - )
Meridian: Zeitalter der Erfindungen (HKLM-x32\...\BFG-Meridian - Zeitalter der Erfindungen) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MOAI: Erschaffe deinen Traum (HKLM-x32\...\BFG-MOAI - Erschaffe deinen Traum) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystika 2: Die Zuflucht (HKLM-x32\...\BFG-Mystika 2 - Die Zuflucht) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{3b53cb85-2662-4bb8-968c-a4f4e8e06353}) (Version:  - Nero AG)
Netzwerkhandbuch EPSON SX440 Series (HKLM-x32\...\EPSON SX440 Series Netg) (Version:  - )
Northern Tale 4 (HKLM-x32\...\BFG-Northern Tale 4) (Version:  - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Rainbow Web 3 (HKLM-x32\...\BFG-Rainbow Web 3) (Version:  - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version:  - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version:  - )
Royal Envoy 3 (HKLM-x32\...\BFG-Royal Envoy 3) (Version:  - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version:  - )
Rush for Gold: Alaska (HKLM-x32\...\BFG-Rush for Gold - Alaska) (Version:  - )
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version:  - )
Spooky Mall (HKLM-x32\...\BFG-Spooky Mall) (Version:  - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
The Treasures of Montezuma 2 (HKLM-x32\...\b3dd4d4fb8b29537c9286bf9aa3be254) (Version:  - )
Tibet Quest (HKLM-x32\...\BFG-Tibet Quest) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.4.6 - liteon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Weihnachtswunderland (HKLM-x32\...\BFG-Weihnachtswunderland) (Version:  - )
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3005 - Packard Bell)
WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Word Monaco (HKLM-x32\...\BFG-Word Monaco) (Version:  - )
World Mosaics 2 (HKLM-x32\...\BFG-World Mosaics 2) (Version:  - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version:  - )
Youda Survivor 2 (HKLM-x32\...\BFG-Youda Survivor 2) (Version:  - )
Youda Survivor 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zombie Solitaire (HKLM-x32\...\BFG-Zombie Solitaire) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-15 16:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {045C0764-10AA-44D6-8A74-6569D0DD7A7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A79FCD3E-A7F5-4509-B2BC-067FF1539D85} - System32\Tasks\{97D45397-06F7-4FCB-B931-1382A8F0BFB1} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.370/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B899A2CB-EB5B-4489-BD42-6848BC970444} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F12E6247-518A-4F2D-BD21-86C9BD4C8F2C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) ==============

2013-05-26 10:56 - 2013-03-19 06:46 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2011-01-17 15:19 - 2011-04-16 16:05 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-12-09 02:31 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:0406003C
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:06B8FE62
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:08D8BB20
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:113787F5
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:14D29229
AlternateDataStreams: C:\ProgramData\Temp:18B3AE54
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
AlternateDataStreams: C:\ProgramData\Temp:20EB6823
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:3B622E21
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3D033DEC
AlternateDataStreams: C:\ProgramData\Temp:3E988A0F
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:425759C6
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:436BE28C
AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:4A853310
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4FE884C2
AlternateDataStreams: C:\ProgramData\Temp:51E83E25
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:587F3582
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5A437AC3
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5BC73C48
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:61FEC5E3
AlternateDataStreams: C:\ProgramData\Temp:639F0420
AlternateDataStreams: C:\ProgramData\Temp:66AA0486
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:6AD65294
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6EA64886
AlternateDataStreams: C:\ProgramData\Temp:701B92FB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:73461BFA
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:803039D6
AlternateDataStreams: C:\ProgramData\Temp:8140CB50
AlternateDataStreams: C:\ProgramData\Temp:81653DC8
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:85376176
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:8866C899
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:938EC881
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9CF728A6
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D2DE4B4
AlternateDataStreams: C:\ProgramData\Temp:9DA44E6B
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4ACFB14
AlternateDataStreams: C:\ProgramData\Temp:A745DB5D
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A899E64E
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA92F7C7
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:AD020DC3
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8
AlternateDataStreams: C:\ProgramData\Temp:B268A25C
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B83F1B83
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BACB6B6C
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BEB6D0B2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C3392F75
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D1979811
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DEEA5B0E
AlternateDataStreams: C:\ProgramData\Temp:E06963C0
AlternateDataStreams: C:\ProgramData\Temp:E07230CC
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E2CB42C9
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
AlternateDataStreams: C:\ProgramData\Temp:E4FD113F
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EB333CFC
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED221572
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F43B7E8F
AlternateDataStreams: C:\ProgramData\Temp:F53B274A
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1217486657-1501702325-3848289321-500 - Administrator - Disabled)
Gast (S-1-5-21-1217486657-1501702325-3848289321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1217486657-1501702325-3848289321-1003 - Limited - Enabled)
Sonja (S-1-5-21-1217486657-1501702325-3848289321-1001 - Administrator - Enabled) => C:\Users\Sonja

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 02:31:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:19:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:19:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:19:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 11:33:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 11:33:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 11:33:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 10:00:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/21/2015 04:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (02/22/2015 02:31:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 02:19:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 02:19:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 02:19:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 11:33:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 11:33:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 11:33:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 10:00:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-15 19:29:27.666
  Description: N/A

  Date: 2015-02-15 19:29:27.417
  Description: N/A

  Date: 2015-02-15 16:41:58.983
  Description: N/A

  Date: 2015-02-15 16:41:58.749
  Description: N/A


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II P340 Dual-Core Processor
Percentage of memory in use: 36%
Total physical RAM: 3838.17 MB
Available physical RAM: 2422.95 MB
Total Pagefile: 7674.53 MB
Available Pagefile: 6334.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:387.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: ED94ED94)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

so scheint alles ohne Probleme zu laufen

schrauber · 23.02.2015, 07:32

Passt schon, ich will die vorher sehen und wir entfernen sie jetzt. Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L280DBE\f6d9[1]

C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B4FGSYX\script[1].js

C:\Windows\Installer\{16634891-9AED-5A78-7A62-EF675A1D2365}\syshost.exe

C:\Windows\Temp\9631267.bat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

AB12398 · 23.02.2015, 19:26

anbei die beiden Logs

fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Sonja at 2015-02-23 18:58:36 Run:1
Running from C:\Users\Sonja\Desktop
Loaded Profiles: Sonja (Available profiles: Sonja)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L280DBE\f6d9[1]

C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B4FGSYX\script[1].js

C:\Windows\Installer\{16634891-9AED-5A78-7A62-EF675A1D2365}\syshost.exe

C:\Windows\Temp\9631267.bat

*****************

C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L280DBE\f6d9[1] => Moved successfully.
C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B4FGSYX\script[1].js => Moved successfully.
Could not move "C:\Windows\Installer\{16634891-9AED-5A78-7A62-EF675A1D2365}\syshost.exe" => Scheduled to move on reboot.
C:\Windows\Temp\9631267.bat => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-23 18:59:34)<=

"C:\Windows\Installer\{16634891-9AED-5A78-7A62-EF675A1D2365}\syshost.exe" => File could not move.

==== End of Fixlog 18:59:34 ====

und der TDSSKiller hat leider was gefunden

Code:

ATTFilter

19:05:37.0789 0x0cb8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:05:39.0801 0x0cb8  ============================================================
19:05:39.0801 0x0cb8  Current date / time: 2015/02/23 19:05:39.0801
19:05:39.0801 0x0cb8  SystemInfo:
19:05:39.0801 0x0cb8  
19:05:39.0801 0x0cb8  OS Version: 6.1.7601 ServicePack: 1.0
19:05:39.0801 0x0cb8  Product type: Workstation
19:05:39.0801 0x0cb8  ComputerName: LÄPPI
19:05:39.0801 0x0cb8  UserName: Sonja
19:05:39.0801 0x0cb8  Windows directory: C:\Windows
19:05:39.0801 0x0cb8  System windows directory: C:\Windows
19:05:39.0801 0x0cb8  Running under WOW64
19:05:39.0801 0x0cb8  Processor architecture: Intel x64
19:05:39.0801 0x0cb8  Number of processors: 2
19:05:39.0801 0x0cb8  Page size: 0x1000
19:05:39.0801 0x0cb8  Boot type: Normal boot
19:05:39.0801 0x0cb8  ============================================================
19:05:39.0817 0x0cb8  BG loaded
19:05:42.0115 0x0cb8  System UUID: {9F91DFD5-448C-25BA-227A-F782D0011505}
19:05:44.0393 0x0cb8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:05:44.0393 0x0cb8  ============================================================
19:05:44.0393 0x0cb8  \Device\Harddisk0\DR0:
19:05:44.0393 0x0cb8  MBR partitions:
19:05:44.0393 0x0cb8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
19:05:44.0393 0x0cb8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
19:05:44.0393 0x0cb8  ============================================================
19:05:44.0502 0x0cb8  C: <-> \Device\Harddisk0\DR0\Partition2
19:05:44.0502 0x0cb8  ============================================================
19:05:44.0502 0x0cb8  Initialize success
19:05:44.0502 0x0cb8  ============================================================
19:08:17.0675 0x12f0  ============================================================
19:08:17.0675 0x12f0  Scan started
19:08:17.0675 0x12f0  Mode: Manual; SigCheck; TDLFS; 
19:08:17.0675 0x12f0  ============================================================
19:08:17.0675 0x12f0  KSN ping started
19:08:20.0234 0x12f0  KSN ping finished: true
19:08:24.0664 0x12f0  ================ Scan system memory ========================
19:08:24.0664 0x12f0  System memory - ok
19:08:24.0664 0x12f0  ================ Scan services =============================
19:08:24.0914 0x12f0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:08:25.0038 0x12f0  1394ohci - ok
19:08:25.0226 0x12f0  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:08:25.0272 0x12f0  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:08:25.0350 0x12f0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:08:25.0397 0x12f0  ACPI - ok
19:08:25.0444 0x12f0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:08:25.0569 0x12f0  AcpiPmi - ok
19:08:25.0694 0x12f0  [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
19:08:25.0725 0x12f0  AdobeActiveFileMonitor8.0 - ok
19:08:25.0881 0x12f0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:08:25.0912 0x12f0  adp94xx - ok
19:08:25.0943 0x12f0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:08:25.0974 0x12f0  adpahci - ok
19:08:25.0974 0x12f0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:08:25.0990 0x12f0  adpu320 - ok
19:08:26.0052 0x12f0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:08:26.0208 0x12f0  AeLookupSvc - ok
19:08:26.0302 0x12f0  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
19:08:26.0380 0x12f0  AFD - ok
19:08:26.0427 0x12f0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:08:26.0458 0x12f0  agp440 - ok
19:08:26.0489 0x12f0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:08:26.0567 0x12f0  ALG - ok
19:08:26.0614 0x12f0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:08:26.0630 0x12f0  aliide - ok
19:08:26.0692 0x12f0  [ 61A18BCAF557CD6614309E4978B81056, 4481B4276E7F6790D7BF4D9DC3C172BCA037BF6A30D5CE4E0190585F669FA4EC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:08:26.0801 0x12f0  AMD External Events Utility - ok
19:08:26.0848 0x12f0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:08:26.0879 0x12f0  amdide - ok
19:08:26.0926 0x12f0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:08:26.0988 0x12f0  AmdK8 - ok
19:08:27.0300 0x12f0  [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:08:27.0566 0x12f0  amdkmdag - ok
19:08:27.0612 0x12f0  [ ED25D58581B5A28593C277F482FCCD62, EC20DF155BA3814A052DD4DB1B5C220A75E68B9D88518ED676A12CF70AF619F5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:08:27.0644 0x12f0  amdkmdap - ok
19:08:27.0690 0x12f0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:08:27.0722 0x12f0  AmdPPM - ok
19:08:27.0768 0x12f0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:08:27.0784 0x12f0  amdsata - ok
19:08:27.0815 0x12f0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:08:27.0831 0x12f0  amdsbs - ok
19:08:27.0846 0x12f0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:08:27.0862 0x12f0  amdxata - ok
19:08:27.0909 0x12f0  [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
19:08:27.0971 0x12f0  AmUStor - ok
19:08:28.0080 0x12f0  [ 85180CF88C5EBAD73B452A43A004CA51, 24D25495DC21293FC1F37EE7E7C2A4725E66D3D25BE05D7EDF4BB4F444C65526 ] AOL ACS         C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
19:08:28.0112 0x12f0  AOL ACS - ok
19:08:28.0158 0x12f0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:08:28.0392 0x12f0  AppID - ok
19:08:28.0408 0x12f0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:08:28.0486 0x12f0  AppIDSvc - ok
19:08:28.0533 0x12f0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:08:28.0611 0x12f0  Appinfo - ok
19:08:28.0704 0x12f0  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:08:28.0720 0x12f0  Apple Mobile Device - ok
19:08:28.0767 0x12f0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:08:28.0782 0x12f0  arc - ok
19:08:28.0798 0x12f0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:08:28.0814 0x12f0  arcsas - ok
19:08:28.0845 0x12f0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:28.0907 0x12f0  AsyncMac - ok
19:08:28.0938 0x12f0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:08:28.0970 0x12f0  atapi - ok
19:08:29.0157 0x12f0  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:08:29.0219 0x12f0  athr - ok
19:08:29.0297 0x12f0  [ 637E0753BD6DEB8EA5314A5C357EC1A0, 2B479DBBF72A2AFB3DC65A3FDA30B628BC9FB21160EBD7E1BE44404C671B1D08 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
19:08:29.0344 0x12f0  AtiHdmiService - ok
19:08:29.0375 0x12f0  [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
19:08:29.0391 0x12f0  AtiPcie - ok
19:08:29.0484 0x12f0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:29.0562 0x12f0  AudioEndpointBuilder - ok
19:08:29.0609 0x12f0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:08:29.0672 0x12f0  AudioSrv - ok
19:08:29.0734 0x12f0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:08:29.0843 0x12f0  AxInstSV - ok
19:08:29.0921 0x12f0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:08:29.0984 0x12f0  b06bdrv - ok
19:08:30.0046 0x12f0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:08:30.0108 0x12f0  b57nd60a - ok
19:08:30.0280 0x12f0  [ 5F685973740F289BE3C809952DB8408B, 4C0A0C06BB2B6B1879A860B0D68289A55F80CF74947FCCE7815F1D8121232F62 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
19:08:30.0311 0x12f0  BBSvc - ok
19:08:30.0358 0x12f0  [ 76F78018F45E7F92164CEA5020176933, 76E1CA6E198417F3749864721C43913189A7EA07B5ED320DE543B2037CEA3D65 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
19:08:30.0374 0x12f0  BBUpdate - ok
19:08:30.0498 0x12f0  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
19:08:30.0701 0x12f0  BCM43XX - ok
19:08:30.0732 0x12f0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:08:30.0764 0x12f0  BDESVC - ok
19:08:30.0810 0x12f0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:08:30.0888 0x12f0  Beep - ok
19:08:30.0966 0x12f0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:08:31.0029 0x12f0  BFE - ok
19:08:31.0091 0x12f0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
19:08:31.0169 0x1314  Object required for P2P: [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor
19:08:31.0185 0x12f0  BITS - ok
19:08:31.0216 0x12f0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:31.0247 0x12f0  blbdrive - ok
19:08:31.0356 0x12f0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:08:31.0388 0x12f0  Bonjour Service - ok
19:08:31.0434 0x12f0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:08:31.0466 0x12f0  bowser - ok
19:08:31.0497 0x12f0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:08:31.0590 0x12f0  BrFiltLo - ok
19:08:31.0590 0x12f0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:08:31.0606 0x12f0  BrFiltUp - ok
19:08:31.0668 0x12f0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:08:31.0778 0x12f0  BridgeMP - ok
19:08:31.0809 0x12f0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:08:31.0856 0x12f0  Browser - ok
19:08:31.0887 0x12f0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:08:31.0934 0x12f0  Brserid - ok
19:08:31.0934 0x12f0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:31.0965 0x12f0  BrSerWdm - ok
19:08:31.0965 0x12f0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:31.0996 0x12f0  BrUsbMdm - ok
19:08:31.0996 0x12f0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:32.0043 0x12f0  BrUsbSer - ok
19:08:32.0043 0x12f0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:08:32.0058 0x12f0  BTHMODEM - ok
19:08:32.0105 0x12f0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:08:32.0152 0x12f0  bthserv - ok
19:08:32.0214 0x12f0  catchme - ok
19:08:32.0261 0x12f0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:08:32.0324 0x12f0  cdfs - ok
19:08:32.0386 0x12f0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:08:32.0386 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
19:08:32.0402 0x12f0  cdrom - detected LockedFile.Multi.Generic ( 1 )
19:08:34.0414 0x131c  Object required for P2P: [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService
19:08:34.0851 0x12f0  Detect skipped due to KSN trusted
19:08:34.0851 0x12f0  cdrom - ok
19:08:34.0929 0x12f0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:08:35.0022 0x12f0  CertPropSvc - ok
19:08:35.0069 0x12f0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:08:35.0116 0x12f0  circlass - ok
19:08:35.0178 0x12f0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:08:35.0225 0x12f0  CLFS - ok
19:08:35.0272 0x12f0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:35.0303 0x12f0  clr_optimization_v2.0.50727_32 - ok
19:08:35.0350 0x12f0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:35.0366 0x12f0  clr_optimization_v2.0.50727_64 - ok
19:08:35.0397 0x12f0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:35.0428 0x12f0  CmBatt - ok
19:08:35.0459 0x12f0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:08:35.0459 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
19:08:35.0459 0x12f0  cmdide - detected LockedFile.Multi.Generic ( 1 )
19:08:37.0924 0x12f0  Detect skipped due to KSN trusted
19:08:37.0924 0x12f0  cmdide - ok
19:08:38.0018 0x12f0  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
19:08:38.0096 0x12f0  CNG - ok
19:08:38.0158 0x12f0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:08:38.0189 0x12f0  Compbatt - ok
19:08:38.0267 0x12f0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:08:38.0267 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
19:08:38.0267 0x12f0  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
19:08:40.0733 0x12f0  Detect skipped due to KSN trusted
19:08:40.0733 0x12f0  CompositeBus - ok
19:08:40.0780 0x12f0  COMSysApp - ok
19:08:40.0811 0x12f0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:08:40.0811 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
19:08:40.0811 0x12f0  crcdisk - detected LockedFile.Multi.Generic ( 1 )
19:08:43.0276 0x12f0  Detect skipped due to KSN trusted
19:08:43.0276 0x12f0  crcdisk - ok
19:08:43.0354 0x12f0  [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:08:43.0416 0x12f0  CryptSvc - ok
19:08:43.0525 0x12f0  [ 61A86809B62769643892BC0812B204AA, 92FAC8176BE88D63C1DB1FF127F1BACD7D735A36DA42ABDE448D34B8D66F2BB9 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:08:43.0557 0x12f0  cvhsvc - ok
19:08:43.0572 0x12f0  Suspicious service (NoAccess): d14786642ba85cc9
19:08:43.0619 0x12f0  [ 09E04442AEC4419C6B393C92B3C70161, 1F0F7CF371F3970AD2E68F96CE17BD785F63DE96020CF8C04DA045F3472FD207 ] d14786642ba85cc9 C:\Windows\System32\Drivers\d14786642ba85cc9.sys
19:08:43.0619 0x12f0  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\d14786642ba85cc9.sys. md5: 09E04442AEC4419C6B393C92B3C70161, sha256: 1F0F7CF371F3970AD2E68F96CE17BD785F63DE96020CF8C04DA045F3472FD207
19:08:43.0650 0x12f0  d14786642ba85cc9 - detected Rootkit.Win32.Necurs.gen ( 0 )
19:08:46.0224 0x12f0  d14786642ba85cc9 ( Rootkit.Win32.Necurs.gen ) - infected
19:08:46.0224 0x12f0  Force sending object to P2P due to detect: d14786642ba85cc9
19:08:51.0169 0x1314  Object send P2P result: false
19:08:54.0430 0x131c  Object send P2P result: false
19:09:06.0270 0x12f0  Object send P2P result: false
19:09:08.0860 0x12f0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:09:08.0930 0x12f0  DcomLaunch - ok
19:09:09.0010 0x12f0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:09:09.0060 0x12f0  defragsvc - ok
19:09:09.0100 0x12f0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:09:09.0100 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F
19:09:09.0100 0x12f0  DfsC - detected LockedFile.Multi.Generic ( 1 )
19:09:11.0556 0x12f0  Detect skipped due to KSN trusted
19:09:11.0556 0x12f0  DfsC - ok
19:09:11.0634 0x12f0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:09:11.0696 0x12f0  Dhcp - ok
19:09:11.0728 0x12f0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:09:11.0728 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
19:09:11.0728 0x12f0  discache - detected LockedFile.Multi.Generic ( 1 )
19:09:14.0208 0x12f0  Detect skipped due to KSN trusted
19:09:14.0208 0x12f0  discache - ok
19:09:14.0286 0x12f0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:09:14.0286 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
19:09:14.0286 0x12f0  Disk - detected LockedFile.Multi.Generic ( 1 )
19:09:16.0697 0x12f0  Detect skipped due to KSN trusted
19:09:16.0697 0x12f0  Disk - ok
19:09:16.0775 0x12f0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:09:16.0837 0x12f0  Dnscache - ok
19:09:16.0884 0x12f0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:09:16.0946 0x12f0  dot3svc - ok
19:09:16.0993 0x12f0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:09:17.0040 0x12f0  DPS - ok
19:09:17.0071 0x12f0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:09:17.0071 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
19:09:17.0071 0x12f0  drmkaud - detected LockedFile.Multi.Generic ( 1 )
19:09:19.0552 0x12f0  Detect skipped due to KSN trusted
19:09:19.0552 0x12f0  drmkaud - ok
19:09:19.0661 0x12f0  [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:09:19.0692 0x12f0  DsiWMIService - ok
19:09:19.0770 0x12f0  [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:09:19.0770 0x12f0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: AF2E16242AA723F68F461B6EAE2EAD3D, sha256: 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3
19:09:19.0770 0x12f0  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
19:09:22.0250 0x12f0  Detect skipped due to KSN trusted
19:09:22.0250 0x12f0  DXGKrnl - ok
19:09:22.0328 0x12f0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:09:22.0423 0x12f0  EapHost - ok
19:09:22.0610 0x12f0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:09:22.0610 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
19:09:22.0610 0x12f0  ebdrv - detected LockedFile.Multi.Generic ( 1 )
19:09:25.0153 0x12f0  Detect skipped due to KSN trusted
19:09:25.0153 0x12f0  ebdrv - ok
19:09:25.0215 0x12f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
19:09:25.0278 0x12f0  EFS - ok
19:09:25.0403 0x12f0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:09:25.0481 0x12f0  ehRecvr - ok
19:09:25.0512 0x12f0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:09:25.0574 0x12f0  ehSched - ok
19:09:25.0637 0x12f0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:09:25.0637 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
19:09:25.0652 0x12f0  elxstor - detected LockedFile.Multi.Generic ( 1 )
19:09:28.0070 0x12f0  Detect skipped due to KSN trusted
19:09:28.0070 0x12f0  elxstor - ok
19:09:28.0200 0x12f0  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
19:09:28.0240 0x12f0  ePowerSvc - ok
19:09:28.0270 0x12f0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:09:28.0270 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
19:09:28.0270 0x12f0  ErrDev - detected LockedFile.Multi.Generic ( 1 )
19:09:30.0695 0x12f0  Detect skipped due to KSN trusted
19:09:30.0695 0x12f0  ErrDev - ok
19:09:30.0789 0x12f0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:09:30.0913 0x12f0  EventSystem - ok
19:09:30.0980 0x12f0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:09:30.0980 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
19:09:30.0980 0x12f0  exfat - detected LockedFile.Multi.Generic ( 1 )
19:09:33.0443 0x12f0  Detect skipped due to KSN trusted
19:09:33.0443 0x12f0  exfat - ok
19:09:33.0505 0x12f0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:09:33.0505 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
19:09:33.0505 0x12f0  fastfat - detected LockedFile.Multi.Generic ( 1 )
19:09:35.0939 0x12f0  Detect skipped due to KSN trusted
19:09:35.0939 0x12f0  fastfat - ok
19:09:36.0048 0x12f0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:09:36.0157 0x12f0  Fax - ok
19:09:36.0188 0x12f0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:09:36.0188 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
19:09:36.0188 0x12f0  fdc - detected LockedFile.Multi.Generic ( 1 )
19:09:38.0669 0x12f0  Detect skipped due to KSN trusted
19:09:38.0669 0x12f0  fdc - ok
19:09:38.0700 0x12f0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:09:38.0747 0x12f0  fdPHost - ok
19:09:38.0762 0x12f0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:09:38.0825 0x12f0  FDResPub - ok
19:09:38.0825 0x12f0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:09:38.0825 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
19:09:38.0825 0x12f0  FileInfo - detected LockedFile.Multi.Generic ( 1 )
19:09:41.0274 0x12f0  Detect skipped due to KSN trusted
19:09:41.0274 0x12f0  FileInfo - ok
19:09:41.0321 0x12f0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:09:41.0321 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
19:09:41.0321 0x12f0  Filetrace - detected LockedFile.Multi.Generic ( 1 )
19:09:43.0728 0x12f0  Detect skipped due to KSN trusted
19:09:43.0728 0x12f0  Filetrace - ok
19:09:43.0818 0x12f0  [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:09:43.0868 0x12f0  FLEXnet Licensing Service - ok
19:09:43.0888 0x12f0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:09:43.0888 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
19:09:43.0888 0x12f0  flpydisk - detected LockedFile.Multi.Generic ( 1 )
19:09:46.0310 0x12f0  Detect skipped due to KSN trusted
19:09:46.0310 0x12f0  flpydisk - ok
19:09:46.0388 0x12f0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:09:46.0388 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
19:09:46.0388 0x12f0  FltMgr - detected LockedFile.Multi.Generic ( 1 )
19:09:48.0869 0x12f0  Detect skipped due to KSN trusted
19:09:48.0869 0x12f0  FltMgr - ok
19:09:48.0993 0x12f0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:09:49.0056 0x12f0  FontCache - ok
19:09:49.0118 0x12f0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:09:49.0134 0x12f0  FontCache3.0.0.0 - ok
19:09:49.0181 0x12f0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:09:49.0181 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
19:09:49.0181 0x12f0  FsDepends - detected LockedFile.Multi.Generic ( 1 )
19:09:51.0692 0x12f0  Detect skipped due to KSN trusted
19:09:51.0692 0x12f0  FsDepends - ok
19:09:51.0755 0x12f0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:09:51.0755 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
19:09:51.0755 0x12f0  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
19:09:54.0204 0x12f0  Detect skipped due to KSN trusted
19:09:54.0204 0x12f0  Fs_Rec - ok
19:09:54.0282 0x12f0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:09:54.0282 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 8F6322049018354F45F05A2FD2D4E5E0, sha256: 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359
19:09:54.0282 0x12f0  fvevol - detected LockedFile.Multi.Generic ( 1 )
19:09:56.0732 0x12f0  Detect skipped due to KSN trusted
19:09:56.0732 0x12f0  fvevol - ok
19:09:56.0779 0x12f0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:09:56.0779 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
19:09:56.0779 0x12f0  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
19:09:59.0244 0x12f0  Detect skipped due to KSN trusted
19:09:59.0244 0x12f0  gagp30kx - ok
19:09:59.0400 0x12f0  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:09:59.0431 0x12f0  GamesAppService - ok
19:09:59.0478 0x12f0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:09:59.0478 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
19:09:59.0493 0x12f0  GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
19:10:01.0974 0x12f0  Detect skipped due to KSN trusted
19:10:01.0974 0x12f0  GEARAspiWDM - ok
19:10:02.0098 0x12f0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:10:02.0161 0x12f0  gpsvc - ok
19:10:02.0270 0x12f0  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
19:10:02.0286 0x12f0  GREGService - ok
19:10:02.0332 0x12f0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:10:02.0332 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
19:10:02.0332 0x12f0  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
19:10:04.0813 0x12f0  Detect skipped due to KSN trusted
19:10:04.0813 0x12f0  hcw85cir - ok
19:10:04.0922 0x12f0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:10:04.0922 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
19:10:04.0922 0x12f0  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:10:07.0402 0x12f0  Detect skipped due to KSN trusted
19:10:07.0402 0x12f0  HdAudAddService - ok
19:10:07.0465 0x12f0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:10:07.0465 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
19:10:07.0465 0x12f0  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
19:10:09.0992 0x12f0  Detect skipped due to KSN trusted
19:10:09.0992 0x12f0  HDAudBus - ok
19:10:10.0054 0x12f0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:10:10.0054 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
19:10:10.0054 0x12f0  HidBatt - detected LockedFile.Multi.Generic ( 1 )
19:10:12.0566 0x12f0  Detect skipped due to KSN trusted
19:10:12.0566 0x12f0  HidBatt - ok
19:10:12.0582 0x12f0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:10:12.0582 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
19:10:12.0582 0x12f0  HidBth - detected LockedFile.Multi.Generic ( 1 )
19:10:15.0078 0x12f0  Detect skipped due to KSN trusted
19:10:15.0078 0x12f0  HidBth - ok
19:10:15.0093 0x12f0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:10:15.0093 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
19:10:15.0093 0x12f0  HidIr - detected LockedFile.Multi.Generic ( 1 )
19:10:17.0636 0x12f0  Detect skipped due to KSN trusted
19:10:17.0636 0x12f0  HidIr - ok
19:10:17.0698 0x12f0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
19:10:17.0792 0x12f0  hidserv - ok
19:10:17.0839 0x12f0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:10:17.0839 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
19:10:17.0839 0x12f0  HidUsb - detected LockedFile.Multi.Generic ( 1 )
19:10:20.0319 0x12f0  Detect skipped due to KSN trusted
19:10:20.0319 0x12f0  HidUsb - ok
19:10:20.0382 0x12f0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:10:20.0475 0x12f0  hkmsvc - ok
19:10:20.0506 0x12f0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:10:20.0584 0x12f0  HomeGroupListener - ok
19:10:20.0647 0x12f0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:10:20.0709 0x12f0  HomeGroupProvider - ok
19:10:20.0740 0x12f0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:10:20.0740 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
19:10:20.0740 0x12f0  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
19:10:23.0190 0x12f0  Detect skipped due to KSN trusted
19:10:23.0190 0x12f0  HpSAMD - ok
19:10:23.0314 0x12f0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:10:23.0314 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
19:10:23.0314 0x12f0  HTTP - detected LockedFile.Multi.Generic ( 1 )
19:10:25.0779 0x12f0  Detect skipped due to KSN trusted
19:10:25.0779 0x12f0  HTTP - ok
19:10:25.0842 0x12f0  [ 6DBD08BC1331C78548298E82C4B667C5, FB7E50CBA773AC1D568D8629E89E85C9FACDFD494966791D770CD116D2064615 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:10:25.0842 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ew_jubusenum.sys. md5: 6DBD08BC1331C78548298E82C4B667C5, sha256: FB7E50CBA773AC1D568D8629E89E85C9FACDFD494966791D770CD116D2064615
19:10:25.0873 0x12f0  huawei_enumerator - detected LockedFile.Multi.Generic ( 1 )
19:10:28.0462 0x12f0  Detect skipped due to KSN trusted
19:10:28.0462 0x12f0  huawei_enumerator - ok
19:10:28.0572 0x12f0  [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:10:28.0572 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ewusbmdm.sys. md5: 6E5CD3984742A922D0C183C7E82C3C94, sha256: EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117
19:10:28.0572 0x12f0  hwdatacard - detected LockedFile.Multi.Generic ( 1 )
19:10:31.0036 0x12f0  Detect skipped due to KSN trusted
19:10:31.0036 0x12f0  hwdatacard - ok
19:10:31.0083 0x12f0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:10:31.0083 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
19:10:31.0083 0x12f0  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
19:10:33.0595 0x12f0  Detect skipped due to KSN trusted
19:10:33.0595 0x12f0  hwpolicy - ok
19:10:33.0704 0x12f0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:10:33.0704 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
19:10:33.0704 0x12f0  i8042prt - detected LockedFile.Multi.Generic ( 1 )
19:10:36.0169 0x12f0  Detect skipped due to KSN trusted
19:10:36.0169 0x12f0  i8042prt - ok
19:10:36.0263 0x12f0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:10:36.0263 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
19:10:36.0263 0x12f0  iaStorV - detected LockedFile.Multi.Generic ( 1 )
19:10:38.0712 0x12f0  Detect skipped due to KSN trusted
19:10:38.0712 0x12f0  iaStorV - ok
19:10:38.0852 0x12f0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:10:38.0899 0x12f0  idsvc - ok
19:10:39.0195 0x12f0  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:10:39.0195 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: A87261EF1546325B559374F5689CF5BC, sha256: 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002
19:10:39.0211 0x12f0  igfx - detected LockedFile.Multi.Generic ( 1 )
19:10:41.0645 0x12f0  Detect skipped due to KSN trusted
19:10:41.0645 0x12f0  igfx - ok
19:10:41.0676 0x12f0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:10:41.0676 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
19:10:41.0676 0x12f0  iirsp - detected LockedFile.Multi.Generic ( 1 )
19:10:44.0125 0x12f0  Detect skipped due to KSN trusted
19:10:44.0125 0x12f0  iirsp - ok
19:10:44.0250 0x12f0  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:10:44.0328 0x12f0  IKEEXT - ok
19:10:44.0515 0x12f0  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:10:44.0515 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: E8017F1662D9142F45CEAB694D013C00, sha256: 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0
19:10:44.0515 0x12f0  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:10:46.0980 0x12f0  Detect skipped due to KSN trusted
19:10:46.0980 0x12f0  IntcAzAudAddService - ok
19:10:46.0995 0x12f0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:10:47.0011 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
19:10:47.0011 0x12f0  intelide - detected LockedFile.Multi.Generic ( 1 )
19:10:49.0401 0x12f0  Detect skipped due to KSN trusted
19:10:49.0401 0x12f0  intelide - ok
19:10:49.0471 0x12f0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:10:49.0471 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
19:10:49.0471 0x12f0  intelppm - detected LockedFile.Multi.Generic ( 1 )
19:10:51.0925 0x12f0  Detect skipped due to KSN trusted
19:10:51.0925 0x12f0  intelppm - ok
19:10:51.0972 0x12f0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:10:52.0081 0x12f0  IPBusEnum - ok
19:10:52.0097 0x12f0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:10:52.0097 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
19:10:52.0097 0x12f0  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
19:10:54.0546 0x12f0  Detect skipped due to KSN trusted
19:10:54.0546 0x12f0  IpFilterDriver - ok
19:10:54.0639 0x12f0  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:10:54.0717 0x12f0  iphlpsvc - ok
19:10:54.0749 0x12f0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:10:54.0749 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
19:10:54.0749 0x12f0  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
19:10:57.0198 0x12f0  Detect skipped due to KSN trusted
19:10:57.0198 0x12f0  IPMIDRV - ok
19:10:57.0260 0x12f0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:10:57.0260 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
19:10:57.0260 0x12f0  IPNAT - detected LockedFile.Multi.Generic ( 1 )
19:10:59.0725 0x12f0  Detect skipped due to KSN trusted
19:10:59.0725 0x12f0  IPNAT - ok
19:10:59.0912 0x12f0  [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:10:59.0943 0x12f0  iPod Service - ok
19:10:59.0975 0x12f0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:10:59.0975 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
19:10:59.0975 0x12f0  IRENUM - detected LockedFile.Multi.Generic ( 1 )
19:11:02.0424 0x12f0  Detect skipped due to KSN trusted
19:11:02.0424 0x12f0  IRENUM - ok
19:11:02.0471 0x12f0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:11:02.0471 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
19:11:02.0471 0x12f0  isapnp - detected LockedFile.Multi.Generic ( 1 )
19:11:04.0935 0x12f0  Detect skipped due to KSN trusted
19:11:04.0935 0x12f0  isapnp - ok
19:11:05.0013 0x12f0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:11:05.0013 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
19:11:05.0013 0x12f0  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
19:11:07.0478 0x12f0  Detect skipped due to KSN trusted
19:11:07.0478 0x12f0  iScsiPrt - ok
19:11:07.0572 0x12f0  [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
19:11:07.0572 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 12E27942DBB7C91880163634B0D8A776, sha256: DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E
19:11:07.0572 0x12f0  k57nd60a - detected LockedFile.Multi.Generic ( 1 )
19:11:10.0037 0x12f0  Detect skipped due to KSN trusted
19:11:10.0037 0x12f0  k57nd60a - ok
19:11:10.0099 0x12f0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:11:10.0099 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
19:11:10.0099 0x12f0  kbdclass - detected LockedFile.Multi.Generic ( 1 )
19:11:12.0579 0x12f0  Detect skipped due to KSN trusted
19:11:12.0579 0x12f0  kbdclass - ok
19:11:12.0657 0x12f0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:11:12.0657 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
19:11:12.0657 0x12f0  kbdhid - detected LockedFile.Multi.Generic ( 1 )
19:11:15.0122 0x12f0  Detect skipped due to KSN trusted
19:11:15.0122 0x12f0  kbdhid - ok
19:11:15.0169 0x12f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
19:11:15.0200 0x12f0  KeyIso - ok
19:11:15.0231 0x12f0  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:11:15.0231 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4, sha256: 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8
19:11:15.0231 0x12f0  KSecDD - detected LockedFile.Multi.Generic ( 1 )
19:11:17.0696 0x12f0  Detect skipped due to KSN trusted
19:11:17.0696 0x12f0  KSecDD - ok
19:11:17.0759 0x12f0  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:11:17.0759 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07, sha256: 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B
19:11:17.0759 0x12f0  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
19:11:20.0208 0x12f0  Detect skipped due to KSN trusted
19:11:20.0208 0x12f0  KSecPkg - ok
19:11:20.0286 0x12f0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:11:20.0286 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
19:11:20.0286 0x12f0  ksthunk - detected LockedFile.Multi.Generic ( 1 )
19:11:22.0719 0x12f0  Detect skipped due to KSN trusted
19:11:22.0719 0x12f0  ksthunk - ok
19:11:22.0844 0x12f0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:11:22.0907 0x12f0  KtmRm - ok
19:11:22.0969 0x12f0  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
19:11:22.0969 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\L1E62x64.sys. md5: 2AC603C3188C704CFCE353659AA7AD71, sha256: 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF
19:11:22.0985 0x12f0  L1E - detected LockedFile.Multi.Generic ( 1 )
19:11:25.0434 0x12f0  Detect skipped due to KSN trusted
19:11:25.0434 0x12f0  L1E - ok
19:11:25.0512 0x12f0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:11:25.0590 0x12f0  LanmanServer - ok
19:11:25.0621 0x12f0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:11:25.0668 0x12f0  LanmanWorkstation - ok
19:11:25.0730 0x12f0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:11:25.0730 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
19:11:25.0730 0x12f0  lltdio - detected LockedFile.Multi.Generic ( 1 )
19:11:28.0179 0x12f0  Detect skipped due to KSN trusted
19:11:28.0179 0x12f0  lltdio - ok
19:11:28.0257 0x12f0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:11:28.0367 0x12f0  lltdsvc - ok
19:11:28.0382 0x12f0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:11:28.0413 0x12f0  lmhosts - ok
19:11:28.0460 0x12f0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:11:28.0460 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
19:11:28.0460 0x12f0  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
19:11:30.0925 0x12f0  Detect skipped due to KSN trusted
19:11:30.0925 0x12f0  LSI_FC - ok
19:11:30.0941 0x12f0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:11:30.0941 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
19:11:30.0941 0x12f0  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
19:11:33.0390 0x12f0  Detect skipped due to KSN trusted
19:11:33.0390 0x12f0  LSI_SAS - ok
19:11:33.0405 0x12f0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:11:33.0405 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
19:11:33.0405 0x12f0  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
19:11:35.0839 0x12f0  Detect skipped due to KSN trusted
19:11:35.0839 0x12f0  LSI_SAS2 - ok
19:11:35.0855 0x12f0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:11:35.0855 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
19:11:35.0855 0x12f0  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
19:11:38.0304 0x12f0  Detect skipped due to KSN trusted
19:11:38.0304 0x12f0  LSI_SCSI - ok
19:11:38.0366 0x12f0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:11:38.0366 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
19:11:38.0366 0x12f0  luafv - detected LockedFile.Multi.Generic ( 1 )
19:11:40.0847 0x12f0  Detect skipped due to KSN trusted
19:11:40.0847 0x12f0  luafv - ok
19:11:40.0909 0x12f0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:11:40.0956 0x12f0  Mcx2Svc - ok
19:11:40.0956 0x12f0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:11:40.0956 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
19:11:40.0971 0x12f0  megasas - detected LockedFile.Multi.Generic ( 1 )
19:11:43.0421 0x12f0  Detect skipped due to KSN trusted
19:11:43.0421 0x12f0  megasas - ok
19:11:43.0467 0x12f0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:11:43.0467 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
19:11:43.0467 0x12f0  MegaSR - detected LockedFile.Multi.Generic ( 1 )
19:11:45.0917 0x12f0  Detect skipped due to KSN trusted
19:11:45.0917 0x12f0  MegaSR - ok
19:11:45.0995 0x12f0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:11:46.0073 0x12f0  MMCSS - ok
19:11:46.0088 0x12f0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:11:46.0088 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
19:11:46.0088 0x12f0  Modem - detected LockedFile.Multi.Generic ( 1 )
19:11:48.0584 0x12f0  Detect skipped due to KSN trusted
19:11:48.0584 0x12f0  Modem - ok
19:11:48.0647 0x12f0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:11:48.0647 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
19:11:48.0647 0x12f0  monitor - detected LockedFile.Multi.Generic ( 1 )
19:11:51.0080 0x12f0  Detect skipped due to KSN trusted
19:11:51.0080 0x12f0  monitor - ok
19:11:51.0158 0x12f0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:11:51.0158 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
19:11:51.0174 0x12f0  mouclass - detected LockedFile.Multi.Generic ( 1 )
19:11:53.0685 0x12f0  Detect skipped due to KSN trusted
19:11:53.0685 0x12f0  mouclass - ok
19:11:53.0748 0x12f0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:11:53.0748 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
19:11:53.0748 0x12f0  mouhid - detected LockedFile.Multi.Generic ( 1 )
19:11:56.0228 0x12f0  Detect skipped due to KSN trusted
19:11:56.0228 0x12f0  mouhid - ok
19:11:56.0291 0x12f0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:11:56.0291 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
19:11:56.0291 0x12f0  mountmgr - detected LockedFile.Multi.Generic ( 1 )
19:11:58.0771 0x12f0  Detect skipped due to KSN trusted
19:11:58.0771 0x12f0  mountmgr - ok
19:11:58.0849 0x12f0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:11:58.0849 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
19:11:58.0849 0x12f0  mpio - detected LockedFile.Multi.Generic ( 1 )
19:12:01.0314 0x12f0  Detect skipped due to KSN trusted
19:12:01.0314 0x12f0  mpio - ok
19:12:01.0361 0x12f0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:12:01.0361 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
19:12:01.0361 0x12f0  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
19:12:03.0857 0x12f0  Detect skipped due to KSN trusted
19:12:03.0857 0x12f0  mpsdrv - ok
19:12:03.0966 0x12f0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:12:04.0028 0x12f0  MpsSvc - ok
19:12:04.0075 0x12f0  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:12:04.0075 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
19:12:04.0075 0x12f0  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
19:12:06.0524 0x12f0  Detect skipped due to KSN trusted
19:12:06.0524 0x12f0  MRxDAV - ok
19:12:06.0602 0x12f0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:12:06.0602 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
19:12:06.0602 0x12f0  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
19:12:09.0114 0x12f0  Detect skipped due to KSN trusted
19:12:09.0114 0x12f0  mrxsmb - ok
19:12:09.0176 0x12f0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:12:09.0176 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
19:12:09.0176 0x12f0  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
19:12:11.0781 0x12f0  Detect skipped due to KSN trusted
19:12:11.0781 0x12f0  mrxsmb10 - ok
19:12:11.0859 0x12f0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:12:11.0859 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
19:12:11.0859 0x12f0  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
19:12:14.0387 0x12f0  Detect skipped due to KSN trusted
19:12:14.0387 0x12f0  mrxsmb20 - ok
19:12:14.0465 0x12f0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:12:14.0465 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
19:12:14.0465 0x12f0  msahci - detected LockedFile.Multi.Generic ( 1 )
19:12:16.0945 0x12f0  Detect skipped due to KSN trusted
19:12:16.0945 0x12f0  msahci - ok
19:12:16.0992 0x12f0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:12:16.0992 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
19:12:16.0992 0x12f0  msdsm - detected LockedFile.Multi.Generic ( 1 )
19:12:19.0503 0x12f0  Detect skipped due to KSN trusted
19:12:19.0503 0x12f0  msdsm - ok
19:12:19.0566 0x12f0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:12:19.0597 0x12f0  MSDTC - ok
19:12:19.0628 0x12f0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:12:19.0628 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
19:12:19.0628 0x12f0  Msfs - detected LockedFile.Multi.Generic ( 1 )
19:12:22.0202 0x12f0  Detect skipped due to KSN trusted
19:12:22.0202 0x12f0  Msfs - ok
19:12:22.0249 0x12f0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:12:22.0249 0x12f0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
19:12:22.0249 0x12f0  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
19:12:24.0729 0x12f0  Detect skipped due to KSN trusted
19:12:24.0729 0x12f0  mshidkmdf - ok
19:12:24.0807 0x12f0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:12:24.0807 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
19:12:24.0807 0x12f0  msisadrv - detected LockedFile.Multi.Generic ( 1 )
19:12:27.0303 0x12f0  Detect skipped due to KSN trusted
19:12:27.0303 0x12f0  msisadrv - ok
19:12:27.0397 0x12f0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:12:27.0475 0x12f0  MSiSCSI - ok
19:12:27.0475 0x12f0  msiserver - ok
19:12:27.0522 0x12f0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:12:27.0522 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
19:12:27.0522 0x12f0  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
19:12:29.0987 0x12f0  Detect skipped due to KSN trusted
19:12:29.0987 0x12f0  MSKSSRV - ok
19:12:30.0049 0x12f0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:12:30.0049 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
19:12:30.0049 0x12f0  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
19:12:32.0498 0x12f0  Detect skipped due to KSN trusted
19:12:32.0498 0x12f0  MSPCLOCK - ok
19:12:32.0514 0x12f0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:12:32.0514 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
19:12:32.0514 0x12f0  MSPQM - detected LockedFile.Multi.Generic ( 1 )
19:12:34.0979 0x12f0  Detect skipped due to KSN trusted
19:12:34.0979 0x12f0  MSPQM - ok
19:12:35.0057 0x12f0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:12:35.0057 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
19:12:35.0057 0x12f0  MsRPC - detected LockedFile.Multi.Generic ( 1 )
19:12:37.0537 0x12f0  Detect skipped due to KSN trusted
19:12:37.0537 0x12f0  MsRPC - ok
19:12:37.0615 0x12f0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:12:37.0615 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
19:12:37.0615 0x12f0  mssmbios - detected LockedFile.Multi.Generic ( 1 )
19:12:40.0158 0x12f0  Detect skipped due to KSN trusted
19:12:40.0158 0x12f0  mssmbios - ok
19:12:40.0174 0x12f0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:12:40.0174 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
19:12:40.0174 0x12f0  MSTEE - detected LockedFile.Multi.Generic ( 1 )
19:12:42.0654 0x12f0  Detect skipped due to KSN trusted
19:12:42.0654 0x12f0  MSTEE - ok
19:12:42.0716 0x12f0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:12:42.0716 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
19:12:42.0716 0x12f0  MTConfig - detected LockedFile.Multi.Generic ( 1 )
19:12:45.0166 0x12f0  Detect skipped due to KSN trusted
19:12:45.0166 0x12f0  MTConfig - ok
19:12:45.0228 0x12f0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:12:45.0228 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
19:12:45.0228 0x12f0  Mup - detected LockedFile.Multi.Generic ( 1 )
19:12:47.0708 0x12f0  Detect skipped due to KSN trusted
19:12:47.0708 0x12f0  Mup - ok
19:12:47.0802 0x12f0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:12:47.0880 0x12f0  napagent - ok
19:12:47.0974 0x12f0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:12:47.0974 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
19:12:47.0989 0x12f0  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
19:12:50.0454 0x12f0  Detect skipped due to KSN trusted
19:12:50.0454 0x12f0  NativeWifiP - ok
19:12:50.0563 0x12f0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:12:50.0563 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
19:12:50.0563 0x12f0  NDIS - detected LockedFile.Multi.Generic ( 1 )
19:12:53.0028 0x12f0  Detect skipped due to KSN trusted
19:12:53.0028 0x12f0  NDIS - ok
19:12:53.0090 0x12f0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:12:53.0090 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
19:12:53.0090 0x12f0  NdisCap - detected LockedFile.Multi.Generic ( 1 )
19:12:55.0555 0x12f0  Detect skipped due to KSN trusted
19:12:55.0555 0x12f0  NdisCap - ok
19:12:55.0618 0x12f0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:12:55.0618 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
19:12:55.0618 0x12f0  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
19:12:58.0083 0x12f0  Detect skipped due to KSN trusted
19:12:58.0083 0x12f0  NdisTapi - ok
19:12:58.0161 0x12f0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:12:58.0177 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
19:12:58.0177 0x12f0  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
19:13:00.0642 0x12f0  Detect skipped due to KSN trusted
19:13:00.0642 0x12f0  Ndisuio - ok
19:13:00.0735 0x12f0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:00.0735 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
19:13:00.0735 0x12f0  NdisWan - detected LockedFile.Multi.Generic ( 1 )
19:13:03.0200 0x12f0  Detect skipped due to KSN trusted
19:13:03.0200 0x12f0  NdisWan - ok
19:13:03.0263 0x12f0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:13:03.0263 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
19:13:03.0263 0x12f0  NDProxy - detected LockedFile.Multi.Generic ( 1 )
19:13:05.0743 0x12f0  Detect skipped due to KSN trusted
19:13:05.0743 0x12f0  NDProxy - ok
19:13:05.0915 0x12f0  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:13:05.0977 0x12f0  Nero BackItUp Scheduler 4.0 - ok
19:13:06.0024 0x12f0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:13:06.0024 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
19:13:06.0024 0x12f0  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
19:13:08.0489 0x12f0  Detect skipped due to KSN trusted
19:13:08.0489 0x12f0  NetBIOS - ok
19:13:08.0598 0x12f0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:13:08.0598 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
19:13:08.0598 0x12f0  NetBT - detected LockedFile.Multi.Generic ( 1 )
19:13:11.0063 0x12f0  Detect skipped due to KSN trusted
19:13:11.0063 0x12f0  NetBT - ok
19:13:11.0109 0x12f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
19:13:11.0125 0x12f0  Netlogon - ok
19:13:11.0156 0x12f0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:13:11.0234 0x12f0  Netman - ok
19:13:11.0281 0x12f0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:13:11.0359 0x12f0  netprofm - ok
19:13:11.0390 0x12f0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:11.0406 0x12f0  NetTcpPortSharing - ok
19:13:11.0437 0x12f0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:13:11.0437 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
19:13:11.0437 0x12f0  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
19:13:13.0886 0x12f0  Detect skipped due to KSN trusted
19:13:13.0886 0x12f0  nfrd960 - ok
19:13:13.0964 0x12f0  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:13:14.0042 0x12f0  NlaSvc - ok
19:13:14.0089 0x12f0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:13:14.0089 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
19:13:14.0089 0x12f0  Npfs - detected LockedFile.Multi.Generic ( 1 )
19:13:16.0585 0x12f0  Detect skipped due to KSN trusted
19:13:16.0585 0x12f0  Npfs - ok
19:13:16.0647 0x12f0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:13:16.0741 0x12f0  nsi - ok
19:13:16.0772 0x12f0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:13:16.0772 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
19:13:16.0772 0x12f0  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
19:13:19.0237 0x12f0  Detect skipped due to KSN trusted
19:13:19.0237 0x12f0  nsiproxy - ok
19:13:19.0377 0x12f0  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:13:19.0377 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E

AB12398 · 23.02.2015, 19:26

Code:

ATTFilter

19:13:19.0377 0x12f0  Ntfs - detected LockedFile.Multi.Generic ( 1 )
19:13:21.0951 0x12f0  Detect skipped due to KSN trusted
19:13:21.0951 0x12f0  Ntfs - ok
19:13:22.0061 0x12f0  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
19:13:22.0076 0x12f0  NTI IScheduleSvc - ok
19:13:22.0107 0x12f0  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
19:13:22.0107 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NTIDrvr.sys. md5: 64DDD0DEE976302F4BD93E5EFCC2F013, sha256: 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C
19:13:22.0107 0x12f0  NTIDrvr - detected LockedFile.Multi.Generic ( 1 )
19:13:24.0557 0x12f0  Detect skipped due to KSN trusted
19:13:24.0557 0x12f0  NTIDrvr - ok
19:13:24.0619 0x12f0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:13:24.0619 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
19:13:24.0619 0x12f0  Null - detected LockedFile.Multi.Generic ( 1 )
19:13:27.0099 0x12f0  Detect skipped due to KSN trusted
19:13:27.0099 0x12f0  Null - ok
19:13:27.0162 0x12f0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:13:27.0162 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
19:13:27.0162 0x12f0  nvraid - detected LockedFile.Multi.Generic ( 1 )
19:13:29.0611 0x12f0  Detect skipped due to KSN trusted
19:13:29.0611 0x12f0  nvraid - ok
19:13:29.0689 0x12f0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:13:29.0689 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
19:13:29.0689 0x12f0  nvstor - detected LockedFile.Multi.Generic ( 1 )
19:13:32.0154 0x12f0  Detect skipped due to KSN trusted
19:13:32.0154 0x12f0  nvstor - ok
19:13:32.0216 0x12f0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:13:32.0216 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
19:13:32.0216 0x12f0  nv_agp - detected LockedFile.Multi.Generic ( 1 )
19:13:34.0728 0x12f0  Detect skipped due to KSN trusted
19:13:34.0728 0x12f0  nv_agp - ok
19:13:34.0884 0x12f0  [ B3E5887095F1DE8737DA3441D29F60E4, 722DCC5F8AE62C7EE87C14AFA447EB630EDDB23C56E921E5FA8C72C12011C676 ] ogmservice      C:\Program Files (x86)\Online Games Manager\ogmservice.exe
19:13:34.0899 0x12f0  ogmservice - ok
19:13:34.0931 0x12f0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:13:34.0931 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
19:13:34.0931 0x12f0  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
19:13:37.0395 0x12f0  Detect skipped due to KSN trusted
19:13:37.0395 0x12f0  ohci1394 - ok
19:13:37.0473 0x12f0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:37.0489 0x12f0  ose - ok
19:13:37.0785 0x12f0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:13:38.0035 0x12f0  osppsvc - ok
19:13:38.0129 0x12f0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:13:38.0191 0x12f0  p2pimsvc - ok
19:13:38.0238 0x12f0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:13:38.0285 0x12f0  p2psvc - ok
19:13:38.0331 0x12f0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:13:38.0331 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
19:13:38.0331 0x12f0  Parport - detected LockedFile.Multi.Generic ( 1 )
19:13:40.0796 0x12f0  Detect skipped due to KSN trusted
19:13:40.0796 0x12f0  Parport - ok
19:13:40.0874 0x12f0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:13:40.0874 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
19:13:40.0874 0x12f0  partmgr - detected LockedFile.Multi.Generic ( 1 )
19:13:43.0339 0x12f0  Detect skipped due to KSN trusted
19:13:43.0339 0x12f0  partmgr - ok
19:13:43.0417 0x12f0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:13:43.0526 0x12f0  PcaSvc - ok
19:13:43.0557 0x12f0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:13:43.0557 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
19:13:43.0557 0x12f0  pci - detected LockedFile.Multi.Generic ( 1 )
19:13:46.0069 0x12f0  Detect skipped due to KSN trusted
19:13:46.0069 0x12f0  pci - ok
19:13:46.0085 0x12f0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:13:46.0085 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
19:13:46.0085 0x12f0  pciide - detected LockedFile.Multi.Generic ( 1 )
19:13:48.0581 0x12f0  Detect skipped due to KSN trusted
19:13:48.0581 0x12f0  pciide - ok
19:13:48.0643 0x12f0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:13:48.0643 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
19:13:48.0659 0x12f0  pcmcia - detected LockedFile.Multi.Generic ( 1 )
19:13:51.0123 0x12f0  Detect skipped due to KSN trusted
19:13:51.0123 0x12f0  pcmcia - ok
19:13:51.0186 0x12f0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:13:51.0186 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
19:13:51.0186 0x12f0  pcw - detected LockedFile.Multi.Generic ( 1 )
19:13:53.0682 0x12f0  Detect skipped due to KSN trusted
19:13:53.0682 0x12f0  pcw - ok
19:13:53.0775 0x12f0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:13:53.0775 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
19:13:53.0775 0x12f0  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
19:13:56.0240 0x12f0  Detect skipped due to KSN trusted
19:13:56.0240 0x12f0  PEAUTH - ok
19:13:56.0381 0x12f0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:13:56.0427 0x12f0  PerfHost - ok
19:13:56.0537 0x12f0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:13:56.0661 0x12f0  pla - ok
19:13:56.0708 0x12f0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:13:56.0771 0x12f0  PlugPlay - ok
19:13:56.0786 0x12f0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:13:56.0802 0x12f0  PNRPAutoReg - ok
19:13:56.0833 0x12f0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:13:56.0864 0x12f0  PNRPsvc - ok
19:13:56.0942 0x12f0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:13:57.0005 0x12f0  PolicyAgent - ok
19:13:57.0036 0x12f0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:13:57.0083 0x12f0  Power - ok
19:13:57.0129 0x12f0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:13:57.0129 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
19:13:57.0129 0x12f0  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
19:13:59.0579 0x12f0  Detect skipped due to KSN trusted
19:13:59.0579 0x12f0  PptpMiniport - ok
19:13:59.0641 0x12f0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:13:59.0641 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
19:13:59.0641 0x12f0  Processor - detected LockedFile.Multi.Generic ( 1 )
19:14:02.0121 0x12f0  Detect skipped due to KSN trusted
19:14:02.0121 0x12f0  Processor - ok
19:14:02.0215 0x12f0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:14:02.0262 0x12f0  ProfSvc - ok
19:14:02.0277 0x12f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:14:02.0293 0x12f0  ProtectedStorage - ok
19:14:02.0324 0x12f0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:14:02.0324 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
19:14:02.0340 0x12f0  Psched - detected LockedFile.Multi.Generic ( 1 )
19:14:04.0820 0x12f0  Detect skipped due to KSN trusted
19:14:04.0820 0x12f0  Psched - ok
19:14:04.0898 0x12f0  [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:14:04.0898 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: FBF4DB6D53585437E41A113300002A2B, sha256: A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2
19:14:04.0898 0x12f0  PxHlpa64 - detected LockedFile.Multi.Generic ( 1 )
19:14:07.0363 0x12f0  Detect skipped due to KSN trusted
19:14:07.0363 0x12f0  PxHlpa64 - ok
19:14:07.0488 0x12f0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:14:07.0488 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
19:14:07.0488 0x12f0  ql2300 - detected LockedFile.Multi.Generic ( 1 )
19:14:09.0968 0x12f0  Detect skipped due to KSN trusted
19:14:09.0968 0x12f0  ql2300 - ok
19:14:10.0046 0x12f0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:14:10.0046 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
19:14:10.0046 0x12f0  ql40xx - detected LockedFile.Multi.Generic ( 1 )
19:14:12.0511 0x12f0  Detect skipped due to KSN trusted
19:14:12.0511 0x12f0  ql40xx - ok
19:14:12.0589 0x12f0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:14:12.0605 0x12f0  QWAVE - ok
19:14:12.0651 0x12f0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:14:12.0651 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
19:14:12.0651 0x12f0  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
19:14:15.0116 0x12f0  Detect skipped due to KSN trusted
19:14:15.0116 0x12f0  QWAVEdrv - ok
19:14:15.0163 0x12f0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:14:15.0163 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
19:14:15.0163 0x12f0  RasAcd - detected LockedFile.Multi.Generic ( 1 )
19:14:17.0690 0x12f0  Detect skipped due to KSN trusted
19:14:17.0690 0x12f0  RasAcd - ok
19:14:17.0753 0x12f0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:14:17.0753 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
19:14:17.0753 0x12f0  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
19:14:20.0217 0x12f0  Detect skipped due to KSN trusted
19:14:20.0217 0x12f0  RasAgileVpn - ok
19:14:20.0295 0x12f0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:14:20.0389 0x12f0  RasAuto - ok
19:14:20.0420 0x12f0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:14:20.0420 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
19:14:20.0420 0x12f0  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
19:14:22.0885 0x12f0  Detect skipped due to KSN trusted
19:14:22.0885 0x12f0  Rasl2tp - ok
19:14:22.0947 0x12f0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:14:23.0010 0x12f0  RasMan - ok
19:14:23.0041 0x12f0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:14:23.0041 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
19:14:23.0041 0x12f0  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
19:14:25.0490 0x12f0  Detect skipped due to KSN trusted
19:14:25.0490 0x12f0  RasPppoe - ok
19:14:25.0553 0x12f0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:14:25.0553 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
19:14:25.0553 0x12f0  RasSstp - detected LockedFile.Multi.Generic ( 1 )
19:14:28.0033 0x12f0  Detect skipped due to KSN trusted
19:14:28.0033 0x12f0  RasSstp - ok
19:14:28.0111 0x12f0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:14:28.0111 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
19:14:28.0111 0x12f0  rdbss - detected LockedFile.Multi.Generic ( 1 )
19:14:30.0623 0x12f0  Detect skipped due to KSN trusted
19:14:30.0623 0x12f0  rdbss - ok
19:14:30.0670 0x12f0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:14:30.0670 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
19:14:30.0670 0x12f0  rdpbus - detected LockedFile.Multi.Generic ( 1 )
19:14:33.0134 0x12f0  Detect skipped due to KSN trusted
19:14:33.0134 0x12f0  rdpbus - ok
19:14:33.0181 0x12f0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:14:33.0181 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
19:14:33.0181 0x12f0  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
19:14:35.0677 0x12f0  Detect skipped due to KSN trusted
19:14:35.0677 0x12f0  RDPCDD - ok
19:14:35.0740 0x12f0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:14:35.0740 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
19:14:35.0740 0x12f0  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
19:14:38.0204 0x12f0  Detect skipped due to KSN trusted
19:14:38.0204 0x12f0  RDPENCDD - ok
19:14:38.0251 0x12f0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:14:38.0251 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
19:14:38.0251 0x12f0  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
19:14:40.0732 0x12f0  Detect skipped due to KSN trusted
19:14:40.0732 0x12f0  RDPREFMP - ok
19:14:40.0794 0x12f0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:14:40.0794 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
19:14:40.0794 0x12f0  RDPWD - detected LockedFile.Multi.Generic ( 1 )
19:14:43.0274 0x12f0  Detect skipped due to KSN trusted
19:14:43.0274 0x12f0  RDPWD - ok
19:14:43.0368 0x12f0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:14:43.0368 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
19:14:43.0384 0x12f0  rdyboost - detected LockedFile.Multi.Generic ( 1 )
19:14:45.0833 0x12f0  Detect skipped due to KSN trusted
19:14:45.0833 0x12f0  rdyboost - ok
19:14:45.0895 0x12f0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:14:45.0942 0x12f0  RemoteAccess - ok
19:14:45.0989 0x12f0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:14:46.0051 0x12f0  RemoteRegistry - ok
19:14:46.0082 0x12f0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:14:46.0145 0x12f0  RpcEptMapper - ok
19:14:46.0176 0x12f0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:14:46.0207 0x12f0  RpcLocator - ok
19:14:46.0254 0x12f0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:14:46.0301 0x12f0  RpcSs - ok
19:14:46.0348 0x12f0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:14:46.0348 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
19:14:46.0363 0x12f0  rspndr - detected LockedFile.Multi.Generic ( 1 )
19:14:48.0828 0x12f0  Detect skipped due to KSN trusted
19:14:48.0828 0x12f0  rspndr - ok
19:14:48.0875 0x12f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
19:14:48.0906 0x12f0  SamSs - ok
19:14:48.0937 0x12f0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:14:48.0937 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
19:14:48.0937 0x12f0  sbp2port - detected LockedFile.Multi.Generic ( 1 )
19:14:51.0464 0x12f0  Detect skipped due to KSN trusted
19:14:51.0464 0x12f0  sbp2port - ok
19:14:51.0542 0x12f0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:14:51.0605 0x12f0  SCardSvr - ok
19:14:51.0636 0x12f0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:14:51.0636 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
19:14:51.0636 0x12f0  scfilter - detected LockedFile.Multi.Generic ( 1 )
19:14:54.0101 0x12f0  Detect skipped due to KSN trusted
19:14:54.0101 0x12f0  scfilter - ok
19:14:54.0226 0x12f0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:14:54.0304 0x12f0  Schedule - ok
19:14:54.0335 0x12f0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:14:54.0366 0x12f0  SCPolicySvc - ok
19:14:54.0397 0x12f0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:14:54.0428 0x12f0  SDRSVC - ok
19:14:54.0460 0x12f0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:14:54.0460 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
19:14:54.0460 0x12f0  secdrv - detected LockedFile.Multi.Generic ( 1 )
19:14:56.0924 0x12f0  Detect skipped due to KSN trusted
19:14:56.0924 0x12f0  secdrv - ok
19:14:56.0987 0x12f0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:14:57.0065 0x12f0  seclogon - ok
19:14:57.0096 0x12f0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
19:14:57.0143 0x12f0  SENS - ok
19:14:57.0174 0x12f0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:14:57.0221 0x12f0  SensrSvc - ok
19:14:57.0236 0x12f0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:14:57.0236 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
19:14:57.0252 0x12f0  Serenum - detected LockedFile.Multi.Generic ( 1 )
19:14:59.0686 0x12f0  Detect skipped due to KSN trusted
19:14:59.0686 0x12f0  Serenum - ok
19:14:59.0748 0x12f0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:14:59.0748 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
19:14:59.0748 0x12f0  Serial - detected LockedFile.Multi.Generic ( 1 )
19:15:02.0228 0x12f0  Detect skipped due to KSN trusted
19:15:02.0228 0x12f0  Serial - ok
19:15:02.0275 0x12f0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:15:02.0275 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
19:15:02.0275 0x12f0  sermouse - detected LockedFile.Multi.Generic ( 1 )
19:15:04.0771 0x12f0  Detect skipped due to KSN trusted
19:15:04.0771 0x12f0  sermouse - ok
19:15:04.0849 0x12f0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:15:04.0927 0x12f0  SessionEnv - ok
19:15:04.0958 0x12f0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:15:04.0958 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
19:15:04.0958 0x12f0  sffdisk - detected LockedFile.Multi.Generic ( 1 )
19:15:07.0408 0x12f0  Detect skipped due to KSN trusted
19:15:07.0408 0x12f0  sffdisk - ok
19:15:07.0454 0x12f0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:15:07.0454 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
19:15:07.0470 0x12f0  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
19:15:09.0935 0x12f0  Detect skipped due to KSN trusted
19:15:09.0935 0x12f0  sffp_mmc - ok
19:15:09.0982 0x12f0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:15:09.0982 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
19:15:09.0982 0x12f0  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
19:15:12.0446 0x12f0  Detect skipped due to KSN trusted
19:15:12.0446 0x12f0  sffp_sd - ok
19:15:12.0509 0x12f0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:15:12.0509 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
19:15:12.0509 0x12f0  sfloppy - detected LockedFile.Multi.Generic ( 1 )
19:15:14.0989 0x12f0  Detect skipped due to KSN trusted
19:15:14.0989 0x12f0  sfloppy - ok
19:15:15.0114 0x12f0  [ D5183ED285D2795491DC15BDDCBEE5AD, 607D208C730485B445EC80EEE5529A8E2BEF44FE2C8558E71A7FB47B0C8C7B56 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:15:15.0114 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftfslh.sys. md5: D5183ED285D2795491DC15BDDCBEE5AD, sha256: 607D208C730485B445EC80EEE5529A8E2BEF44FE2C8558E71A7FB47B0C8C7B56
19:15:15.0114 0x12f0  Sftfs - detected LockedFile.Multi.Generic ( 1 )
19:15:17.0532 0x12f0  Detect skipped due to KSN trusted
19:15:17.0532 0x12f0  Sftfs - ok
19:15:17.0657 0x12f0  [ BFDB58616FF5EA540A5F58301D50641E, AFBF163938237C7E2578690BE71001016AF7FF61CD84594E7D76CDCBBD1FF4BD ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:15:17.0688 0x12f0  sftlist - ok
19:15:17.0750 0x12f0  [ 00F118B68C50D2206DD51634F9142B83, 5C5913ED0E3551DD5FD881830A6F7DBAEB0E9FA3904EE3BB13D8F1DA346EBCE7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:15:17.0750 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftplaylh.sys. md5: 00F118B68C50D2206DD51634F9142B83, sha256: 5C5913ED0E3551DD5FD881830A6F7DBAEB0E9FA3904EE3BB13D8F1DA346EBCE7
19:15:17.0750 0x12f0  Sftplay - detected LockedFile.Multi.Generic ( 1 )
19:15:20.0278 0x12f0  Detect skipped due to KSN trusted
19:15:20.0278 0x12f0  Sftplay - ok
19:15:20.0340 0x12f0  [ 76A827DF5640BFE16A0CDBB4108ADECA, E7D333A251E0F0DA729DA3CBE6B0F1E5DE2EE585E8B87B5EC78E78E129CA1112 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:15:20.0340 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftredirlh.sys. md5: 76A827DF5640BFE16A0CDBB4108ADECA, sha256: E7D333A251E0F0DA729DA3CBE6B0F1E5DE2EE585E8B87B5EC78E78E129CA1112
19:15:20.0340 0x12f0  Sftredir - detected LockedFile.Multi.Generic ( 1 )
19:15:22.0820 0x12f0  Detect skipped due to KSN trusted
19:15:22.0820 0x12f0  Sftredir - ok
19:15:22.0836 0x12f0  [ 1B4C9701645086BAB8CAFFFCE30ED284, B95C995EEB573B5C3D00DBA9D439CACCF3D3C9593E568D2D0F44245E7B09E3F5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:15:22.0836 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftvollh.sys. md5: 1B4C9701645086BAB8CAFFFCE30ED284, sha256: B95C995EEB573B5C3D00DBA9D439CACCF3D3C9593E568D2D0F44245E7B09E3F5
19:15:22.0836 0x12f0  Sftvol - detected LockedFile.Multi.Generic ( 1 )
19:15:25.0286 0x12f0  Detect skipped due to KSN trusted
19:15:25.0286 0x12f0  Sftvol - ok
19:15:25.0364 0x12f0  [ B94C3C4DCA2093243C76CA218EDE2A97, 4D376F825AEEFD8F1BCE48180471C75BDA655B2D8BE6E4205E327D14D797DBF2 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:15:25.0411 0x12f0  sftvsa - ok
19:15:25.0458 0x12f0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:15:25.0505 0x12f0  SharedAccess - ok
19:15:25.0567 0x12f0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:15:25.0629 0x12f0  ShellHWDetection - ok
19:15:25.0645 0x12f0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:15:25.0645 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
19:15:25.0645 0x12f0  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
19:15:28.0110 0x12f0  Detect skipped due to KSN trusted
19:15:28.0110 0x12f0  SiSRaid2 - ok
19:15:28.0188 0x12f0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:15:28.0188 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
19:15:28.0188 0x12f0  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
19:15:30.0684 0x12f0  Detect skipped due to KSN trusted
19:15:30.0684 0x12f0  SiSRaid4 - ok
19:15:30.0731 0x12f0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:15:30.0731 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
19:15:30.0746 0x12f0  Smb - detected LockedFile.Multi.Generic ( 1 )
19:15:33.0211 0x12f0  Detect skipped due to KSN trusted
19:15:33.0211 0x12f0  Smb - ok
19:15:33.0289 0x12f0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:15:33.0320 0x12f0  SNMPTRAP - ok
19:15:33.0351 0x12f0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:15:33.0367 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
19:15:33.0367 0x12f0  spldr - detected LockedFile.Multi.Generic ( 1 )
19:15:35.0816 0x12f0  Detect skipped due to KSN trusted
19:15:35.0816 0x12f0  spldr - ok
19:15:35.0910 0x12f0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:15:36.0003 0x12f0  Spooler - ok
19:15:36.0191 0x12f0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:15:36.0440 0x12f0  sppsvc - ok
19:15:36.0471 0x12f0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:15:36.0534 0x12f0  sppuinotify - ok
19:15:36.0549 0x12f0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:15:36.0565 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
19:15:36.0565 0x12f0  srv - detected LockedFile.Multi.Generic ( 1 )
19:15:39.0014 0x12f0  Detect skipped due to KSN trusted
19:15:39.0014 0x12f0  srv - ok
19:15:39.0139 0x12f0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:15:39.0139 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
19:15:39.0139 0x12f0  srv2 - detected LockedFile.Multi.Generic ( 1 )
19:15:41.0635 0x12f0  Detect skipped due to KSN trusted
19:15:41.0635 0x12f0  srv2 - ok
19:15:41.0729 0x12f0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:15:41.0729 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
19:15:41.0729 0x12f0  srvnet - detected LockedFile.Multi.Generic ( 1 )
19:15:44.0178 0x12f0  Detect skipped due to KSN trusted
19:15:44.0178 0x12f0  srvnet - ok
19:15:44.0225 0x12f0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:15:44.0303 0x12f0  SSDPSRV - ok
19:15:44.0318 0x12f0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:15:44.0365 0x12f0  SstpSvc - ok
19:15:44.0396 0x12f0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:15:44.0396 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
19:15:44.0396 0x12f0  stexstor - detected LockedFile.Multi.Generic ( 1 )
19:15:47.0001 0x12f0  Detect skipped due to KSN trusted
19:15:47.0001 0x12f0  stexstor - ok
19:15:47.0064 0x12f0  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:15:47.0064 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serscan.sys. md5: DECACB6921DED1A38642642685D77DAC, sha256: 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC
19:15:47.0064 0x12f0  StillCam - detected LockedFile.Multi.Generic ( 1 )
19:15:49.0544 0x12f0  Detect skipped due to KSN trusted
19:15:49.0544 0x12f0  StillCam - ok
19:15:49.0669 0x12f0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:15:49.0731 0x12f0  stisvc - ok
19:15:49.0747 0x12f0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:15:49.0747 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
19:15:49.0763 0x12f0  swenum - detected LockedFile.Multi.Generic ( 1 )
19:15:52.0321 0x12f0  Detect skipped due to KSN trusted
19:15:52.0321 0x12f0  swenum - ok
19:15:52.0415 0x12f0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:15:52.0493 0x12f0  swprv - ok
19:15:52.0571 0x12f0  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:15:52.0571 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: ED6D1424E5B0C21A57B28DD8508D6843, sha256: EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9
19:15:52.0571 0x12f0  SynTP - detected LockedFile.Multi.Generic ( 1 )
19:15:55.0207 0x12f0  Detect skipped due to KSN trusted
19:15:55.0207 0x12f0  SynTP - ok
19:15:55.0363 0x12f0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:15:55.0441 0x12f0  SysMain - ok
19:15:55.0472 0x12f0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:15:55.0503 0x12f0  TabletInputService - ok
19:15:55.0550 0x12f0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:15:55.0597 0x12f0  TapiSrv - ok
19:15:55.0628 0x12f0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:15:55.0706 0x12f0  TBS - ok
19:15:55.0815 0x12f0  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:15:55.0815 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: B62A953F2BF3922C8764A29C34A22899, sha256: 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901
19:15:55.0831 0x12f0  Tcpip - detected LockedFile.Multi.Generic ( 1 )
19:15:58.0389 0x12f0  Detect skipped due to KSN trusted
19:15:58.0389 0x12f0  Tcpip - ok
19:15:58.0530 0x12f0  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:15:58.0530 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: B62A953F2BF3922C8764A29C34A22899, sha256: 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901
19:15:58.0545 0x12f0  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
19:15:58.0545 0x12f0  Detect skipped due to KSN trusted
19:15:58.0545 0x12f0  TCPIP6 - ok
19:15:58.0592 0x12f0  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:15:58.0592 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519, sha256: 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784
19:15:58.0592 0x12f0  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
19:16:01.0057 0x12f0  Detect skipped due to KSN trusted
19:16:01.0057 0x12f0  tcpipreg - ok
19:16:01.0104 0x12f0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:16:01.0104 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
19:16:01.0104 0x12f0  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
19:16:03.0584 0x12f0  Detect skipped due to KSN trusted
19:16:03.0584 0x12f0  TDPIPE - ok
19:16:03.0647 0x12f0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:16:03.0647 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
19:16:03.0647 0x12f0  TDTCP - detected LockedFile.Multi.Generic ( 1 )
19:16:06.0127 0x12f0  Detect skipped due to KSN trusted
19:16:06.0127 0x12f0  TDTCP - ok
19:16:06.0189 0x12f0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:16:06.0189 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
19:16:06.0189 0x12f0  tdx - detected LockedFile.Multi.Generic ( 1 )
19:16:08.0701 0x12f0  Detect skipped due to KSN trusted
19:16:08.0701 0x12f0  tdx - ok
19:16:08.0826 0x12f0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:16:08.0826 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
19:16:08.0826 0x12f0  TermDD - detected LockedFile.Multi.Generic ( 1 )
19:16:11.0306 0x12f0  Detect skipped due to KSN trusted
19:16:11.0306 0x12f0  TermDD - ok
19:16:11.0400 0x12f0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
19:16:11.0478 0x12f0  TermService - ok
19:16:11.0509 0x12f0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:16:11.0556 0x12f0  Themes - ok
19:16:11.0571 0x12f0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:16:11.0603 0x12f0  THREADORDER - ok
19:16:11.0649 0x12f0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:16:11.0712 0x12f0  TrkWks - ok
19:16:11.0790 0x12f0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:16:11.0852 0x12f0  TrustedInstaller - ok
19:16:11.0883 0x12f0  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:11.0883 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30, sha256: CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC
19:16:11.0883 0x12f0  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
19:16:14.0333 0x12f0  Detect skipped due to KSN trusted
19:16:14.0333 0x12f0  tssecsrv - ok
19:16:14.0395 0x12f0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:16:14.0395 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
19:16:14.0395 0x12f0  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
19:16:16.0860 0x12f0  Detect skipped due to KSN trusted
19:16:16.0860 0x12f0  TsUsbFlt - ok
19:16:16.0969 0x12f0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:16:16.0969 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
19:16:16.0969 0x12f0  tunnel - detected LockedFile.Multi.Generic ( 1 )
19:16:19.0434 0x12f0  Detect skipped due to KSN trusted
19:16:19.0434 0x12f0  tunnel - ok
19:16:19.0481 0x12f0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:16:19.0481 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
19:16:19.0481 0x12f0  uagp35 - detected LockedFile.Multi.Generic ( 1 )
19:16:21.0946 0x12f0  Detect skipped due to KSN trusted
19:16:21.0946 0x12f0  uagp35 - ok
19:16:22.0008 0x12f0  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
19:16:22.0008 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\UBHelper.sys. md5: 2E22C1FD397A5A9FFEF55E9D1FC96C00, sha256: 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D
19:16:22.0008 0x12f0  UBHelper - detected LockedFile.Multi.Generic ( 1 )
19:16:24.0473 0x12f0  Detect skipped due to KSN trusted
19:16:24.0473 0x12f0  UBHelper - ok
19:16:24.0660 0x12f0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:16:24.0676 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
19:16:24.0676 0x12f0  udfs - detected LockedFile.Multi.Generic ( 1 )
19:16:27.0203 0x12f0  Detect skipped due to KSN trusted
19:16:27.0203 0x12f0  udfs - ok
19:16:27.0281 0x12f0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:16:27.0296 0x12f0  UI0Detect - ok
19:16:27.0328 0x12f0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:16:27.0328 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
19:16:27.0328 0x12f0  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
19:16:29.0792 0x12f0  Detect skipped due to KSN trusted
19:16:29.0792 0x12f0  uliagpkx - ok
19:16:29.0886 0x12f0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:16:29.0886 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
19:16:29.0886 0x12f0  umbus - detected LockedFile.Multi.Generic ( 1 )
19:16:32.0320 0x12f0  Detect skipped due to KSN trusted
19:16:32.0320 0x12f0  umbus - ok
19:16:32.0366 0x12f0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:16:32.0382 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
19:16:32.0382 0x12f0  UmPass - detected LockedFile.Multi.Generic ( 1 )
19:16:34.0831 0x12f0  Detect skipped due to KSN trusted
19:16:34.0831 0x12f0  UmPass - ok
19:16:34.0925 0x12f0  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
19:16:34.0956 0x12f0  Updater Service - ok
19:16:35.0003 0x12f0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:16:35.0050 0x12f0  upnphost - ok
19:16:35.0112 0x12f0  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:16:35.0112 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: FB251567F41BC61988B26731DEC19E4B, sha256: 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2
19:16:35.0112 0x12f0  USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
19:16:37.0904 0x12f0  Detect skipped due to KSN trusted
19:16:37.0904 0x12f0  USBAAPL64 - ok
19:16:37.0967 0x12f0  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:16:37.0967 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C, sha256: 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12
19:16:37.0967 0x12f0  usbccgp - detected LockedFile.Multi.Generic ( 1 )
19:16:40.0416 0x12f0  Detect skipped due to KSN trusted
19:16:40.0416 0x12f0  usbccgp - ok
19:16:40.0478 0x12f0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:16:40.0478 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
19:16:40.0478 0x12f0  usbcir - detected LockedFile.Multi.Generic ( 1 )
19:16:42.0974 0x12f0  Detect skipped due to KSN trusted
19:16:42.0974 0x12f0  usbcir - ok
19:16:43.0037 0x12f0  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:16:43.0037 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B, sha256: D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9
19:16:43.0037 0x12f0  usbehci - detected LockedFile.Multi.Generic ( 1 )
19:16:45.0486 0x12f0  Detect skipped due to KSN trusted
19:16:45.0486 0x12f0  usbehci - ok
19:16:45.0564 0x12f0  [ 2C780746DC44A28FE67004DC58173F05, 9E0596CE35C7430A31A7E77B4D12A1F521B9ED8EB0614E6FB38403AC614C3EE3 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
19:16:45.0564 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbfilter.sys. md5: 2C780746DC44A28FE67004DC58173F05, sha256: 9E0596CE35C7430A31A7E77B4D12A1F521B9ED8EB0614E6FB38403AC614C3EE3
19:16:45.0564 0x12f0  usbfilter - detected LockedFile.Multi.Generic ( 1 )
19:16:48.0029 0x12f0  Detect skipped due to KSN trusted
19:16:48.0029 0x12f0  usbfilter - ok
19:16:48.0107 0x12f0  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:16:48.0107 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24, sha256: 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E
19:16:48.0107 0x12f0  usbhub - detected LockedFile.Multi.Generic ( 1 )
19:16:50.0572 0x12f0  Detect skipped due to KSN trusted
19:16:50.0572 0x12f0  usbhub - ok
19:16:50.0618 0x12f0  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:16:50.0618 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31, sha256: 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0
19:16:50.0618 0x12f0  usbohci - detected LockedFile.Multi.Generic ( 1 )
19:16:53.0052 0x12f0  Detect skipped due to KSN trusted
19:16:53.0052 0x12f0  usbohci - ok
19:16:53.0114 0x12f0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:16:53.0114 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
19:16:53.0114 0x12f0  usbprint - detected LockedFile.Multi.Generic ( 1 )
19:16:55.0657 0x12f0  Detect skipped due to KSN trusted
19:16:55.0657 0x12f0  usbprint - ok
19:16:55.0704 0x12f0  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:16:55.0720 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0, sha256: 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42
19:16:55.0720 0x12f0  usbscan - detected LockedFile.Multi.Generic ( 1 )
19:16:58.0200 0x12f0  Detect skipped due to KSN trusted
19:16:58.0200 0x12f0  usbscan - ok
19:16:58.0247 0x12f0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:58.0247 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
19:16:58.0247 0x12f0  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
19:17:00.0727 0x12f0  Detect skipped due to KSN trusted
19:17:00.0727 0x12f0  USBSTOR - ok
19:17:00.0821 0x12f0  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:17:00.0821 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD, sha256: C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25
19:17:00.0821 0x12f0  usbuhci - detected LockedFile.Multi.Generic ( 1 )
19:17:03.0286 0x12f0  Detect skipped due to KSN trusted
19:17:03.0286 0x12f0  usbuhci - ok
19:17:03.0364 0x12f0  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:17:03.0364 0x12f0  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50, sha256: 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44
19:17:03.0364 0x12f0  usbvideo - detected LockedFile.Multi.Generic ( 1 )
19:17:05.0984 0x12f0  Detect skipped due to KSN trusted
19:17:05.0984 0x12f0  usbvideo - ok
19:17:06.0047 0x12f0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:17:06.0109 0x12f0  UxSms - ok
19:17:06.0140 0x12f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
19:17:06.0156 0x12f0  VaultSvc - ok
19:17:06.0187 0x12f0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:17:06.0187 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
19:17:06.0187 0x12f0  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
19:17:08.0636 0x12f0  Detect skipped due to KSN trusted
19:17:08.0636 0x12f0  vdrvroot - ok
19:17:08.0746 0x12f0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:17:08.0824 0x12f0  vds - ok
19:17:08.0886 0x12f0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:08.0886 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
19:17:08.0886 0x12f0  vga - detected LockedFile.Multi.Generic ( 1 )
19:17:11.0366 0x12f0  Detect skipped due to KSN trusted
19:17:11.0366 0x12f0  vga - ok
19:17:11.0398 0x12f0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:17:11.0398 0x12f0  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
19:17:11.0398 0x12f0  VgaSave - detected LockedFile.Multi.Generic ( 1 )
19:17:14.0050 0x12f0  Detect skipped due to KSN trusted
19:17:14.0050 0x12f0  VgaSave - ok
19:17:14.0143 0x12f0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:17:14.0143 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
19:17:14.0143 0x12f0  vhdmp - detected LockedFile.Multi.Generic ( 1 )
19:17:16.0608 0x12f0  Detect skipped due to KSN trusted
19:17:16.0608 0x12f0  vhdmp - ok
19:17:16.0670 0x12f0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:17:16.0670 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
19:17:16.0670 0x12f0  viaide - detected LockedFile.Multi.Generic ( 1 )
19:17:19.0135 0x12f0  Detect skipped due to KSN trusted
19:17:19.0135 0x12f0  viaide - ok
19:17:19.0182 0x12f0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:17:19.0182 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
19:17:19.0182 0x12f0  volmgr - detected LockedFile.Multi.Generic ( 1 )
19:17:21.0647 0x12f0  Detect skipped due to KSN trusted
19:17:21.0647 0x12f0  volmgr - ok
19:17:21.0725 0x12f0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:17:21.0725 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
19:17:21.0725 0x12f0  volmgrx - detected LockedFile.Multi.Generic ( 1 )
19:17:24.0174 0x12f0  Detect skipped due to KSN trusted
19:17:24.0174 0x12f0  volmgrx - ok
19:17:24.0236 0x12f0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:17:24.0236 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
19:17:24.0236 0x12f0  volsnap - detected LockedFile.Multi.Generic ( 1 )
19:17:26.0701 0x12f0  Detect skipped due to KSN trusted
19:17:26.0701 0x12f0  volsnap - ok
19:17:26.0732 0x12f0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:17:26.0732 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
19:17:26.0732 0x12f0  vsmraid - detected LockedFile.Multi.Generic ( 1 )
19:17:29.0166 0x12f0  Detect skipped due to KSN trusted
19:17:29.0166 0x12f0  vsmraid - ok
19:17:29.0306 0x12f0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:17:29.0447 0x12f0  VSS - ok
19:17:29.0478 0x12f0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:17:29.0478 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
19:17:29.0478 0x12f0  vwifibus - detected LockedFile.Multi.Generic ( 1 )
19:17:31.0927 0x12f0  Detect skipped due to KSN trusted
19:17:31.0927 0x12f0  vwifibus - ok
19:17:31.0958 0x12f0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:17:31.0958 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
19:17:31.0958 0x12f0  vwififlt - detected LockedFile.Multi.Generic ( 1 )
19:17:34.0423 0x12f0  Detect skipped due to KSN trusted
19:17:34.0423 0x12f0  vwififlt - ok
19:17:34.0486 0x12f0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:17:34.0595 0x12f0  W32Time - ok
19:17:34.0626 0x12f0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:17:34.0626 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
19:17:34.0626 0x12f0  WacomPen - detected LockedFile.Multi.Generic ( 1 )
19:17:37.0075 0x12f0  Detect skipped due to KSN trusted
19:17:37.0075 0x12f0  WacomPen - ok
19:17:37.0138 0x12f0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:17:37.0138 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:17:37.0138 0x12f0  WANARP - detected LockedFile.Multi.Generic ( 1 )
19:17:39.0587 0x12f0  Detect skipped due to KSN trusted
19:17:39.0587 0x12f0  WANARP - ok
19:17:39.0634 0x12f0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:17:39.0634 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:17:39.0634 0x12f0  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
19:17:39.0634 0x12f0  Detect skipped due to KSN trusted
19:17:39.0634 0x12f0  Wanarpv6 - ok
19:17:39.0665 0x12f0  [ ECEB715BECE47E101DDEC06B11126066, 6BD577D6EABD48B1BA31955DB3DEEE68528EA54375CA64D233B723D161B45CBA ] wanatw          C:\Windows\system32\DRIVERS\wanatw64.sys
19:17:39.0665 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanatw64.sys. md5: ECEB715BECE47E101DDEC06B11126066, sha256: 6BD577D6EABD48B1BA31955DB3DEEE68528EA54375CA64D233B723D161B45CBA
19:17:39.0665 0x12f0  wanatw - detected LockedFile.Multi.Generic ( 1 )
19:17:42.0130 0x12f0  Detect skipped due to KSN trusted
19:17:42.0130 0x12f0  wanatw - ok
19:17:42.0254 0x12f0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:17:42.0348 0x12f0  wbengine - ok
19:17:42.0395 0x12f0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:17:42.0442 0x12f0  WbioSrvc - ok
19:17:42.0473 0x12f0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:17:42.0504 0x12f0  wcncsvc - ok
19:17:42.0535 0x12f0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:17:42.0566 0x12f0  WcsPlugInService - ok
19:17:42.0598 0x12f0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:17:42.0598 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
19:17:42.0598 0x12f0  Wd - detected LockedFile.Multi.Generic ( 1 )
19:17:45.0062 0x12f0  Detect skipped due to KSN trusted
19:17:45.0062 0x12f0  Wd - ok
19:17:45.0156 0x12f0  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:17:45.0156 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
19:17:45.0156 0x12f0  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
19:17:47.0590 0x12f0  Detect skipped due to KSN trusted
19:17:47.0590 0x12f0  Wdf01000 - ok
19:17:47.0652 0x12f0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:17:47.0761 0x12f0  WdiServiceHost - ok
19:17:47.0777 0x12f0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:17:47.0792 0x12f0  WdiSystemHost - ok
19:17:47.0824 0x12f0  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
19:17:47.0870 0x12f0  WebClient - ok
19:17:47.0886 0x12f0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:17:47.0948 0x12f0  Wecsvc - ok
19:17:47.0980 0x12f0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:17:48.0026 0x12f0  wercplsupport - ok
19:17:48.0058 0x12f0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:17:48.0104 0x12f0  WerSvc - ok
19:17:48.0151 0x12f0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:17:48.0151 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
19:17:48.0167 0x12f0  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
19:17:50.0663 0x12f0  Detect skipped due to KSN trusted
19:17:50.0663 0x12f0  WfpLwf - ok
19:17:50.0710 0x12f0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:17:50.0710 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
19:17:50.0710 0x12f0  WIMMount - detected LockedFile.Multi.Generic ( 1 )
19:17:53.0174 0x12f0  Detect skipped due to KSN trusted
19:17:53.0174 0x12f0  WIMMount - ok
19:17:53.0221 0x12f0  WinDefend - ok
19:17:53.0237 0x12f0  WinHttpAutoProxySvc - ok
19:17:53.0299 0x12f0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:17:53.0346 0x12f0  Winmgmt - ok
19:17:53.0471 0x12f0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:17:53.0627 0x12f0  WinRM - ok
19:17:53.0705 0x12f0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:17:53.0705 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
19:17:53.0705 0x12f0  WinUsb - detected LockedFile.Multi.Generic ( 1 )
19:17:56.0154 0x12f0  Detect skipped due to KSN trusted
19:17:56.0154 0x12f0  WinUsb - ok
19:17:56.0248 0x12f0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:17:56.0310 0x12f0  Wlansvc - ok
19:17:56.0341 0x12f0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:17:56.0341 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
19:17:56.0341 0x12f0  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
19:17:58.0790 0x12f0  Detect skipped due to KSN trusted
19:17:58.0790 0x12f0  WmiAcpi - ok
19:17:58.0868 0x12f0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:17:58.0931 0x12f0  wmiApSrv - ok
19:17:58.0962 0x12f0  WMPNetworkSvc - ok
19:17:58.0993 0x12f0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:17:59.0024 0x12f0  WPCSvc - ok
19:17:59.0056 0x12f0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:17:59.0087 0x12f0  WPDBusEnum - ok
19:17:59.0118 0x12f0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:17:59.0118 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
19:17:59.0118 0x12f0  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
19:18:01.0598 0x12f0  Detect skipped due to KSN trusted
19:18:01.0598 0x12f0  ws2ifsl - ok
19:18:01.0645 0x12f0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
19:18:01.0692 0x12f0  wscsvc - ok
19:18:01.0692 0x12f0  WSearch - ok
19:18:01.0848 0x12f0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:18:01.0988 0x12f0  wuauserv - ok
19:18:02.0035 0x12f0  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:18:02.0035 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C, sha256: 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9
19:18:02.0035 0x12f0  WudfPf - detected LockedFile.Multi.Generic ( 1 )
19:18:04.0484 0x12f0  Detect skipped due to KSN trusted
19:18:04.0484 0x12f0  WudfPf - ok
19:18:04.0531 0x12f0  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:04.0531 0x12f0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682, sha256: FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF
19:18:04.0531 0x12f0  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
19:18:06.0980 0x12f0  Detect skipped due to KSN trusted
19:18:06.0980 0x12f0  WUDFRd - ok
19:18:07.0043 0x12f0  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:18:07.0090 0x12f0  wudfsvc - ok
19:18:07.0152 0x12f0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:18:07.0199 0x12f0  WwanSvc - ok
19:18:07.0214 0x12f0  ================ Scan global ===============================
19:18:07.0261 0x12f0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:18:07.0292 0x12f0  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
19:18:07.0324 0x12f0  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
19:18:07.0355 0x12f0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:18:07.0402 0x12f0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:18:07.0402 0x12f0  [ Global ] - ok
19:18:07.0402 0x12f0  ================ Scan MBR ==================================
19:18:07.0417 0x12f0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:18:07.0885 0x12f0  \Device\Harddisk0\DR0 - ok
19:18:07.0885 0x12f0  ================ Scan VBR ==================================
19:18:07.0885 0x12f0  [ 4B6644EFE62D91082CF16C90B3549444 ] \Device\Harddisk0\DR0\Partition1
19:18:07.0901 0x12f0  \Device\Harddisk0\DR0\Partition1 - ok
19:18:07.0901 0x12f0  [ 27F5C2BD49B2DB95C9923D3E0AC1683C ] \Device\Harddisk0\DR0\Partition2
19:18:07.0901 0x12f0  \Device\Harddisk0\DR0\Partition2 - ok
19:18:07.0901 0x12f0  ================ Scan generic autorun ======================
19:18:07.0994 0x12f0  [ 220BC54C446F88CFAAD689CCBDE591E3, C86E1B9E407E7C29B9977EBDE6CFA2BCB1E22BB88A51B5FD723A013E807B593C ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
19:18:08.0041 0x12f0  AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
19:18:10.0506 0x12f0  Detect skipped due to KSN trusted
19:18:10.0506 0x12f0  AmIcoSinglun64 - ok
19:18:10.0974 0x12f0  [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:18:11.0286 0x12f0  RtHDVCpl - ok
19:18:11.0302 0x12f0  SynTPEnh - ok
19:18:11.0426 0x12f0  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
19:18:11.0458 0x12f0  Acer ePower Management - ok
19:18:11.0520 0x12f0  [ 0600CB2613BEA0C6C0987B58D56D77B9, BFA2AC5BBC90E49A7A1C4D890C79ED4A757CB4C9C8215174F51430962BF346F4 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
19:18:11.0536 0x12f0  Adobe Reader Speed Launcher - ok
19:18:11.0598 0x12f0  [ 7058789A404F46A351D6229954CA3E19, 5E7991D75E344C5891B0848F625FF716C0DFBA54453A9481F3447F16622B21FB ] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
19:18:11.0614 0x12f0  BackupManagerTray - ok
19:18:11.0692 0x12f0  [ 21EE540CC1AC0F16E34BE3D84BF93269, 1A4F67879043DCD622F9280E359D9BB189EF1C2FF23FB101606808740EA25B42 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:18:11.0723 0x12f0  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
19:18:14.0156 0x12f0  Detect skipped due to KSN trusted
19:18:14.0156 0x12f0  StartCCC - ok
19:18:14.0281 0x12f0  [ 38218E47372B77DDB3C9DDD4390CB960, C665FCFE08A4C1F9C3FBA73A220AAB7344C2BF203B62FAB76EF1F659A78F007C ] C:\Program Files (x86)\Launch Manager\LManager.exe
19:18:14.0312 0x12f0  LManager - ok
19:18:14.0406 0x12f0  [ C482C535CBFEFE722EC1EB7F11F680A3, D7374A4BFEF274F7E33FDA40AA8ED8D8F78448E745A27032FE80475D5B1FAA63 ] C:\Program Files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe
19:18:14.0422 0x12f0  HostManager - ok
19:18:14.0515 0x12f0  [ B63E5C7807334A3A8F731062F15462CC, F4E501F749C10C44E8F501A34D8DD309892968BE70DA17734267BBCDDC351444 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:18:14.0546 0x12f0  Adobe ARM - ok
19:18:14.0609 0x12f0  [ 13E7CFE8E269ED15E7FC9C3EBBCB7E2B, 3B64263BA305F094B09B1961621C50CA6F9771F80CAC9F916B18BB0C7753A662 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:18:14.0671 0x12f0  SunJavaUpdateSched - ok
19:18:14.0718 0x12f0  [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:18:14.0734 0x12f0  APSDaemon - ok
19:18:14.0796 0x12f0  [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
19:18:14.0812 0x12f0  iTunesHelper - ok
19:18:14.0905 0x12f0  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
19:18:14.0921 0x12f0  HP Software Update - ok
19:18:15.0092 0x12f0  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
19:18:15.0170 0x12f0  HP Officejet 6600 (NET) - ok
19:18:15.0186 0x12f0  Waiting for KSN requests completion. In queue: 12
19:18:16.0201 0x12f0  Waiting for KSN requests completion. In queue: 12
19:18:17.0215 0x12f0  Waiting for KSN requests completion. In queue: 12
19:18:18.0276 0x12f0  Win FW state via NFP2: enabled
19:18:20.0772 0x12f0  ============================================================
19:18:20.0772 0x12f0  Scan finished
19:18:20.0772 0x12f0  ============================================================
19:18:20.0788 0x12e8  Detected object count: 1
19:18:20.0788 0x12e8  Actual detected object count: 1
19:18:58.0196 0x12e8  d14786642ba85cc9 ( Rootkit.Win32.Necurs.gen ) - skipped by user
19:18:58.0196 0x12e8  d14786642ba85cc9 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
19:19:11.0675 0x0c78  Deinitialize success

schrauber · 24.02.2015, 07:09

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Drücke auf Start Scan.
Mache während dem Scan nichts am Rechner
Gehe sicher das Cure ( default ) angehackt ist !
Drücke Continue --> Reboot.

TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Dann bitte nochmal mit TDSSKiller und FRST scannen.

AB12398 · 24.02.2015, 20:49

anbei die Logs

tdsskiller

Code:

ATTFilter

20:12:10.0244 0x0c84  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:12:11.0617 0x0c84  ============================================================
20:12:11.0617 0x0c84  Current date / time: 2015/02/24 20:12:11.0617
20:12:11.0617 0x0c84  SystemInfo:
20:12:11.0617 0x0c84  
20:12:11.0617 0x0c84  OS Version: 6.1.7601 ServicePack: 1.0
20:12:11.0617 0x0c84  Product type: Workstation
20:12:11.0617 0x0c84  ComputerName: LÄPPI
20:12:11.0632 0x0c84  UserName: Sonja
20:12:11.0632 0x0c84  Windows directory: C:\Windows
20:12:11.0632 0x0c84  System windows directory: C:\Windows
20:12:11.0632 0x0c84  Running under WOW64
20:12:11.0632 0x0c84  Processor architecture: Intel x64
20:12:11.0632 0x0c84  Number of processors: 2
20:12:11.0632 0x0c84  Page size: 0x1000
20:12:11.0632 0x0c84  Boot type: Normal boot
20:12:11.0632 0x0c84  ============================================================
20:12:11.0648 0x0c84  BG loaded
20:12:12.0990 0x0c84  System UUID: {9F91DFD5-448C-25BA-227A-F782D0011505}
20:12:14.0660 0x0c84  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:12:14.0675 0x0c84  ============================================================
20:12:14.0675 0x0c84  \Device\Harddisk0\DR0:
20:12:14.0675 0x0c84  MBR partitions:
20:12:14.0675 0x0c84  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
20:12:14.0675 0x0c84  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
20:12:14.0675 0x0c84  ============================================================
20:12:14.0769 0x0c84  C: <-> \Device\Harddisk0\DR0\Partition2
20:12:14.0769 0x0c84  ============================================================
20:12:14.0769 0x0c84  Initialize success
20:12:14.0769 0x0c84  ============================================================
20:12:32.0609 0x0e4c  ============================================================
20:12:32.0609 0x0e4c  Scan started
20:12:32.0609 0x0e4c  Mode: Manual; SigCheck; TDLFS; 
20:12:32.0609 0x0e4c  ============================================================
20:12:32.0609 0x0e4c  KSN ping started
20:12:35.0495 0x0e4c  KSN ping finished: true
20:12:39.0722 0x0e4c  ================ Scan system memory ========================
20:12:39.0722 0x0e4c  System memory - ok
20:12:39.0722 0x0e4c  ================ Scan services =============================
20:12:40.0003 0x0e4c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:12:54.0636 0x0e4c  1394ohci - ok
20:12:54.0839 0x0e4c  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
20:12:54.0870 0x0e4c  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
20:12:54.0932 0x0e4c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:12:54.0948 0x0e4c  ACPI - ok
20:12:54.0979 0x0e4c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:12:55.0104 0x0e4c  AcpiPmi - ok
20:12:55.0229 0x0e4c  [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
20:12:55.0260 0x0e4c  AdobeActiveFileMonitor8.0 - ok
20:12:55.0416 0x0e4c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:55.0447 0x0e4c  adp94xx - ok
20:12:55.0510 0x0e4c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:12:55.0556 0x0e4c  adpahci - ok
20:12:55.0572 0x0e4c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:12:55.0588 0x0e4c  adpu320 - ok
20:12:55.0650 0x0e4c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:12:55.0837 0x0e4c  AeLookupSvc - ok
20:12:55.0915 0x0e4c  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
20:12:55.0993 0x0e4c  AFD - ok
20:12:56.0056 0x0e4c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:12:56.0056 0x0e4c  agp440 - ok
20:12:56.0118 0x0e4c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:12:56.0196 0x0e4c  ALG - ok
20:12:56.0243 0x0e4c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:12:56.0243 0x0e4c  aliide - ok
20:12:56.0321 0x0e4c  [ 61A18BCAF557CD6614309E4978B81056, 4481B4276E7F6790D7BF4D9DC3C172BCA037BF6A30D5CE4E0190585F669FA4EC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:12:56.0461 0x0e4c  AMD External Events Utility - ok
20:12:56.0508 0x0e4c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:12:56.0539 0x0e4c  amdide - ok
20:12:56.0586 0x0e4c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:12:56.0664 0x0e4c  AmdK8 - ok
20:12:57.0850 0x0e4c  [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:12:58.0130 0x0e4c  amdkmdag - ok
20:12:58.0208 0x0e4c  [ ED25D58581B5A28593C277F482FCCD62, EC20DF155BA3814A052DD4DB1B5C220A75E68B9D88518ED676A12CF70AF619F5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:12:58.0271 0x0e4c  amdkmdap - ok
20:12:58.0302 0x0e4c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:12:58.0333 0x0e4c  AmdPPM - ok
20:12:58.0396 0x0e4c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:12:58.0427 0x0e4c  amdsata - ok
20:12:58.0489 0x0e4c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:58.0520 0x0e4c  amdsbs - ok
20:12:58.0552 0x0e4c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:12:58.0567 0x0e4c  amdxata - ok
20:12:58.0614 0x0e4c  [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
20:12:58.0676 0x0e4c  AmUStor - ok
20:12:58.0786 0x0e4c  [ 85180CF88C5EBAD73B452A43A004CA51, 24D25495DC21293FC1F37EE7E7C2A4725E66D3D25BE05D7EDF4BB4F444C65526 ] AOL ACS         C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
20:12:58.0817 0x0e4c  AOL ACS - ok
20:12:58.0864 0x0e4c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:12:59.0082 0x0e4c  AppID - ok
20:12:59.0113 0x0e4c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:12:59.0176 0x0e4c  AppIDSvc - ok
20:12:59.0222 0x0e4c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:12:59.0300 0x0e4c  Appinfo - ok
20:12:59.0394 0x0e4c  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:12:59.0425 0x0e4c  Apple Mobile Device - ok
20:12:59.0472 0x0e4c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:12:59.0488 0x0e4c  arc - ok
20:12:59.0503 0x0e4c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:12:59.0519 0x0e4c  arcsas - ok
20:12:59.0534 0x0e4c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:59.0644 0x0e4c  AsyncMac - ok
20:12:59.0690 0x0e4c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:12:59.0706 0x0e4c  atapi - ok
20:13:00.0190 0x0e4c  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:13:00.0252 0x0e4c  athr - ok
20:13:00.0346 0x0e4c  [ 637E0753BD6DEB8EA5314A5C357EC1A0, 2B479DBBF72A2AFB3DC65A3FDA30B628BC9FB21160EBD7E1BE44404C671B1D08 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:13:00.0377 0x0e4c  AtiHdmiService - ok
20:13:00.0408 0x0e4c  [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:13:00.0424 0x0e4c  AtiPcie - ok
20:13:00.0486 0x0e4c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:13:00.0564 0x0e4c  AudioEndpointBuilder - ok
20:13:00.0611 0x0e4c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:13:00.0673 0x0e4c  AudioSrv - ok
20:13:00.0736 0x0e4c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:13:00.0845 0x0e4c  AxInstSV - ok
20:13:00.0923 0x0e4c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:13:00.0985 0x0e4c  b06bdrv - ok
20:13:01.0063 0x0e4c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:13:01.0126 0x0e4c  b57nd60a - ok
20:13:01.0344 0x0e4c  [ 5F685973740F289BE3C809952DB8408B, 4C0A0C06BB2B6B1879A860B0D68289A55F80CF74947FCCE7815F1D8121232F62 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
20:13:01.0375 0x0e4c  BBSvc - ok
20:13:01.0453 0x0e4c  [ 76F78018F45E7F92164CEA5020176933, 76E1CA6E198417F3749864721C43913189A7EA07B5ED320DE543B2037CEA3D65 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
20:13:01.0484 0x0e4c  BBUpdate - ok
20:13:01.0594 0x0e4c  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
20:13:01.0765 0x0e4c  BCM43XX - ok
20:13:01.0796 0x0e4c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:13:01.0828 0x0e4c  BDESVC - ok
20:13:01.0890 0x0e4c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:13:01.0968 0x0e4c  Beep - ok
20:13:02.0062 0x0e4c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:13:02.0218 0x0e4c  BFE - ok
20:13:02.0311 0x0e4c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
20:13:02.0420 0x0e4c  BITS - ok
20:13:02.0452 0x0e4c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:13:02.0498 0x0e4c  blbdrive - ok
20:13:02.0623 0x0e4c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:13:02.0654 0x0e4c  Bonjour Service - ok
20:13:02.0717 0x0e4c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:13:02.0764 0x0e4c  bowser - ok
20:13:02.0810 0x0e4c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:13:02.0904 0x0e4c  BrFiltLo - ok
20:13:02.0920 0x0e4c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:13:02.0935 0x0e4c  BrFiltUp - ok
20:13:02.0998 0x0e4c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:13:03.0107 0x0e4c  BridgeMP - ok
20:13:03.0138 0x0e4c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:13:03.0185 0x0e4c  Browser - ok
20:13:03.0232 0x0e4c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:13:03.0341 0x0e4c  Brserid - ok
20:13:03.0356 0x0e4c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:13:03.0388 0x0e4c  BrSerWdm - ok
20:13:03.0403 0x0e4c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:13:03.0450 0x0e4c  BrUsbMdm - ok
20:13:03.0450 0x0e4c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:13:03.0497 0x0e4c  BrUsbSer - ok
20:13:03.0512 0x0e4c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:13:03.0559 0x0e4c  BTHMODEM - ok
20:13:03.0590 0x0e4c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:13:03.0637 0x0e4c  bthserv - ok
20:13:03.0700 0x0e4c  catchme - ok
20:13:03.0762 0x0e4c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:13:03.0856 0x0e4c  cdfs - ok
20:13:03.0918 0x0e4c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:13:03.0949 0x0e4c  cdrom - ok
20:13:03.0996 0x0e4c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:13:04.0043 0x0e4c  CertPropSvc - ok
20:13:04.0090 0x0e4c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:13:04.0121 0x0e4c  circlass - ok
20:13:04.0199 0x0e4c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:13:04.0246 0x0e4c  CLFS - ok
20:13:04.0324 0x0e4c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:04.0355 0x0e4c  clr_optimization_v2.0.50727_32 - ok
20:13:04.0402 0x0e4c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:13:04.0433 0x0e4c  clr_optimization_v2.0.50727_64 - ok
20:13:04.0464 0x0e4c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:13:04.0495 0x0e4c  CmBatt - ok
20:13:04.0511 0x0e4c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:13:04.0526 0x0e4c  cmdide - ok
20:13:04.0589 0x0e4c  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
20:13:04.0620 0x0e4c  CNG - ok
20:13:04.0667 0x0e4c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:13:04.0667 0x0e4c  Compbatt - ok
20:13:04.0714 0x0e4c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:13:04.0745 0x0e4c  CompositeBus - ok
20:13:04.0760 0x0e4c  COMSysApp - ok
20:13:04.0776 0x0e4c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:13:04.0776 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
20:13:04.0776 0x0e4c  crcdisk - detected LockedFile.Multi.Generic ( 1 )
20:13:07.0303 0x0e4c  Detect skipped due to KSN trusted
20:13:07.0303 0x0e4c  crcdisk - ok
20:13:07.0350 0x0e4c  [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:13:07.0412 0x0e4c  CryptSvc - ok
20:13:07.0522 0x0e4c  [ 61A86809B62769643892BC0812B204AA, 92FAC8176BE88D63C1DB1FF127F1BACD7D735A36DA42ABDE448D34B8D66F2BB9 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:13:07.0553 0x0e4c  cvhsvc - ok
20:13:07.0584 0x0e4c  Suspicious service (NoAccess): d14786642ba85cc9
20:13:07.0615 0x0e4c  [ 09E04442AEC4419C6B393C92B3C70161, 1F0F7CF371F3970AD2E68F96CE17BD785F63DE96020CF8C04DA045F3472FD207 ] d14786642ba85cc9 C:\Windows\System32\Drivers\d14786642ba85cc9.sys
20:13:07.0615 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\d14786642ba85cc9.sys. md5: 09E04442AEC4419C6B393C92B3C70161, sha256: 1F0F7CF371F3970AD2E68F96CE17BD785F63DE96020CF8C04DA045F3472FD207
20:13:07.0646 0x0e4c  d14786642ba85cc9 - detected Rootkit.Win32.Necurs.gen ( 0 )
20:13:10.0454 0x0e4c  d14786642ba85cc9 ( Rootkit.Win32.Necurs.gen ) - infected
20:13:10.0454 0x0e4c  Force sending object to P2P due to detect: d14786642ba85cc9
20:13:13.0184 0x0e4c  Object send P2P result: true
20:13:13.0340 0x0c44  Object required for P2P: [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService
20:13:15.0774 0x0e4c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:13:15.0852 0x0e4c  DcomLaunch - ok
20:13:15.0868 0x0c44  Object send P2P result: true
20:13:15.0914 0x0e4c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:13:15.0992 0x0e4c  defragsvc - ok
20:13:16.0039 0x0e4c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:13:16.0086 0x0e4c  DfsC - ok
20:13:16.0148 0x0e4c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:13:16.0211 0x0e4c  Dhcp - ok
20:13:16.0242 0x0e4c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:13:16.0242 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
20:13:16.0242 0x0e4c  discache - detected LockedFile.Multi.Generic ( 1 )
20:13:18.0754 0x0e4c  Detect skipped due to KSN trusted
20:13:18.0754 0x0e4c  discache - ok
20:13:18.0847 0x0e4c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:13:18.0863 0x0e4c  Disk - ok
20:13:18.0941 0x0e4c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:13:19.0019 0x0e4c  Dnscache - ok
20:13:19.0081 0x0e4c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:13:19.0222 0x0e4c  dot3svc - ok
20:13:19.0284 0x0e4c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:13:19.0346 0x0e4c  DPS - ok
20:13:19.0393 0x0e4c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:13:19.0393 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
20:13:19.0393 0x0e4c  drmkaud - detected LockedFile.Multi.Generic ( 1 )
20:13:21.0952 0x0e4c  Detect skipped due to KSN trusted
20:13:21.0952 0x0e4c  drmkaud - ok
20:13:22.0045 0x0e4c  [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:13:22.0076 0x0e4c  DsiWMIService - ok
20:13:22.0139 0x0e4c  [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:13:22.0139 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: AF2E16242AA723F68F461B6EAE2EAD3D, sha256: 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3
20:13:22.0139 0x0e4c  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
20:13:24.0666 0x0e4c  Detect skipped due to KSN trusted
20:13:24.0666 0x0e4c  DXGKrnl - ok
20:13:24.0744 0x0e4c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:13:24.0791 0x0e4c  EapHost - ok
20:13:24.0931 0x0e4c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:13:24.0931 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
20:13:24.0931 0x0e4c  ebdrv - detected LockedFile.Multi.Generic ( 1 )
20:13:27.0443 0x0e4c  Detect skipped due to KSN trusted
20:13:27.0458 0x0e4c  ebdrv - ok
20:13:27.0505 0x0e4c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
20:13:27.0583 0x0e4c  EFS - ok
20:13:27.0724 0x0e4c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:13:27.0802 0x0e4c  ehRecvr - ok
20:13:27.0833 0x0e4c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:13:27.0880 0x0e4c  ehSched - ok
20:13:27.0973 0x0e4c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:13:27.0973 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
20:13:27.0973 0x0e4c  elxstor - detected LockedFile.Multi.Generic ( 1 )
20:13:30.0578 0x0e4c  Detect skipped due to KSN trusted
20:13:30.0578 0x0e4c  elxstor - ok
20:13:30.0734 0x0e4c  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
20:13:30.0766 0x0e4c  ePowerSvc - ok
20:13:30.0797 0x0e4c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:13:30.0797 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
20:13:30.0797 0x0e4c  ErrDev - detected LockedFile.Multi.Generic ( 1 )
20:13:33.0340 0x0e4c  Detect skipped due to KSN trusted
20:13:33.0340 0x0e4c  ErrDev - ok
20:13:33.0464 0x0e4c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:13:33.0527 0x0e4c  EventSystem - ok
20:13:33.0574 0x0e4c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:13:33.0574 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
20:13:33.0574 0x0e4c  exfat - detected LockedFile.Multi.Generic ( 1 )
20:13:36.0085 0x0e4c  Detect skipped due to KSN trusted
20:13:36.0085 0x0e4c  exfat - ok
20:13:36.0163 0x0e4c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:13:36.0163 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
20:13:36.0163 0x0e4c  fastfat - detected LockedFile.Multi.Generic ( 1 )
20:13:38.0675 0x0e4c  Detect skipped due to KSN trusted
20:13:38.0675 0x0e4c  fastfat - ok
20:13:38.0800 0x0e4c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:13:38.0909 0x0e4c  Fax - ok
20:13:38.0940 0x0e4c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:13:38.0940 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
20:13:38.0940 0x0e4c  fdc - detected LockedFile.Multi.Generic ( 1 )
20:13:42.0013 0x0e4c  Detect skipped due to KSN trusted
20:13:42.0013 0x0e4c  fdc - ok
20:13:42.0060 0x0e4c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:13:42.0122 0x0e4c  fdPHost - ok
20:13:42.0138 0x0e4c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:13:42.0185 0x0e4c  FDResPub - ok
20:13:42.0200 0x0e4c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:13:42.0200 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
20:13:42.0200 0x0e4c  FileInfo - detected LockedFile.Multi.Generic ( 1 )
20:13:45.0118 0x0e4c  Detect skipped due to KSN trusted
20:13:45.0118 0x0e4c  FileInfo - ok
20:13:45.0164 0x0e4c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:13:45.0164 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
20:13:45.0180 0x0e4c  Filetrace - detected LockedFile.Multi.Generic ( 1 )
20:13:47.0707 0x0e4c  Detect skipped due to KSN trusted
20:13:47.0707 0x0e4c  Filetrace - ok
20:13:47.0848 0x0e4c  [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:13:47.0926 0x0e4c  FLEXnet Licensing Service - ok
20:13:47.0941 0x0e4c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:47.0941 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
20:13:47.0941 0x0e4c  flpydisk - detected LockedFile.Multi.Generic ( 1 )
20:13:52.0309 0x0e4c  Detect skipped due to KSN trusted
20:13:52.0309 0x0e4c  flpydisk - ok
20:13:52.0387 0x0e4c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:13:52.0387 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
20:13:52.0387 0x0e4c  FltMgr - detected LockedFile.Multi.Generic ( 1 )
20:13:54.0992 0x0e4c  Detect skipped due to KSN trusted
20:13:54.0992 0x0e4c  FltMgr - ok
20:13:55.0148 0x0e4c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:13:55.0242 0x0e4c  FontCache - ok
20:13:55.0289 0x0e4c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:13:55.0320 0x0e4c  FontCache3.0.0.0 - ok
20:13:55.0351 0x0e4c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:13:55.0351 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
20:13:55.0351 0x0e4c  FsDepends - detected LockedFile.Multi.Generic ( 1 )
20:13:57.0863 0x0e4c  Detect skipped due to KSN trusted
20:13:57.0863 0x0e4c  FsDepends - ok
20:13:57.0925 0x0e4c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:13:57.0925 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
20:13:57.0925 0x0e4c  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
20:14:00.0468 0x0e4c  Detect skipped due to KSN trusted
20:14:00.0468 0x0e4c  Fs_Rec - ok
20:14:00.0546 0x0e4c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:14:00.0546 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 8F6322049018354F45F05A2FD2D4E5E0, sha256: 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359
20:14:00.0546 0x0e4c  fvevol - detected LockedFile.Multi.Generic ( 1 )
20:14:03.0276 0x0e4c  Detect skipped due to KSN trusted
20:14:03.0276 0x0e4c  fvevol - ok
20:14:03.0354 0x0e4c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:14:03.0354 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
20:14:03.0354 0x0e4c  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
20:14:05.0866 0x0e4c  Detect skipped due to KSN trusted
20:14:05.0866 0x0e4c  gagp30kx - ok
20:14:06.0022 0x0e4c  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:14:06.0053 0x0e4c  GamesAppService - ok
20:14:06.0084 0x0e4c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:14:06.0084 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
20:14:06.0100 0x0e4c  GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
20:14:08.0627 0x0e4c  Detect skipped due to KSN trusted
20:14:08.0627 0x0e4c  GEARAspiWDM - ok
20:14:08.0736 0x0e4c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:14:08.0814 0x0e4c  gpsvc - ok
20:14:08.0892 0x0e4c  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
20:14:08.0923 0x0e4c  GREGService - ok
20:14:08.0954 0x0e4c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:14:08.0954 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
20:14:08.0954 0x0e4c  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
20:14:11.0482 0x0e4c  Detect skipped due to KSN trusted
20:14:11.0482 0x0e4c  hcw85cir - ok
20:14:11.0575 0x0e4c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:14:11.0575 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
20:14:11.0575 0x0e4c  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
20:14:14.0102 0x0e4c  Detect skipped due to KSN trusted
20:14:14.0102 0x0e4c  HdAudAddService - ok
20:14:14.0180 0x0e4c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:14:14.0180 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
20:14:14.0180 0x0e4c  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
20:14:16.0723 0x0e4c  Detect skipped due to KSN trusted
20:14:16.0723 0x0e4c  HDAudBus - ok
20:14:16.0770 0x0e4c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:14:16.0770 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
20:14:16.0770 0x0e4c  HidBatt - detected LockedFile.Multi.Generic ( 1 )
20:14:19.0313 0x0e4c  Detect skipped due to KSN trusted
20:14:19.0313 0x0e4c  HidBatt - ok
20:14:19.0375 0x0e4c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:14:19.0375 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
20:14:19.0375 0x0e4c  HidBth - detected LockedFile.Multi.Generic ( 1 )
20:14:21.0887 0x0e4c  Detect skipped due to KSN trusted
20:14:21.0887 0x0e4c  HidBth - ok
20:14:21.0949 0x0e4c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:14:21.0949 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
20:14:21.0949 0x0e4c  HidIr - detected LockedFile.Multi.Generic ( 1 )
20:14:24.0476 0x0e4c  Detect skipped due to KSN trusted
20:14:24.0476 0x0e4c  HidIr - ok
20:14:24.0539 0x0e4c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
20:14:24.0617 0x0e4c  hidserv - ok
20:14:24.0695 0x0e4c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:14:24.0695 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
20:14:24.0695 0x0e4c  HidUsb - detected LockedFile.Multi.Generic ( 1 )
20:14:27.0238 0x0e4c  Detect skipped due to KSN trusted
20:14:27.0238 0x0e4c  HidUsb - ok
20:14:27.0300 0x0e4c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:14:27.0362 0x0e4c  hkmsvc - ok
20:14:27.0409 0x0e4c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:14:27.0487 0x0e4c  HomeGroupListener - ok
20:14:27.0534 0x0e4c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:14:27.0565 0x0e4c  HomeGroupProvider - ok
20:14:27.0612 0x0e4c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:14:27.0612 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
20:14:27.0612 0x0e4c  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
20:14:30.0139 0x0e4c  Detect skipped due to KSN trusted
20:14:30.0139 0x0e4c  HpSAMD - ok
20:14:30.0264 0x0e4c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:14:30.0264 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
20:14:30.0264 0x0e4c  HTTP - detected LockedFile.Multi.Generic ( 1 )
20:14:32.0776 0x0e4c  Detect skipped due to KSN trusted
20:14:32.0776 0x0e4c  HTTP - ok
20:14:32.0838 0x0e4c  [ 6DBD08BC1331C78548298E82C4B667C5, FB7E50CBA773AC1D568D8629E89E85C9FACDFD494966791D770CD116D2064615 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:14:32.0838 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ew_jubusenum.sys. md5: 6DBD08BC1331C78548298E82C4B667C5, sha256: FB7E50CBA773AC1D568D8629E89E85C9FACDFD494966791D770CD116D2064615
20:14:32.0854 0x0e4c  huawei_enumerator - detected LockedFile.Multi.Generic ( 1 )
20:14:35.0896 0x0e4c  Detect skipped due to KSN trusted
20:14:35.0896 0x0e4c  huawei_enumerator - ok
20:14:35.0974 0x0e4c  [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:14:35.0974 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ewusbmdm.sys. md5: 6E5CD3984742A922D0C183C7E82C3C94, sha256: EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117
20:14:35.0989 0x0e4c  hwdatacard - detected LockedFile.Multi.Generic ( 1 )
20:14:38.0750 0x0e4c  Detect skipped due to KSN trusted
20:14:38.0750 0x0e4c  hwdatacard - ok
20:14:38.0797 0x0e4c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:14:38.0797 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
20:14:38.0797 0x0e4c  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
20:14:41.0340 0x0e4c  Detect skipped due to KSN trusted
20:14:41.0340 0x0e4c  hwpolicy - ok
20:14:41.0449 0x0e4c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:14:41.0449 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
20:14:41.0449 0x0e4c  i8042prt - detected LockedFile.Multi.Generic ( 1 )
20:14:43.0976 0x0e4c  Detect skipped due to KSN trusted
20:14:43.0976 0x0e4c  i8042prt - ok
20:14:44.0070 0x0e4c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:14:44.0070 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
20:14:44.0070 0x0e4c  iaStorV - detected LockedFile.Multi.Generic ( 1 )
20:14:46.0613 0x0e4c  Detect skipped due to KSN trusted
20:14:46.0613 0x0e4c  iaStorV - ok
20:14:46.0753 0x0e4c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:14:46.0831 0x0e4c  idsvc - ok
20:14:47.0112 0x0e4c  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:14:47.0112 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: A87261EF1546325B559374F5689CF5BC, sha256: 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002
20:14:47.0128 0x0e4c  igfx - detected LockedFile.Multi.Generic ( 1 )
20:14:49.0639 0x0e4c  Detect skipped due to KSN trusted
20:14:49.0639 0x0e4c  igfx - ok
20:14:49.0686 0x0e4c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:14:49.0686 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
20:14:49.0686 0x0e4c  iirsp - detected LockedFile.Multi.Generic ( 1 )
20:14:52.0307 0x0e4c  Detect skipped due to KSN trusted
20:14:52.0307 0x0e4c  iirsp - ok
20:14:52.0416 0x0e4c  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:14:52.0494 0x0e4c  IKEEXT - ok
20:14:52.0681 0x0e4c  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:14:52.0681 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: E8017F1662D9142F45CEAB694D013C00, sha256: 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0
20:14:52.0681 0x0e4c  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
20:14:55.0349 0x0e4c  Detect skipped due to KSN trusted
20:14:55.0365 0x0e4c  IntcAzAudAddService - ok
20:14:55.0411 0x0e4c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:14:55.0411 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
20:14:55.0411 0x0e4c  intelide - detected LockedFile.Multi.Generic ( 1 )
20:14:57.0939 0x0e4c  Detect skipped due to KSN trusted
20:14:57.0939 0x0e4c  intelide - ok
20:14:58.0001 0x0e4c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:14:58.0001 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
20:14:58.0001 0x0e4c  intelppm - detected LockedFile.Multi.Generic ( 1 )
20:15:00.0528 0x0e4c  Detect skipped due to KSN trusted
20:15:00.0528 0x0e4c  intelppm - ok
20:15:00.0591 0x0e4c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:15:00.0669 0x0e4c  IPBusEnum - ok
20:15:00.0715 0x0e4c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:15:00.0715 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
20:15:00.0715 0x0e4c  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
20:15:04.0912 0x0e4c  Detect skipped due to KSN trusted
20:15:04.0927 0x0e4c  IpFilterDriver - ok
20:15:05.0021 0x0e4c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:15:05.0083 0x0e4c  iphlpsvc - ok
20:15:05.0115 0x0e4c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:15:05.0115 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
20:15:05.0115 0x0e4c  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
20:15:07.0642 0x0e4c  Detect skipped due to KSN trusted
20:15:07.0642 0x0e4c  IPMIDRV - ok
20:15:07.0704 0x0e4c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:15:07.0704 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
20:15:07.0704 0x0e4c  IPNAT - detected LockedFile.Multi.Generic ( 1 )
20:15:10.0247 0x0e4c  Detect skipped due to KSN trusted
20:15:10.0247 0x0e4c  IPNAT - ok
20:15:10.0372 0x0e4c  [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:15:10.0403 0x0e4c  iPod Service - ok
20:15:10.0434 0x0e4c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:15:10.0434 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
20:15:10.0434 0x0e4c  IRENUM - detected LockedFile.Multi.Generic ( 1 )
20:15:12.0961 0x0e4c  Detect skipped due to KSN trusted
20:15:12.0961 0x0e4c  IRENUM - ok
20:15:13.0008 0x0e4c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:15:13.0008 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
20:15:13.0008 0x0e4c  isapnp - detected LockedFile.Multi.Generic ( 1 )
20:15:15.0551 0x0e4c  Detect skipped due to KSN trusted
20:15:15.0551 0x0e4c  isapnp - ok
20:15:15.0629 0x0e4c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:15:15.0629 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
20:15:15.0629 0x0e4c  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
20:15:18.0156 0x0e4c  Detect skipped due to KSN trusted
20:15:18.0156 0x0e4c  iScsiPrt - ok
20:15:18.0265 0x0e4c  [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:15:18.0265 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 12E27942DBB7C91880163634B0D8A776, sha256: DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E
20:15:18.0265 0x0e4c  k57nd60a - detected LockedFile.Multi.Generic ( 1 )
20:15:20.0777 0x0e4c  Detect skipped due to KSN trusted
20:15:20.0777 0x0e4c  k57nd60a - ok
20:15:20.0824 0x0e4c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:15:20.0824 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
20:15:20.0824 0x0e4c  kbdclass - detected LockedFile.Multi.Generic ( 1 )
20:15:23.0367 0x0e4c  Detect skipped due to KSN trusted
20:15:23.0367 0x0e4c  kbdclass - ok
20:15:23.0445 0x0e4c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:15:23.0445 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
20:15:23.0445 0x0e4c  kbdhid - detected LockedFile.Multi.Generic ( 1 )
20:15:25.0972 0x0e4c  Detect skipped due to KSN trusted
20:15:25.0972 0x0e4c  kbdhid - ok
20:15:26.0019 0x0e4c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
20:15:26.0050 0x0e4c  KeyIso - ok
20:15:26.0081 0x0e4c  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:15:26.0081 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4, sha256: 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8
20:15:26.0081 0x0e4c  KSecDD - detected LockedFile.Multi.Generic ( 1 )
20:15:28.0608 0x0e4c  Detect skipped due to KSN trusted
20:15:28.0608 0x0e4c  KSecDD - ok
20:15:28.0671 0x0e4c  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:15:28.0671 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07, sha256: 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B
20:15:28.0671 0x0e4c  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
20:15:31.0447 0x0e4c  Detect skipped due to KSN trusted
20:15:31.0447 0x0e4c  KSecPkg - ok
20:15:31.0510 0x0e4c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:15:31.0510 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
20:15:31.0510 0x0e4c  ksthunk - detected LockedFile.Multi.Generic ( 1 )
20:15:34.0177 0x0e4c  Detect skipped due to KSN trusted
20:15:34.0177 0x0e4c  ksthunk - ok
20:15:34.0271 0x0e4c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:15:34.0349 0x0e4c  KtmRm - ok
20:15:34.0396 0x0e4c  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
20:15:34.0396 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\L1E62x64.sys. md5: 2AC603C3188C704CFCE353659AA7AD71, sha256: 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF
20:15:34.0396 0x0e4c  L1E - detected LockedFile.Multi.Generic ( 1 )
20:15:36.0970 0x0e4c  Detect skipped due to KSN trusted
20:15:36.0970 0x0e4c  L1E - ok
20:15:37.0032 0x0e4c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:15:37.0110 0x0e4c  LanmanServer - ok
20:15:37.0157 0x0e4c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:15:37.0204 0x0e4c  LanmanWorkstation - ok
20:15:37.0266 0x0e4c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:15:37.0266 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
20:15:37.0266 0x0e4c  lltdio - detected LockedFile.Multi.Generic ( 1 )
20:15:39.0778 0x0e4c  Detect skipped due to KSN trusted
20:15:39.0778 0x0e4c  lltdio - ok
20:15:39.0840 0x0e4c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:15:39.0981 0x0e4c  lltdsvc - ok
20:15:39.0996 0x0e4c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:15:40.0027 0x0e4c  lmhosts - ok
20:15:40.0074 0x0e4c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:15:40.0074 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
20:15:40.0074 0x0e4c  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
20:15:43.0069 0x0e4c  Detect skipped due to KSN trusted
20:15:43.0069 0x0e4c  LSI_FC - ok
20:15:43.0085 0x0e4c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:15:43.0085 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
20:15:43.0085 0x0e4c  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
20:15:45.0597 0x0e4c  Detect skipped due to KSN trusted
20:15:45.0597 0x0e4c  LSI_SAS - ok
20:15:45.0675 0x0e4c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:15:45.0675 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
20:15:45.0675 0x0e4c  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
20:15:48.0217 0x0e4c  Detect skipped due to KSN trusted
20:15:48.0217 0x0e4c  LSI_SAS2 - ok
20:15:48.0233 0x0e4c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:15:48.0233 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
20:15:48.0233 0x0e4c  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
20:15:51.0259 0x0e4c  Detect skipped due to KSN trusted
20:15:51.0259 0x0e4c  LSI_SCSI - ok
20:15:51.0337 0x0e4c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:15:51.0337 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
20:15:51.0337 0x0e4c  luafv - detected LockedFile.Multi.Generic ( 1 )
20:15:53.0849 0x0e4c  Detect skipped due to KSN trusted
20:15:53.0849 0x0e4c  luafv - ok
20:15:53.0911 0x0e4c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:15:53.0958 0x0e4c  Mcx2Svc - ok
20:15:53.0958 0x0e4c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:15:53.0958 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
20:15:53.0958 0x0e4c  megasas - detected LockedFile.Multi.Generic ( 1 )
20:15:56.0470 0x0e4c  Detect skipped due to KSN trusted
20:15:56.0470 0x0e4c  megasas - ok
20:15:56.0501 0x0e4c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:15:56.0501 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
20:15:56.0501 0x0e4c  MegaSR - detected LockedFile.Multi.Generic ( 1 )
20:15:59.0496 0x0e4c  Detect skipped due to KSN trusted
20:15:59.0496 0x0e4c  MegaSR - ok
20:15:59.0559 0x0e4c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:15:59.0652 0x0e4c  MMCSS - ok
20:15:59.0668 0x0e4c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:15:59.0668 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
20:15:59.0668 0x0e4c  Modem - detected LockedFile.Multi.Generic ( 1 )
20:16:02.0211 0x0e4c  Detect skipped due to KSN trusted
20:16:02.0211 0x0e4c  Modem - ok
20:16:02.0273 0x0e4c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:16:02.0273 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
20:16:02.0273 0x0e4c  monitor - detected LockedFile.Multi.Generic ( 1 )
20:16:05.0050 0x0e4c  Detect skipped due to KSN trusted
20:16:05.0050 0x0e4c  monitor - ok
20:16:05.0128 0x0e4c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:16:05.0128 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
20:16:05.0128 0x0e4c  mouclass - detected LockedFile.Multi.Generic ( 1 )
20:16:07.0951 0x0e4c  Detect skipped due to KSN trusted
20:16:07.0951 0x0e4c  mouclass - ok
20:16:08.0014 0x0e4c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:16:08.0014 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
20:16:08.0014 0x0e4c  mouhid - detected LockedFile.Multi.Generic ( 1 )
20:16:10.0541 0x0e4c  Detect skipped due to KSN trusted
20:16:10.0541 0x0e4c  mouhid - ok
20:16:10.0603 0x0e4c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:16:10.0603 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
20:16:10.0603 0x0e4c  mountmgr - detected LockedFile.Multi.Generic ( 1 )
20:16:13.0957 0x0e4c  Detect skipped due to KSN trusted
20:16:13.0957 0x0e4c  mountmgr - ok
20:16:14.0020 0x0e4c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:16:14.0020 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
20:16:14.0020 0x0e4c  mpio - detected LockedFile.Multi.Generic ( 1 )
20:16:16.0563 0x0e4c  Detect skipped due to KSN trusted
20:16:16.0563 0x0e4c  mpio - ok
20:16:16.0625 0x0e4c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:16:16.0625 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
20:16:16.0625 0x0e4c  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
20:16:19.0152 0x0e4c  Detect skipped due to KSN trusted
20:16:19.0152 0x0e4c  mpsdrv - ok
20:16:19.0261 0x0e4c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:16:19.0339 0x0e4c  MpsSvc - ok
20:16:19.0371 0x0e4c  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:16:19.0371 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
20:16:19.0371 0x0e4c  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
20:16:21.0898 0x0e4c  Detect skipped due to KSN trusted
20:16:21.0898 0x0e4c  MRxDAV - ok
20:16:21.0976 0x0e4c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:16:21.0976 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
20:16:21.0976 0x0e4c  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
20:16:24.0503 0x0e4c  Detect skipped due to KSN trusted
20:16:24.0503 0x0e4c  mrxsmb - ok
20:16:24.0565 0x0e4c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:16:24.0565 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
20:16:24.0565 0x0e4c  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
20:16:27.0093 0x0e4c  Detect skipped due to KSN trusted
20:16:27.0093 0x0e4c  mrxsmb10 - ok
20:16:27.0155 0x0e4c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:16:27.0155 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
20:16:27.0155 0x0e4c  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
20:16:29.0698 0x0e4c  Detect skipped due to KSN trusted
20:16:29.0698 0x0e4c  mrxsmb20 - ok
20:16:29.0760 0x0e4c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:16:29.0760 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
20:16:29.0760 0x0e4c  msahci - detected LockedFile.Multi.Generic ( 1 )
20:16:32.0272 0x0e4c  Detect skipped due to KSN trusted
20:16:32.0272 0x0e4c  msahci - ok
20:16:32.0334 0x0e4c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:16:32.0334 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
20:16:32.0334 0x0e4c  msdsm - detected LockedFile.Multi.Generic ( 1 )
20:16:34.0861 0x0e4c  Detect skipped due to KSN trusted
20:16:34.0861 0x0e4c  msdsm - ok
20:16:34.0908 0x0e4c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:16:34.0955 0x0e4c  MSDTC - ok
20:16:34.0986 0x0e4c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:16:34.0986 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
20:16:34.0986 0x0e4c  Msfs - detected LockedFile.Multi.Generic ( 1 )
20:16:37.0841 0x0e4c  Detect skipped due to KSN trusted
20:16:37.0841 0x0e4c  Msfs - ok
20:16:37.0903 0x0e4c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:16:37.0903 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
20:16:37.0903 0x0e4c  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
20:16:40.0431 0x0e4c  Detect skipped due to KSN trusted
20:16:40.0431 0x0e4c  mshidkmdf - ok
20:16:40.0493 0x0e4c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:16:40.0493 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
20:16:40.0493 0x0e4c  msisadrv - detected LockedFile.Multi.Generic ( 1 )
20:16:43.0020 0x0e4c  Detect skipped due to KSN trusted
20:16:43.0020 0x0e4c  msisadrv - ok
20:16:43.0083 0x0e4c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:16:43.0161 0x0e4c  MSiSCSI - ok
20:16:43.0176 0x0e4c  msiserver - ok
20:16:43.0223 0x0e4c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:16:43.0223 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
20:16:43.0223 0x0e4c  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
20:16:45.0735 0x0e4c  Detect skipped due to KSN trusted
20:16:45.0735 0x0e4c  MSKSSRV - ok
20:16:45.0782 0x0e4c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:16:45.0782 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
20:16:45.0782 0x0e4c  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
20:16:48.0324 0x0e4c  Detect skipped due to KSN trusted
20:16:48.0324 0x0e4c  MSPCLOCK - ok
20:16:48.0324 0x0e4c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:16:48.0324 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
20:16:48.0324 0x0e4c  MSPQM - detected LockedFile.Multi.Generic ( 1 )
20:16:50.0867 0x0e4c  Detect skipped due to KSN trusted
20:16:50.0867 0x0e4c  MSPQM - ok
20:16:50.0945 0x0e4c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:16:50.0945 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
20:16:50.0961 0x0e4c  MsRPC - detected LockedFile.Multi.Generic ( 1 )
20:16:53.0488 0x0e4c  Detect skipped due to KSN trusted
20:16:53.0488 0x0e4c  MsRPC - ok
20:16:53.0550 0x0e4c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:16:53.0550 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
20:16:53.0550 0x0e4c  mssmbios - detected LockedFile.Multi.Generic ( 1 )
20:16:56.0109 0x0e4c  Detect skipped due to KSN trusted
20:16:56.0109 0x0e4c  mssmbios - ok
20:16:56.0124 0x0e4c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:16:56.0124 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
20:16:56.0124 0x0e4c  MSTEE - detected LockedFile.Multi.Generic ( 1 )
20:16:58.0745 0x0e4c  Detect skipped due to KSN trusted
20:16:58.0745 0x0e4c  MSTEE - ok
20:16:58.0792 0x0e4c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:16:58.0792 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
20:16:58.0792 0x0e4c  MTConfig - detected LockedFile.Multi.Generic ( 1 )
20:17:01.0319 0x0e4c  Detect skipped due to KSN trusted
20:17:01.0319 0x0e4c  MTConfig - ok
20:17:01.0366 0x0e4c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:17:01.0366 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
20:17:01.0366 0x0e4c  Mup - detected LockedFile.Multi.Generic ( 1 )
20:17:03.0940 0x0e4c  Detect skipped due to KSN trusted
20:17:03.0940 0x0e4c  Mup - ok
20:17:04.0034 0x0e4c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:17:04.0143 0x0e4c  napagent - ok
20:17:04.0236 0x0e4c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:17:04.0236 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
20:17:04.0252 0x0e4c  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
20:17:06.0779 0x0e4c  Detect skipped due to KSN trusted
20:17:06.0779 0x0e4c  NativeWifiP - ok
20:17:06.0904 0x0e4c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:17:06.0904 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
20:17:06.0904 0x0e4c  NDIS - detected LockedFile.Multi.Generic ( 1 )
20:17:09.0416 0x0e4c  Detect skipped due to KSN trusted
20:17:09.0416 0x0e4c  NDIS - ok
20:17:09.0494 0x0e4c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:09.0494 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
20:17:09.0494 0x0e4c  NdisCap - detected LockedFile.Multi.Generic ( 1 )
20:17:12.0021 0x0e4c  Detect skipped due to KSN trusted
20:17:12.0021 0x0e4c  NdisCap - ok
20:17:12.0068 0x0e4c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:12.0068 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
20:17:12.0068 0x0e4c  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
20:17:15.0078 0x0e4c  Detect skipped due to KSN trusted
20:17:15.0078 0x0e4c  NdisTapi - ok
20:17:15.0156 0x0e4c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:15.0156 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
20:17:15.0156 0x0e4c  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
20:17:17.0684 0x0e4c  Detect skipped due to KSN trusted
20:17:17.0684 0x0e4c  Ndisuio - ok
20:17:17.0762 0x0e4c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:17.0762 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
20:17:17.0777 0x0e4c  NdisWan - detected LockedFile.Multi.Generic ( 1 )
20:17:20.0273 0x0e4c  Detect skipped due to KSN trusted
20:17:20.0273 0x0e4c  NdisWan - ok
20:17:20.0320 0x0e4c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:17:20.0320 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
20:17:20.0320 0x0e4c  NDProxy - detected LockedFile.Multi.Generic ( 1 )
20:17:22.0863 0x0e4c  Detect skipped due to KSN trusted
20:17:22.0863 0x0e4c  NDProxy - ok
20:17:23.0034 0x0e4c  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:17:23.0112 0x0e4c  Nero BackItUp Scheduler 4.0 - ok
20:17:23.0159 0x0e4c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:17:23.0159 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
20:17:23.0159 0x0e4c  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
20:17:25.0702 0x0e4c  Detect skipped due to KSN trusted
20:17:25.0702 0x0e4c  NetBIOS - ok
20:17:25.0780 0x0e4c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:17:25.0780 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
20:17:25.0780 0x0e4c  NetBT - detected LockedFile.Multi.Generic ( 1 )
20:17:28.0307 0x0e4c  Detect skipped due to KSN trusted
20:17:28.0307 0x0e4c  NetBT - ok
20:17:28.0370 0x0e4c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
20:17:28.0401 0x0e4c  Netlogon - ok
20:17:28.0448 0x0e4c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:17:28.0526 0x0e4c  Netman - ok
20:17:28.0557 0x0e4c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:17:28.0635 0x0e4c  netprofm - ok
20:17:28.0682 0x0e4c  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:17:28.0713 0x0e4c  NetTcpPortSharing - ok
20:17:28.0760 0x0e4c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:17:28.0760 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
20:17:28.0760 0x0e4c  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
20:17:31.0287 0x0e4c  Detect skipped due to KSN trusted
20:17:31.0287 0x0e4c  nfrd960 - ok
20:17:31.0365 0x0e4c  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:17:31.0443 0x0e4c  NlaSvc - ok
20:17:31.0490 0x0e4c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:17:31.0490 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
20:17:31.0490 0x0e4c  Npfs - detected LockedFile.Multi.Generic ( 1 )
20:17:33.0970 0x0e4c  Detect skipped due to KSN trusted
20:17:33.0986 0x0e4c  Npfs - ok
20:17:34.0048 0x0e4c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:17:34.0142 0x0e4c  nsi - ok
20:17:34.0173 0x0e4c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:17:34.0173 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
20:17:34.0173 0x0e4c  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
20:17:36.0700 0x0e4c  Detect skipped due to KSN trusted
20:17:36.0700 0x0e4c  nsiproxy - ok
20:17:36.0856 0x0e4c  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:17:36.0856 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E
20:17:36.0856 0x0e4c  Ntfs - detected LockedFile.Multi.Generic ( 1 )
20:17:39.0383 0x0e4c  Detect skipped due to KSN trusted
20:17:39.0383 0x0e4c  Ntfs - ok
20:17:39.0477 0x0e4c  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
20:17:39.0508 0x0e4c  NTI IScheduleSvc - ok
20:17:39.0524 0x0e4c  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
20:17:39.0524 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NTIDrvr.sys. md5: 64DDD0DEE976302F4BD93E5EFCC2F013, sha256: 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C
20:17:39.0539 0x0e4c  NTIDrvr - detected LockedFile.Multi.Generic ( 1 )
20:17:42.0051 0x0e4c  Detect skipped due to KSN trusted
20:17:42.0051 0x0e4c  NTIDrvr - ok
20:17:42.0098 0x0e4c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:17:42.0098 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
20:17:42.0098 0x0e4c  Null - detected LockedFile.Multi.Generic ( 1 )
20:17:44.0640 0x0e4c  Detect skipped due to KSN trusted
20:17:44.0640 0x0e4c  Null - ok
20:17:44.0703 0x0e4c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:17:44.0703 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
20:17:44.0703 0x0e4c  nvraid - detected LockedFile.Multi.Generic ( 1 )
20:17:47.0246 0x0e4c  Detect skipped due to KSN trusted
20:17:47.0246 0x0e4c  nvraid - ok
20:17:47.0308 0x0e4c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:17:47.0308 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
20:17:47.0308 0x0e4c  nvstor - detected LockedFile.Multi.Generic ( 1 )
20:17:49.0835 0x0e4c  Detect skipped due to KSN trusted
20:17:49.0835 0x0e4c  nvstor - ok
20:17:49.0898 0x0e4c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:17:49.0898 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
20:17:49.0898 0x0e4c  nv_agp - detected LockedFile.Multi.Generic ( 1 )
20:17:52.0425 0x0e4c  Detect skipped due to KSN trusted
20:17:52.0425 0x0e4c  nv_agp - ok
20:17:52.0581 0x0e4c  [ B3E5887095F1DE8737DA3441D29F60E4, 722DCC5F8AE62C7EE87C14AFA447EB630EDDB23C56E921E5FA8C72C12011C676 ] ogmservice      C:\Program Files (x86)\Online Games Manager\ogmservice.exe
20:17:52.0612 0x0e4c  ogmservice - ok
20:17:52.0643 0x0e4c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:17:52.0643 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
20:17:52.0643 0x0e4c  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
20:17:55.0170 0x0e4c  Detect skipped due to KSN trusted
20:17:55.0170 0x0e4c  ohci1394 - ok
20:17:55.0248 0x0e4c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:17:55.0280 0x0e4c  ose - ok
20:17:55.0576 0x0e4c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:17:55.0841 0x0e4c  osppsvc - ok
20:17:55.0888 0x0e4c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:17:55.0982 0x0e4c  p2pimsvc - ok
20:17:56.0028 0x0e4c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:17:56.0060 0x0e4c  p2psvc - ok
20:17:56.0075 0x0e4c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:17:56.0075 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
20:17:56.0075 0x0e4c  Parport - detected LockedFile.Multi.Generic ( 1 )
20:17:58.0602 0x0e4c  Detect skipped due to KSN trusted
20:17:58.0602 0x0e4c  Parport - ok
20:17:58.0665 0x0e4c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:17:58.0665 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
20:17:58.0665 0x0e4c  partmgr - detected LockedFile.Multi.Generic ( 1 )
20:18:01.0192 0x0e4c  Detect skipped due to KSN trusted
20:18:01.0192 0x0e4c  partmgr - ok
20:18:01.0239 0x0e4c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:18:01.0348 0x0e4c  PcaSvc - ok
20:18:01.0395 0x0e4c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:18:01.0395 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
20:18:01.0395 0x0e4c  pci - detected LockedFile.Multi.Generic ( 1 )
20:18:03.0922 0x0e4c  Detect skipped due to KSN trusted
20:18:03.0922 0x0e4c  pci - ok
20:18:03.0969 0x0e4c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:18:03.0969 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
20:18:03.0969 0x0e4c  pciide - detected LockedFile.Multi.Generic ( 1 )
20:18:06.0496 0x0e4c  Detect skipped due to KSN trusted
20:18:06.0496 0x0e4c  pciide - ok
20:18:06.0574 0x0e4c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:18:06.0574 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
20:18:06.0574 0x0e4c  pcmcia - detected LockedFile.Multi.Generic ( 1 )
20:18:09.0086 0x0e4c  Detect skipped due to KSN trusted
20:18:09.0086 0x0e4c  pcmcia - ok
20:18:09.0132 0x0e4c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:18:09.0132 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
20:18:09.0132 0x0e4c  pcw - detected LockedFile.Multi.Generic ( 1 )
20:18:12.0424 0x0e4c  Detect skipped due to KSN trusted
20:18:12.0424 0x0e4c  pcw - ok
20:18:12.0502 0x0e4c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:18:12.0502 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
20:18:12.0502 0x0e4c  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
20:18:15.0092 0x0e4c  Detect skipped due to KSN trusted
20:18:15.0092 0x0e4c  PEAUTH - ok
20:18:15.0232 0x0e4c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:18:15.0279 0x0e4c  PerfHost - ok
20:18:15.0388 0x0e4c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:18:15.0513 0x0e4c  pla - ok
20:18:15.0575 0x0e4c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:18:15.0638 0x0e4c  PlugPlay - ok
20:18:15.0669 0x0e4c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:18:15.0684 0x0e4c  PNRPAutoReg - ok
20:18:15.0716 0x0e4c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:18:15.0747 0x0e4c  PNRPsvc - ok
20:18:15.0794 0x0e4c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:18:15.0856 0x0e4c  PolicyAgent - ok
20:18:15.0887 0x0e4c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:18:15.0950 0x0e4c  Power - ok
20:18:15.0981 0x0e4c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:18:15.0981 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
20:18:15.0981 0x0e4c  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
20:18:18.0711 0x0e4c  Detect skipped due to KSN trusted
20:18:18.0711 0x0e4c  PptpMiniport - ok
20:18:18.0773 0x0e4c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:18:18.0773 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
20:18:18.0773 0x0e4c  Processor - detected LockedFile.Multi.Generic ( 1 )
20:18:21.0300 0x0e4c  Detect skipped due to KSN trusted
20:18:21.0300 0x0e4c  Processor - ok
20:18:21.0363 0x0e4c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:18:21.0425 0x0e4c  ProfSvc - ok
20:18:21.0441 0x0e4c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:18:21.0456 0x0e4c  ProtectedStorage - ok
20:18:21.0503 0x0e4c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:18:21.0503 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
20:18:21.0519 0x0e4c  Psched - detected LockedFile.Multi.Generic ( 1 )
20:18:24.0062 0x0e4c  Detect skipped due to KSN trusted
20:18:24.0062 0x0e4c  Psched - ok
20:18:24.0155 0x0e4c  [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:18:24.0155 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: FBF4DB6D53585437E41A113300002A2B, sha256: A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2
20:18:24.0155 0x0e4c  PxHlpa64 - detected LockedFile.Multi.Generic ( 1 )
20:18:26.0682 0x0e4c  Detect skipped due to KSN trusted
20:18:26.0682 0x0e4c  PxHlpa64 - ok
20:18:26.0792 0x0e4c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:18:26.0792 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
20:18:26.0792 0x0e4c  ql2300 - detected LockedFile.Multi.Generic ( 1 )
20:18:29.0319 0x0e4c  Detect skipped due to KSN trusted
20:18:29.0319 0x0e4c  ql2300 - ok
20:18:29.0397 0x0e4c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:18:29.0397 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
20:18:29.0397 0x0e4c  ql40xx - detected LockedFile.Multi.Generic ( 1 )
20:18:32.0080 0x0e4c  Detect skipped due to KSN trusted
20:18:32.0080 0x0e4c  ql40xx - ok
20:18:32.0158 0x0e4c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:18:32.0220 0x0e4c  QWAVE - ok
20:18:32.0236 0x0e4c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:18:32.0236 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
20:18:32.0236 0x0e4c  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
20:18:35.0138 0x0e4c  Detect skipped due to KSN trusted
20:18:35.0138 0x0e4c  QWAVEdrv - ok
20:18:35.0184 0x0e4c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:18:35.0184 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
20:18:35.0184 0x0e4c  RasAcd - detected LockedFile.Multi.Generic ( 1 )
20:18:37.0712 0x0e4c  Detect skipped due to KSN trusted
20:18:37.0712 0x0e4c  RasAcd - ok
20:18:37.0774 0x0e4c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:18:37.0774 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
20:18:37.0774 0x0e4c  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
20:18:40.0301 0x0e4c  Detect skipped due to KSN trusted
20:18:40.0301 0x0e4c  RasAgileVpn - ok
20:18:40.0379 0x0e4c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:18:40.0457 0x0e4c  RasAuto - ok
20:18:40.0504 0x0e4c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:18:40.0504 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
20:18:40.0504 0x0e4c  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
20:18:43.0047 0x0e4c  Detect skipped due to KSN trusted
20:18:43.0047 0x0e4c  Rasl2tp - ok
20:18:43.0109 0x0e4c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:18:43.0187 0x0e4c  RasMan - ok
20:18:43.0219 0x0e4c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:18:43.0219 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
20:18:43.0219 0x0e4c  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
20:18:45.0715 0x0e4c  Detect skipped due to KSN trusted
20:18:45.0715 0x0e4c  RasPppoe - ok
20:18:45.0777 0x0e4c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:18:45.0777 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
20:18:45.0777 0x0e4c  RasSstp - detected LockedFile.Multi.Generic ( 1 )
20:18:48.0304 0x0e4c  Detect skipped due to KSN trusted
20:18:48.0304 0x0e4c  RasSstp - ok
20:18:48.0382 0x0e4c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:18:48.0382 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
20:18:48.0382 0x0e4c  rdbss - detected LockedFile.Multi.Generic ( 1 )
20:18:51.0003 0x0e4c  Detect skipped due to KSN trusted
20:18:51.0003 0x0e4c  rdbss - ok
20:18:51.0050 0x0e4c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:18:51.0050 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
20:18:51.0050 0x0e4c  rdpbus - detected LockedFile.Multi.Generic ( 1 )
20:18:53.0577 0x0e4c  Detect skipped due to KSN trusted
20:18:53.0577 0x0e4c  rdpbus - ok
20:18:53.0624 0x0e4c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:18:53.0624 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
20:18:53.0624 0x0e4c  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
20:18:56.0151 0x0e4c  Detect skipped due to KSN trusted
20:18:56.0151 0x0e4c  RDPCDD - ok
20:18:56.0198 0x0e4c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:18:56.0198 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
20:18:56.0198 0x0e4c  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
20:18:58.0741 0x0e4c  Detect skipped due to KSN trusted
20:18:58.0741 0x0e4c  RDPENCDD - ok
20:18:58.0787 0x0e4c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:18:58.0787 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
20:18:58.0787 0x0e4c  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
20:19:01.0283 0x0e4c  Detect skipped due to KSN trusted
20:19:01.0283 0x0e4c  RDPREFMP - ok
20:19:01.0361 0x0e4c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:19:01.0361 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
20:19:01.0361 0x0e4c  RDPWD - detected LockedFile.Multi.Generic ( 1 )
20:19:04.0138 0x0e4c  Detect skipped due to KSN trusted
20:19:04.0138 0x0e4c  RDPWD - ok
20:19:04.0216 0x0e4c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:19:04.0216 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
20:19:04.0247 0x0e4c  rdyboost - detected LockedFile.Multi.Generic ( 1 )
20:19:06.0775 0x0e4c  Detect skipped due to KSN trusted
20:19:06.0775 0x0e4c  rdyboost - ok
20:19:06.0837 0x0e4c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:19:06.0931 0x0e4c  RemoteAccess - ok
20:19:06.0962 0x0e4c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:19:07.0024 0x0e4c  RemoteRegistry - ok
20:19:07.0040 0x0e4c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:19:07.0087 0x0e4c  RpcEptMapper - ok
20:19:07.0118 0x0e4c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:19:07.0165 0x0e4c  RpcLocator - ok
20:19:07.0211 0x0e4c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:19:07.0258 0x0e4c  RpcSs - ok
20:19:07.0305 0x0e4c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:19:07.0305 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
20:19:07.0321 0x0e4c  rspndr - detected LockedFile.Multi.Generic ( 1 )
20:19:10.0269 0x0e4c  Detect skipped due to KSN trusted
20:19:10.0269 0x0e4c  rspndr - ok
20:19:10.0316 0x0e4c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
20:19:10.0347 0x0e4c  SamSs - ok
20:19:10.0394 0x0e4c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:19:10.0394 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
20:19:10.0394 0x0e4c  sbp2port - detected LockedFile.Multi.Generic ( 1 )
20:19:12.0905 0x0e4c  Detect skipped due to KSN trusted
20:19:12.0905 0x0e4c  sbp2port - ok
20:19:12.0983 0x0e4c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:19:13.0093 0x0e4c  SCardSvr - ok
20:19:13.0124 0x0e4c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:19:13.0124 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
20:19:13.0124 0x0e4c  scfilter - detected LockedFile.Multi.Generic ( 1 )
20:19:15.0651 0x0e4c  Detect skipped due to KSN trusted
20:19:15.0651 0x0e4c  scfilter - ok
20:19:15.0791 0x0e4c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:19:15.0869 0x0e4c  Schedule - ok
20:19:15.0901 0x0e4c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:19:15.0947 0x0e4c  SCPolicySvc - ok
20:19:15.0963 0x0e4c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:19:16.0010 0x0e4c  SDRSVC - ok
20:19:16.0041 0x0e4c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:19:16.0041 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
20:19:16.0041 0x0e4c  secdrv - detected LockedFile.Multi.Generic ( 1 )
20:19:18.0584 0x0e4c  Detect skipped due to KSN trusted
20:19:18.0584 0x0e4c  secdrv - ok
20:19:18.0631 0x0e4c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:19:18.0709 0x0e4c  seclogon - ok
20:19:18.0724 0x0e4c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
20:19:18.0771 0x0e4c  SENS - ok
20:19:18.0787 0x0e4c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:19:18.0818 0x0e4c  SensrSvc - ok
20:19:18.0849 0x0e4c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:19:18.0849 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
20:19:18.0849 0x0e4c  Serenum - detected LockedFile.Multi.Generic ( 1 )
20:19:21.0345 0x0e4c  Detect skipped due to KSN trusted
20:19:21.0345 0x0e4c  Serenum - ok
20:19:21.0407 0x0e4c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:19:21.0407 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
20:19:21.0407 0x0e4c  Serial - detected LockedFile.Multi.Generic ( 1 )
20:19:24.0325 0x0e4c  Detect skipped due to KSN trusted
20:19:24.0340 0x0e4c  Serial - ok
20:19:24.0387 0x0e4c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

AB12398 · 24.02.2015, 20:52

Code:

ATTFilter

20:19:24.0387 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
20:19:24.0387 0x0e4c  sermouse - detected LockedFile.Multi.Generic ( 1 )
20:19:27.0039 0x0e4c  Detect skipped due to KSN trusted
20:19:27.0039 0x0e4c  sermouse - ok
20:19:27.0117 0x0e4c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:19:27.0179 0x0e4c  SessionEnv - ok
20:19:27.0211 0x0e4c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:19:27.0211 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
20:19:27.0211 0x0e4c  sffdisk - detected LockedFile.Multi.Generic ( 1 )
20:19:29.0722 0x0e4c  Detect skipped due to KSN trusted
20:19:29.0722 0x0e4c  sffdisk - ok
20:19:29.0769 0x0e4c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:19:29.0769 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
20:19:29.0769 0x0e4c  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
20:19:32.0296 0x0e4c  Detect skipped due to KSN trusted
20:19:32.0296 0x0e4c  sffp_mmc - ok
20:19:32.0343 0x0e4c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:19:32.0343 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
20:19:32.0343 0x0e4c  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
20:19:34.0870 0x0e4c  Detect skipped due to KSN trusted
20:19:34.0870 0x0e4c  sffp_sd - ok
20:19:34.0933 0x0e4c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:19:34.0933 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
20:19:34.0933 0x0e4c  sfloppy - detected LockedFile.Multi.Generic ( 1 )
20:19:37.0460 0x0e4c  Detect skipped due to KSN trusted
20:19:37.0460 0x0e4c  sfloppy - ok
20:19:37.0569 0x0e4c  [ D5183ED285D2795491DC15BDDCBEE5AD, 607D208C730485B445EC80EEE5529A8E2BEF44FE2C8558E71A7FB47B0C8C7B56 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:19:37.0585 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftfslh.sys. md5: D5183ED285D2795491DC15BDDCBEE5AD, sha256: 607D208C730485B445EC80EEE5529A8E2BEF44FE2C8558E71A7FB47B0C8C7B56
20:19:37.0585 0x0e4c  Sftfs - detected LockedFile.Multi.Generic ( 1 )
20:19:40.0096 0x0e4c  Detect skipped due to KSN trusted
20:19:40.0096 0x0e4c  Sftfs - ok
20:19:40.0205 0x0e4c  [ BFDB58616FF5EA540A5F58301D50641E, AFBF163938237C7E2578690BE71001016AF7FF61CD84594E7D76CDCBBD1FF4BD ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:19:40.0237 0x0e4c  sftlist - ok
20:19:40.0299 0x0e4c  [ 00F118B68C50D2206DD51634F9142B83, 5C5913ED0E3551DD5FD881830A6F7DBAEB0E9FA3904EE3BB13D8F1DA346EBCE7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:19:40.0299 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftplaylh.sys. md5: 00F118B68C50D2206DD51634F9142B83, sha256: 5C5913ED0E3551DD5FD881830A6F7DBAEB0E9FA3904EE3BB13D8F1DA346EBCE7
20:19:40.0299 0x0e4c  Sftplay - detected LockedFile.Multi.Generic ( 1 )
20:19:42.0826 0x0e4c  Detect skipped due to KSN trusted
20:19:42.0826 0x0e4c  Sftplay - ok
20:19:42.0889 0x0e4c  [ 76A827DF5640BFE16A0CDBB4108ADECA, E7D333A251E0F0DA729DA3CBE6B0F1E5DE2EE585E8B87B5EC78E78E129CA1112 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:19:42.0889 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftredirlh.sys. md5: 76A827DF5640BFE16A0CDBB4108ADECA, sha256: E7D333A251E0F0DA729DA3CBE6B0F1E5DE2EE585E8B87B5EC78E78E129CA1112
20:19:42.0889 0x0e4c  Sftredir - detected LockedFile.Multi.Generic ( 1 )
20:19:45.0416 0x0e4c  Detect skipped due to KSN trusted
20:19:45.0416 0x0e4c  Sftredir - ok
20:19:45.0463 0x0e4c  [ 1B4C9701645086BAB8CAFFFCE30ED284, B95C995EEB573B5C3D00DBA9D439CACCF3D3C9593E568D2D0F44245E7B09E3F5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:19:45.0463 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Sftvollh.sys. md5: 1B4C9701645086BAB8CAFFFCE30ED284, sha256: B95C995EEB573B5C3D00DBA9D439CACCF3D3C9593E568D2D0F44245E7B09E3F5
20:19:45.0463 0x0e4c  Sftvol - detected LockedFile.Multi.Generic ( 1 )
20:19:47.0990 0x0e4c  Detect skipped due to KSN trusted
20:19:47.0990 0x0e4c  Sftvol - ok
20:19:48.0052 0x0e4c  [ B94C3C4DCA2093243C76CA218EDE2A97, 4D376F825AEEFD8F1BCE48180471C75BDA655B2D8BE6E4205E327D14D797DBF2 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:19:48.0083 0x0e4c  sftvsa - ok
20:19:48.0130 0x0e4c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:19:48.0177 0x0e4c  SharedAccess - ok
20:19:48.0224 0x0e4c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:19:48.0286 0x0e4c  ShellHWDetection - ok
20:19:48.0333 0x0e4c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:19:48.0333 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
20:19:48.0333 0x0e4c  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
20:19:50.0907 0x0e4c  Detect skipped due to KSN trusted
20:19:50.0907 0x0e4c  SiSRaid2 - ok
20:19:50.0954 0x0e4c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:19:50.0954 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
20:19:50.0954 0x0e4c  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
20:19:53.0481 0x0e4c  Detect skipped due to KSN trusted
20:19:53.0481 0x0e4c  SiSRaid4 - ok
20:19:53.0543 0x0e4c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:19:53.0543 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
20:19:53.0559 0x0e4c  Smb - detected LockedFile.Multi.Generic ( 1 )
20:19:56.0086 0x0e4c  Detect skipped due to KSN trusted
20:19:56.0086 0x0e4c  Smb - ok
20:19:56.0164 0x0e4c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:19:56.0211 0x0e4c  SNMPTRAP - ok
20:19:56.0227 0x0e4c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:19:56.0227 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
20:19:56.0227 0x0e4c  spldr - detected LockedFile.Multi.Generic ( 1 )
20:19:58.0738 0x0e4c  Detect skipped due to KSN trusted
20:19:58.0738 0x0e4c  spldr - ok
20:19:58.0832 0x0e4c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:19:58.0925 0x0e4c  Spooler - ok
20:19:59.0128 0x0e4c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:19:59.0362 0x0e4c  sppsvc - ok
20:19:59.0393 0x0e4c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:19:59.0456 0x0e4c  sppuinotify - ok
20:19:59.0487 0x0e4c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:19:59.0487 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
20:19:59.0487 0x0e4c  srv - detected LockedFile.Multi.Generic ( 1 )
20:20:01.0999 0x0e4c  Detect skipped due to KSN trusted
20:20:01.0999 0x0e4c  srv - ok
20:20:02.0061 0x0e4c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:20:02.0061 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
20:20:02.0077 0x0e4c  srv2 - detected LockedFile.Multi.Generic ( 1 )
20:20:05.0025 0x0e4c  Detect skipped due to KSN trusted
20:20:05.0025 0x0e4c  srv2 - ok
20:20:05.0087 0x0e4c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:20:05.0087 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
20:20:05.0087 0x0e4c  srvnet - detected LockedFile.Multi.Generic ( 1 )
20:20:07.0615 0x0e4c  Detect skipped due to KSN trusted
20:20:07.0615 0x0e4c  srvnet - ok
20:20:07.0708 0x0e4c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:20:07.0802 0x0e4c  SSDPSRV - ok
20:20:07.0833 0x0e4c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:20:07.0880 0x0e4c  SstpSvc - ok
20:20:07.0911 0x0e4c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:20:07.0911 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
20:20:07.0911 0x0e4c  stexstor - detected LockedFile.Multi.Generic ( 1 )
20:20:10.0423 0x0e4c  Detect skipped due to KSN trusted
20:20:10.0423 0x0e4c  stexstor - ok
20:20:10.0485 0x0e4c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:20:10.0485 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serscan.sys. md5: DECACB6921DED1A38642642685D77DAC, sha256: 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC
20:20:10.0485 0x0e4c  StillCam - detected LockedFile.Multi.Generic ( 1 )
20:20:13.0028 0x0e4c  Detect skipped due to KSN trusted
20:20:13.0028 0x0e4c  StillCam - ok
20:20:13.0137 0x0e4c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:20:13.0199 0x0e4c  stisvc - ok
20:20:13.0215 0x0e4c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:20:13.0215 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
20:20:13.0231 0x0e4c  swenum - detected LockedFile.Multi.Generic ( 1 )
20:20:15.0883 0x0e4c  Detect skipped due to KSN trusted
20:20:15.0883 0x0e4c  swenum - ok
20:20:15.0992 0x0e4c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:20:16.0070 0x0e4c  swprv - ok
20:20:16.0148 0x0e4c  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:20:16.0148 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: ED6D1424E5B0C21A57B28DD8508D6843, sha256: EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9
20:20:16.0148 0x0e4c  SynTP - detected LockedFile.Multi.Generic ( 1 )
20:20:18.0675 0x0e4c  Detect skipped due to KSN trusted
20:20:18.0675 0x0e4c  SynTP - ok
20:20:18.0831 0x0e4c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:20:18.0909 0x0e4c  SysMain - ok
20:20:18.0987 0x0e4c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:20:19.0018 0x0e4c  TabletInputService - ok
20:20:19.0065 0x0e4c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:20:19.0127 0x0e4c  TapiSrv - ok
20:20:19.0174 0x0e4c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:20:19.0237 0x0e4c  TBS - ok
20:20:19.0361 0x0e4c  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:20:19.0361 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: B62A953F2BF3922C8764A29C34A22899, sha256: 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901
20:20:19.0393 0x0e4c  Tcpip - detected LockedFile.Multi.Generic ( 1 )
20:20:21.0935 0x0e4c  Detect skipped due to KSN trusted
20:20:21.0951 0x0e4c  Tcpip - ok
20:20:22.0076 0x0e4c  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:20:22.0076 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: B62A953F2BF3922C8764A29C34A22899, sha256: 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901
20:20:22.0091 0x0e4c  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
20:20:22.0091 0x0e4c  Detect skipped due to KSN trusted
20:20:22.0091 0x0e4c  TCPIP6 - ok
20:20:22.0138 0x0e4c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:20:22.0138 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519, sha256: 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784
20:20:22.0138 0x0e4c  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
20:20:25.0289 0x0e4c  Detect skipped due to KSN trusted
20:20:25.0289 0x0e4c  tcpipreg - ok
20:20:25.0352 0x0e4c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:20:25.0352 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
20:20:25.0352 0x0e4c  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
20:20:27.0895 0x0e4c  Detect skipped due to KSN trusted
20:20:27.0895 0x0e4c  TDPIPE - ok
20:20:27.0941 0x0e4c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:20:27.0957 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
20:20:27.0957 0x0e4c  TDTCP - detected LockedFile.Multi.Generic ( 1 )
20:20:31.0795 0x0e4c  Detect skipped due to KSN trusted
20:20:31.0795 0x0e4c  TDTCP - ok
20:20:31.0857 0x0e4c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:20:31.0857 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
20:20:31.0857 0x0e4c  tdx - detected LockedFile.Multi.Generic ( 1 )
20:20:36.0272 0x0e4c  Detect skipped due to KSN trusted
20:20:36.0272 0x0e4c  tdx - ok
20:20:36.0319 0x0e4c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:20:36.0319 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
20:20:36.0319 0x0e4c  TermDD - detected LockedFile.Multi.Generic ( 1 )
20:20:38.0862 0x0e4c  Detect skipped due to KSN trusted
20:20:38.0862 0x0e4c  TermDD - ok
20:20:38.0940 0x0e4c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
20:20:39.0049 0x0e4c  TermService - ok
20:20:39.0080 0x0e4c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:20:39.0111 0x0e4c  Themes - ok
20:20:39.0127 0x0e4c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:20:39.0158 0x0e4c  THREADORDER - ok
20:20:39.0174 0x0e4c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:20:39.0236 0x0e4c  TrkWks - ok
20:20:39.0314 0x0e4c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:20:39.0392 0x0e4c  TrustedInstaller - ok
20:20:39.0423 0x0e4c  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:20:39.0423 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30, sha256: CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC
20:20:39.0423 0x0e4c  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
20:20:41.0935 0x0e4c  Detect skipped due to KSN trusted
20:20:41.0935 0x0e4c  tssecsrv - ok
20:20:41.0997 0x0e4c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:20:41.0997 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
20:20:41.0997 0x0e4c  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
20:20:44.0540 0x0e4c  Detect skipped due to KSN trusted
20:20:44.0540 0x0e4c  TsUsbFlt - ok
20:20:44.0618 0x0e4c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:20:44.0618 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
20:20:44.0618 0x0e4c  tunnel - detected LockedFile.Multi.Generic ( 1 )
20:20:47.0145 0x0e4c  Detect skipped due to KSN trusted
20:20:47.0145 0x0e4c  tunnel - ok
20:20:47.0208 0x0e4c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:20:47.0208 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
20:20:47.0208 0x0e4c  uagp35 - detected LockedFile.Multi.Generic ( 1 )
20:20:50.0983 0x0e4c  Detect skipped due to KSN trusted
20:20:50.0983 0x0e4c  uagp35 - ok
20:20:51.0045 0x0e4c  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
20:20:51.0045 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\UBHelper.sys. md5: 2E22C1FD397A5A9FFEF55E9D1FC96C00, sha256: 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D
20:20:51.0045 0x0e4c  UBHelper - detected LockedFile.Multi.Generic ( 1 )
20:20:53.0916 0x0e4c  Detect skipped due to KSN trusted
20:20:53.0916 0x0e4c  UBHelper - ok
20:20:53.0994 0x0e4c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:20:53.0994 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
20:20:54.0009 0x0e4c  udfs - detected LockedFile.Multi.Generic ( 1 )
20:20:56.0521 0x0e4c  Detect skipped due to KSN trusted
20:20:56.0521 0x0e4c  udfs - ok
20:20:56.0599 0x0e4c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:20:56.0630 0x0e4c  UI0Detect - ok
20:20:56.0661 0x0e4c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:20:56.0661 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
20:20:56.0661 0x0e4c  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
20:20:59.0157 0x0e4c  Detect skipped due to KSN trusted
20:20:59.0157 0x0e4c  uliagpkx - ok
20:20:59.0235 0x0e4c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
20:20:59.0235 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
20:20:59.0235 0x0e4c  umbus - detected LockedFile.Multi.Generic ( 1 )
20:21:01.0762 0x0e4c  Detect skipped due to KSN trusted
20:21:01.0762 0x0e4c  umbus - ok
20:21:01.0825 0x0e4c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:21:01.0825 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
20:21:01.0825 0x0e4c  UmPass - detected LockedFile.Multi.Generic ( 1 )
20:21:04.0336 0x0e4c  Detect skipped due to KSN trusted
20:21:04.0336 0x0e4c  UmPass - ok
20:21:04.0461 0x0e4c  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
20:21:04.0508 0x0e4c  Updater Service - ok
20:21:04.0570 0x0e4c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:21:04.0664 0x0e4c  upnphost - ok
20:21:04.0695 0x0e4c  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:21:04.0695 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: FB251567F41BC61988B26731DEC19E4B, sha256: 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2
20:21:04.0695 0x0e4c  USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
20:21:07.0222 0x0e4c  Detect skipped due to KSN trusted
20:21:07.0222 0x0e4c  USBAAPL64 - ok
20:21:07.0285 0x0e4c  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:07.0285 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C, sha256: 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12
20:21:07.0285 0x0e4c  usbccgp - detected LockedFile.Multi.Generic ( 1 )
20:21:09.0812 0x0e4c  Detect skipped due to KSN trusted
20:21:09.0812 0x0e4c  usbccgp - ok
20:21:09.0890 0x0e4c  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:21:09.0890 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
20:21:09.0890 0x0e4c  usbcir - detected LockedFile.Multi.Generic ( 1 )
20:21:12.0885 0x0e4c  Detect skipped due to KSN trusted
20:21:12.0885 0x0e4c  usbcir - ok
20:21:12.0948 0x0e4c  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:21:12.0948 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B, sha256: D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9
20:21:12.0948 0x0e4c  usbehci - detected LockedFile.Multi.Generic ( 1 )
20:21:15.0522 0x0e4c  Detect skipped due to KSN trusted
20:21:15.0522 0x0e4c  usbehci - ok
20:21:15.0631 0x0e4c  [ 2C780746DC44A28FE67004DC58173F05, 9E0596CE35C7430A31A7E77B4D12A1F521B9ED8EB0614E6FB38403AC614C3EE3 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:21:15.0631 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbfilter.sys. md5: 2C780746DC44A28FE67004DC58173F05, sha256: 9E0596CE35C7430A31A7E77B4D12A1F521B9ED8EB0614E6FB38403AC614C3EE3
20:21:15.0646 0x0e4c  usbfilter - detected LockedFile.Multi.Generic ( 1 )
20:21:18.0158 0x0e4c  Detect skipped due to KSN trusted
20:21:18.0158 0x0e4c  usbfilter - ok
20:21:18.0220 0x0e4c  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:21:18.0220 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24, sha256: 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E
20:21:18.0220 0x0e4c  usbhub - detected LockedFile.Multi.Generic ( 1 )
20:21:20.0997 0x0e4c  Detect skipped due to KSN trusted
20:21:20.0997 0x0e4c  usbhub - ok
20:21:21.0044 0x0e4c  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:21:21.0044 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31, sha256: 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0
20:21:21.0044 0x0e4c  usbohci - detected LockedFile.Multi.Generic ( 1 )
20:21:23.0883 0x0e4c  Detect skipped due to KSN trusted
20:21:23.0883 0x0e4c  usbohci - ok
20:21:23.0961 0x0e4c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:21:23.0961 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
20:21:23.0961 0x0e4c  usbprint - detected LockedFile.Multi.Generic ( 1 )
20:21:26.0457 0x0e4c  Detect skipped due to KSN trusted
20:21:26.0457 0x0e4c  usbprint - ok
20:21:26.0520 0x0e4c  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:21:26.0520 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0, sha256: 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42
20:21:26.0520 0x0e4c  usbscan - detected LockedFile.Multi.Generic ( 1 )
20:21:29.0078 0x0e4c  Detect skipped due to KSN trusted
20:21:29.0078 0x0e4c  usbscan - ok
20:21:29.0125 0x0e4c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:29.0125 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
20:21:29.0125 0x0e4c  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
20:21:32.0198 0x0e4c  Detect skipped due to KSN trusted
20:21:32.0198 0x0e4c  USBSTOR - ok
20:21:32.0245 0x0e4c  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:21:32.0245 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD, sha256: C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25
20:21:32.0245 0x0e4c  usbuhci - detected LockedFile.Multi.Generic ( 1 )
20:21:34.0928 0x0e4c  Detect skipped due to KSN trusted
20:21:34.0928 0x0e4c  usbuhci - ok
20:21:35.0006 0x0e4c  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:21:35.0022 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50, sha256: 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44
20:21:35.0022 0x0e4c  usbvideo - detected LockedFile.Multi.Generic ( 1 )
20:21:37.0533 0x0e4c  Detect skipped due to KSN trusted
20:21:37.0533 0x0e4c  usbvideo - ok
20:21:37.0596 0x0e4c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:21:37.0674 0x0e4c  UxSms - ok
20:21:37.0689 0x0e4c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
20:21:37.0705 0x0e4c  VaultSvc - ok
20:21:37.0736 0x0e4c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:21:37.0736 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
20:21:37.0736 0x0e4c  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
20:21:40.0248 0x0e4c  Detect skipped due to KSN trusted
20:21:40.0248 0x0e4c  vdrvroot - ok
20:21:40.0341 0x0e4c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:21:40.0419 0x0e4c  vds - ok
20:21:40.0482 0x0e4c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:40.0482 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
20:21:40.0497 0x0e4c  vga - detected LockedFile.Multi.Generic ( 1 )
20:21:43.0024 0x0e4c  Detect skipped due to KSN trusted
20:21:43.0024 0x0e4c  vga - ok
20:21:43.0071 0x0e4c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:21:43.0071 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
20:21:43.0071 0x0e4c  VgaSave - detected LockedFile.Multi.Generic ( 1 )
20:21:45.0567 0x0e4c  Detect skipped due to KSN trusted
20:21:45.0567 0x0e4c  VgaSave - ok
20:21:45.0661 0x0e4c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:21:45.0661 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
20:21:45.0661 0x0e4c  vhdmp - detected LockedFile.Multi.Generic ( 1 )
20:21:48.0188 0x0e4c  Detect skipped due to KSN trusted
20:21:48.0188 0x0e4c  vhdmp - ok
20:21:48.0235 0x0e4c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:21:48.0235 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
20:21:48.0235 0x0e4c  viaide - detected LockedFile.Multi.Generic ( 1 )
20:21:50.0762 0x0e4c  Detect skipped due to KSN trusted
20:21:50.0762 0x0e4c  viaide - ok
20:21:50.0809 0x0e4c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:21:50.0809 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
20:21:50.0809 0x0e4c  volmgr - detected LockedFile.Multi.Generic ( 1 )
20:21:53.0336 0x0e4c  Detect skipped due to KSN trusted
20:21:53.0336 0x0e4c  volmgr - ok
20:21:53.0414 0x0e4c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:21:53.0414 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
20:21:53.0414 0x0e4c  volmgrx - detected LockedFile.Multi.Generic ( 1 )
20:21:55.0957 0x0e4c  Detect skipped due to KSN trusted
20:21:55.0957 0x0e4c  volmgrx - ok
20:21:56.0019 0x0e4c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:21:56.0019 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
20:21:56.0019 0x0e4c  volsnap - detected LockedFile.Multi.Generic ( 1 )
20:21:58.0718 0x0e4c  Detect skipped due to KSN trusted
20:21:58.0718 0x0e4c  volsnap - ok
20:21:58.0827 0x0e4c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:21:58.0827 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
20:21:58.0827 0x0e4c  vsmraid - detected LockedFile.Multi.Generic ( 1 )
20:22:01.0651 0x0e4c  Detect skipped due to KSN trusted
20:22:01.0651 0x0e4c  vsmraid - ok
20:22:01.0807 0x0e4c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:22:01.0932 0x0e4c  VSS - ok
20:22:01.0947 0x0e4c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:22:01.0947 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
20:22:01.0947 0x0e4c  vwifibus - detected LockedFile.Multi.Generic ( 1 )
20:22:04.0459 0x0e4c  Detect skipped due to KSN trusted
20:22:04.0459 0x0e4c  vwifibus - ok
20:22:04.0506 0x0e4c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:22:04.0521 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
20:22:04.0521 0x0e4c  vwififlt - detected LockedFile.Multi.Generic ( 1 )
20:22:07.0048 0x0e4c  Detect skipped due to KSN trusted
20:22:07.0048 0x0e4c  vwififlt - ok
20:22:07.0142 0x0e4c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:22:07.0267 0x0e4c  W32Time - ok
20:22:07.0282 0x0e4c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:22:07.0282 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
20:22:07.0282 0x0e4c  WacomPen - detected LockedFile.Multi.Generic ( 1 )
20:22:09.0794 0x0e4c  Detect skipped due to KSN trusted
20:22:09.0794 0x0e4c  WacomPen - ok
20:22:09.0856 0x0e4c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:22:09.0856 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
20:22:09.0856 0x0e4c  WANARP - detected LockedFile.Multi.Generic ( 1 )
20:22:12.0384 0x0e4c  Detect skipped due to KSN trusted
20:22:12.0384 0x0e4c  WANARP - ok
20:22:12.0430 0x0e4c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:22:12.0430 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
20:22:12.0430 0x0e4c  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
20:22:12.0430 0x0e4c  Detect skipped due to KSN trusted
20:22:12.0430 0x0e4c  Wanarpv6 - ok
20:22:12.0462 0x0e4c  [ ECEB715BECE47E101DDEC06B11126066, 6BD577D6EABD48B1BA31955DB3DEEE68528EA54375CA64D233B723D161B45CBA ] wanatw          C:\Windows\system32\DRIVERS\wanatw64.sys
20:22:12.0462 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanatw64.sys. md5: ECEB715BECE47E101DDEC06B11126066, sha256: 6BD577D6EABD48B1BA31955DB3DEEE68528EA54375CA64D233B723D161B45CBA
20:22:12.0462 0x0e4c  wanatw - detected LockedFile.Multi.Generic ( 1 )
20:22:15.0145 0x0e4c  Detect skipped due to KSN trusted
20:22:15.0145 0x0e4c  wanatw - ok
20:22:15.0285 0x0e4c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:22:15.0379 0x0e4c  wbengine - ok
20:22:15.0426 0x0e4c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:22:15.0441 0x0e4c  WbioSrvc - ok
20:22:15.0488 0x0e4c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:22:15.0519 0x0e4c  wcncsvc - ok
20:22:15.0535 0x0e4c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:22:15.0566 0x0e4c  WcsPlugInService - ok
20:22:15.0628 0x0e4c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:22:15.0628 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
20:22:15.0628 0x0e4c  Wd - detected LockedFile.Multi.Generic ( 1 )
20:22:18.0156 0x0e4c  Detect skipped due to KSN trusted
20:22:18.0156 0x0e4c  Wd - ok
20:22:18.0265 0x0e4c  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:22:18.0265 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
20:22:18.0265 0x0e4c  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
20:22:20.0761 0x0e4c  Detect skipped due to KSN trusted
20:22:20.0761 0x0e4c  Wdf01000 - ok
20:22:20.0823 0x0e4c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:22:20.0932 0x0e4c  WdiServiceHost - ok
20:22:20.0932 0x0e4c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:22:20.0964 0x0e4c  WdiSystemHost - ok
20:22:21.0073 0x0e4c  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
20:22:21.0291 0x0e4c  WebClient - ok
20:22:21.0322 0x0e4c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:22:21.0385 0x0e4c  Wecsvc - ok
20:22:21.0400 0x0e4c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:22:21.0463 0x0e4c  wercplsupport - ok
20:22:21.0494 0x0e4c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:22:21.0541 0x0e4c  WerSvc - ok
20:22:21.0588 0x0e4c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:22:21.0588 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
20:22:21.0603 0x0e4c  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
20:22:25.0113 0x0e4c  Detect skipped due to KSN trusted
20:22:25.0113 0x0e4c  WfpLwf - ok
20:22:25.0160 0x0e4c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:22:25.0160 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
20:22:25.0160 0x0e4c  WIMMount - detected LockedFile.Multi.Generic ( 1 )
20:22:27.0687 0x0e4c  Detect skipped due to KSN trusted
20:22:27.0687 0x0e4c  WIMMount - ok
20:22:27.0734 0x0e4c  WinDefend - ok
20:22:27.0750 0x0e4c  WinHttpAutoProxySvc - ok
20:22:27.0843 0x0e4c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:22:27.0921 0x0e4c  Winmgmt - ok
20:22:28.0031 0x0e4c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:22:28.0202 0x0e4c  WinRM - ok
20:22:28.0265 0x0e4c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:22:28.0265 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
20:22:28.0265 0x0e4c  WinUsb - detected LockedFile.Multi.Generic ( 1 )
20:22:30.0776 0x0e4c  Detect skipped due to KSN trusted
20:22:30.0776 0x0e4c  WinUsb - ok
20:22:30.0901 0x0e4c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:22:30.0963 0x0e4c  Wlansvc - ok
20:22:30.0995 0x0e4c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:22:30.0995 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
20:22:30.0995 0x0e4c  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
20:22:33.0974 0x0e4c  Detect skipped due to KSN trusted
20:22:33.0974 0x0e4c  WmiAcpi - ok
20:22:34.0068 0x0e4c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:22:34.0146 0x0e4c  wmiApSrv - ok
20:22:34.0193 0x0e4c  WMPNetworkSvc - ok
20:22:34.0224 0x0e4c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:22:34.0271 0x0e4c  WPCSvc - ok
20:22:34.0302 0x0e4c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:22:34.0317 0x0e4c  WPDBusEnum - ok
20:22:34.0349 0x0e4c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:22:34.0349 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
20:22:34.0349 0x0e4c  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
20:22:37.0328 0x0e4c  Detect skipped due to KSN trusted
20:22:37.0328 0x0e4c  ws2ifsl - ok
20:22:37.0391 0x0e4c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
20:22:37.0453 0x0e4c  wscsvc - ok
20:22:37.0469 0x0e4c  WSearch - ok
20:22:37.0593 0x0e4c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:22:37.0718 0x0e4c  wuauserv - ok
20:22:37.0765 0x0e4c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:22:37.0765 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C, sha256: 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9
20:22:37.0765 0x0e4c  WudfPf - detected LockedFile.Multi.Generic ( 1 )
20:22:40.0292 0x0e4c  Detect skipped due to KSN trusted
20:22:40.0292 0x0e4c  WudfPf - ok
20:22:40.0386 0x0e4c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:40.0386 0x0e4c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682, sha256: FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF
20:22:40.0386 0x0e4c  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
20:22:43.0100 0x0e4c  Detect skipped due to KSN trusted
20:22:43.0100 0x0e4c  WUDFRd - ok
20:22:43.0178 0x0e4c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:22:43.0241 0x0e4c  wudfsvc - ok
20:22:43.0287 0x0e4c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:22:43.0350 0x0e4c  WwanSvc - ok
20:22:43.0365 0x0e4c  ================ Scan global ===============================
20:22:43.0397 0x0e4c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:22:43.0459 0x0e4c  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
20:22:43.0490 0x0e4c  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
20:22:43.0521 0x0e4c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:22:43.0568 0x0e4c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:22:43.0599 0x0e4c  [ Global ] - ok
20:22:43.0599 0x0e4c  ================ Scan MBR ==================================
20:22:43.0615 0x0e4c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:22:44.0114 0x0e4c  \Device\Harddisk0\DR0 - ok
20:22:44.0114 0x0e4c  ================ Scan VBR ==================================
20:22:44.0130 0x0e4c  [ 4B6644EFE62D91082CF16C90B3549444 ] \Device\Harddisk0\DR0\Partition1
20:22:44.0130 0x0e4c  \Device\Harddisk0\DR0\Partition1 - ok
20:22:44.0130 0x0e4c  [ 27F5C2BD49B2DB95C9923D3E0AC1683C ] \Device\Harddisk0\DR0\Partition2
20:22:44.0145 0x0e4c  \Device\Harddisk0\DR0\Partition2 - ok
20:22:44.0145 0x0e4c  ================ Scan generic autorun ======================
20:22:44.0239 0x0e4c  [ 220BC54C446F88CFAAD689CCBDE591E3, C86E1B9E407E7C29B9977EBDE6CFA2BCB1E22BB88A51B5FD723A013E807B593C ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
20:22:44.0286 0x0e4c  AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
20:22:46.0813 0x0e4c  Detect skipped due to KSN trusted
20:22:46.0813 0x0e4c  AmIcoSinglun64 - ok
20:22:47.0312 0x0e4c  [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:22:47.0624 0x0e4c  RtHDVCpl - ok
20:22:47.0640 0x0e4c  SynTPEnh - ok
20:22:47.0796 0x0e4c  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
20:22:47.0827 0x0e4c  Acer ePower Management - ok
20:22:47.0889 0x0e4c  [ 0600CB2613BEA0C6C0987B58D56D77B9, BFA2AC5BBC90E49A7A1C4D890C79ED4A757CB4C9C8215174F51430962BF346F4 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
20:22:47.0905 0x0e4c  Adobe Reader Speed Launcher - ok
20:22:47.0967 0x0e4c  [ 7058789A404F46A351D6229954CA3E19, 5E7991D75E344C5891B0848F625FF716C0DFBA54453A9481F3447F16622B21FB ] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
20:22:47.0999 0x0e4c  BackupManagerTray - ok
20:22:48.0061 0x0e4c  [ 21EE540CC1AC0F16E34BE3D84BF93269, 1A4F67879043DCD622F9280E359D9BB189EF1C2FF23FB101606808740EA25B42 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:22:48.0092 0x0e4c  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:22:51.0025 0x0e4c  Detect skipped due to KSN trusted
20:22:51.0025 0x0e4c  StartCCC - ok
20:22:51.0150 0x0e4c  [ 38218E47372B77DDB3C9DDD4390CB960, C665FCFE08A4C1F9C3FBA73A220AAB7344C2BF203B62FAB76EF1F659A78F007C ] C:\Program Files (x86)\Launch Manager\LManager.exe
20:22:51.0181 0x0e4c  LManager - ok
20:22:51.0275 0x0e4c  [ C482C535CBFEFE722EC1EB7F11F680A3, D7374A4BFEF274F7E33FDA40AA8ED8D8F78448E745A27032FE80475D5B1FAA63 ] C:\Program Files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe
20:22:51.0290 0x0e4c  HostManager - ok
20:22:51.0415 0x0e4c  [ B63E5C7807334A3A8F731062F15462CC, F4E501F749C10C44E8F501A34D8DD309892968BE70DA17734267BBCDDC351444 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:22:51.0446 0x0e4c  Adobe ARM - ok
20:22:51.0524 0x0e4c  [ 13E7CFE8E269ED15E7FC9C3EBBCB7E2B, 3B64263BA305F094B09B1961621C50CA6F9771F80CAC9F916B18BB0C7753A662 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:22:51.0540 0x0e4c  SunJavaUpdateSched - ok
20:22:51.0587 0x0e4c  [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:22:51.0602 0x0e4c  APSDaemon - ok
20:22:51.0649 0x0e4c  [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
20:22:51.0680 0x0e4c  iTunesHelper - ok
20:22:51.0774 0x0e4c  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
20:22:51.0789 0x0e4c  HP Software Update - ok
20:22:51.0930 0x0e4c  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
20:22:52.0023 0x0e4c  HP Officejet 6600 (NET) - ok
20:22:52.0023 0x0e4c  Waiting for KSN requests completion. In queue: 12
20:22:53.0037 0x0e4c  Waiting for KSN requests completion. In queue: 12
20:22:54.0051 0x0e4c  Waiting for KSN requests completion. In queue: 8
20:22:55.0112 0x0e4c  Win FW state via NFP2: enabled
20:22:57.0546 0x0e4c  ============================================================
20:22:57.0546 0x0e4c  Scan finished
20:22:57.0546 0x0e4c  ============================================================
20:22:57.0561 0x0d64  Detected object count: 1
20:22:57.0561 0x0d64  Actual detected object count: 1
20:32:28.0909 0x0d64  C:\Windows\System32\Drivers\d14786642ba85cc9.sys - copied to quarantine
20:32:28.0924 0x0d64  HKLM\SYSTEM\ControlSet001\services\d14786642ba85cc9 - will be deleted on reboot
20:32:28.0940 0x0d64  HKLM\SYSTEM\ControlSet002\services\d14786642ba85cc9 - will be deleted on reboot
20:32:29.0143 0x0d64  C:\Windows\System32\Drivers\d14786642ba85cc9.sys - will be deleted on reboot
20:32:29.0143 0x0d64  d14786642ba85cc9 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
20:32:29.0860 0x0d64  KLMD registered as C:\Windows\system32\drivers\18835949.sys
20:32:37.0614 0x0c4c  Deinitialize success

beim zweiten Lauf hat der tdsskiller nichts mehr gefunden.

Nun noch die Logs von FRST

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Sonja (administrator) on LÄPPI on 24-02-2015 20:43:48
Running from C:\Users\Sonja\Desktop
Loaded Profiles: Sonja (Available profiles: Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1302722312\ee\aolsoftware.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 20:32 - 2015-02-24 20:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-23 19:01 - 2015-02-23 19:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sonja\Desktop\tdsskiller.exe
2015-02-22 16:33 - 2015-02-22 16:33 - 00852594 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe
2015-02-22 14:31 - 2015-02-22 14:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-22 10:00 - 2015-02-22 10:00 - 02347384 _____ (ESET) C:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe
2015-02-21 16:25 - 2015-02-21 16:25 - 00001706 _____ () C:\Users\Sonja\Desktop\MBAM.txt
2015-02-21 16:16 - 2015-02-23 18:58 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion
2015-02-21 16:15 - 2015-02-21 16:15 - 00001403 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-02-21 16:04 - 2015-02-21 16:08 - 00000000 ____D () C:\AdwCleaner
2015-02-21 15:50 - 2015-02-21 16:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 15:50 - 2015-02-21 15:50 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 15:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 15:48 - 2015-02-21 15:48 - 01388274 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-02-21 15:47 - 2015-02-21 15:47 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-02-21 15:46 - 2015-02-21 15:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-15 17:03 - 2015-02-15 17:03 - 00014219 _____ () C:\ComboFix.txt
2015-02-15 16:30 - 2015-02-15 17:04 - 00000000 ____D () C:\Qoobox
2015-02-15 16:30 - 2015-02-15 17:00 - 00000000 ____D () C:\Windows\erdnt
2015-02-15 16:30 - 2015-02-15 16:30 - 05611771 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-02-15 16:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 16:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 16:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 15:01 - 2015-02-22 16:38 - 00044177 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-02-15 15:00 - 2015-02-24 20:44 - 00012324 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-02-15 15:00 - 2015-02-24 20:43 - 00000000 ____D () C:\FRST
2015-02-15 15:00 - 2015-02-23 18:58 - 02087424 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 20:43 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 20:43 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 20:38 - 2010-12-08 17:57 - 01146411 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 20:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 20:35 - 2009-07-14 05:51 - 00127291 _____ () C:\Windows\setupact.log
2015-02-23 18:59 - 2011-03-28 19:34 - 00292616 _____ () C:\Windows\PFRO.log
2015-02-21 16:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Malwarebytes
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-15 16:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 16:48 - 2009-07-14 03:34 - 58982400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-15 14:53 - 2012-04-09 19:30 - 00000000 ____D () C:\Users\Sonja\Documents\1
2015-02-12 21:43 - 2012-06-20 20:14 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\SoftGrid Client
2015-01-27 08:14 - 2010-12-08 18:02 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-23 16:48 - 2013-06-23 16:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Sonja\bigfishgames_p150955713_s2_l2.exe


Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-02-24 17:47

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Sonja at 2015-02-24 20:44:58
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10 Tage Unter Dem Meer (HKLM-x32\...\BFG-10 Tage Unter Dem Meer) (Version:  - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version:  - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Amaranthine Voyage: Die Schatten des Wanderers Sammleredition (HKLM-x32\...\BFG-Amaranthine Voyage - Die Schatten des Wanderers Sammleredition) (Version:  - )
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Quest (HKLM-x32\...\BFG-Arctic Quest) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Ausfüllen und ankreuzen: Piratenrätsel (HKLM-x32\...\BFG-Ausfuellen und ankreuzen - Piratenraetsel) (Version:  - )
Avalon Legends Solitaire (HKLM-x32\...\BFG-Avalon Legends Solitaire) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barn Yarn (HKLM-x32\...\BFG-Barn Yarn) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 16.001.06.00.761 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Bubble Shooter (HKLM-x32\...\fbe83e4b6f63f3e850ac3907350adb95) (Version:  - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calavera: Tag der Toten Sammleredition (HKLM-x32\...\BFG-Calavera - Tag der Toten Sammleredition) (Version:  - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version:  - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version:  - )
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
Christmas Stories: Eine Weihnachtsgeschichte (HKLM-x32\...\BFG-Christmas Stories - Eine Weihnachtsgeschichte) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cooking Dash(R) 3 - Thrills & Spills (HKLM-x32\...\08ab9cbf5344299c7d466bd8e94d7e0a) (Version:  - )
Dark Dimensions: Stadt im Nebel Sammleredition (HKLM-x32\...\BFG-Dark Dimensions - Stadt im Nebel Sammleredition) (Version:  - )
Das Haus am See - Kinder der Stille Sammleredition (HKLM-x32\...\BFG-Das Haus am See - Kinder der Stille Sammleredition) (Version:  - )
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version:  - )
Die verzauberten Inseln (HKLM-x32\...\BFG-Die verzauberten Inseln) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dr. Mal: Practice of Horror (HKLM-x32\...\BFG-Dr. Mal - Practice of Horror) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
Dream Hills: Gestohlene Magie (HKLM-x32\...\BFG-Dream Hills - Gestohlene Magie) (Version:  - )
Druid Kingdom (HKLM-x32\...\BFG-Druid Kingdom) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.1.1.8531 - Landesfinanzdirektion Thüringen)
ElsterFormular-Update (HKLM-x32\...\ElsterFormular für Unternehmer 12.2.1.6570u) (Version: 1.0 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evy: Magische Kugeln (HKLM-x32\...\BFG-Evy - Magische Kugeln) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy 3 (HKLM-x32\...\BFG-Farm Frenzy 3) (Version:  - )
Farm Frenzy: Frische Fische (HKLM-x32\...\BFG-Farm Frenzy - Frische Fische) (Version:  - )
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes(TM) Premium Edition (HKLM-x32\...\00e1b559ced624f1a3ef930630c2d865) (Version:  - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version:  - )
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version:  - )
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Hyperballoid 2 (HKLM-x32\...\BFG-Hyperballoid 2) (Version:  - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Ice Cream Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\BFG-Imperial Island - Ursprung eines Imperiums) (Version:  - )
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Island Tribe 4 (HKLM-x32\...\BFG-Island Tribe 4) (Version:  - )
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Jewel Match 3 (HKLM-x32\...\BFG-Jewel Match 3) (Version:  - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle vs. Droids (HKLM-x32\...\BFG-Jungle vs. Droids) (Version:  - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kingdom Chronicles Sammleredition (HKLM-x32\...\BFG-Kingdom Chronicles Sammleredition) (Version:  - )
Kingdom Tales (HKLM-x32\...\BFG-Kingdom Tales) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\BFG-Legends of Solitaire - Der Fluch des Drachen) (Version:  - )
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein Landleben 2 (HKLM-x32\...\BFG-Mein Landleben 2) (Version:  - )
Meridian: Zeitalter der Erfindungen (HKLM-x32\...\BFG-Meridian - Zeitalter der Erfindungen) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MOAI: Erschaffe deinen Traum (HKLM-x32\...\BFG-MOAI - Erschaffe deinen Traum) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystika 2: Die Zuflucht (HKLM-x32\...\BFG-Mystika 2 - Die Zuflucht) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{3b53cb85-2662-4bb8-968c-a4f4e8e06353}) (Version:  - Nero AG)
Netzwerkhandbuch EPSON SX440 Series (HKLM-x32\...\EPSON SX440 Series Netg) (Version:  - )
Northern Tale 4 (HKLM-x32\...\BFG-Northern Tale 4) (Version:  - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Rainbow Web 3 (HKLM-x32\...\BFG-Rainbow Web 3) (Version:  - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version:  - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version:  - )
Royal Envoy 3 (HKLM-x32\...\BFG-Royal Envoy 3) (Version:  - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version:  - )
Rush for Gold: Alaska (HKLM-x32\...\BFG-Rush for Gold - Alaska) (Version:  - )
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version:  - )
Spooky Mall (HKLM-x32\...\BFG-Spooky Mall) (Version:  - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
The Treasures of Montezuma 2 (HKLM-x32\...\b3dd4d4fb8b29537c9286bf9aa3be254) (Version:  - )
Tibet Quest (HKLM-x32\...\BFG-Tibet Quest) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.4.6 - liteon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Weihnachtswunderland (HKLM-x32\...\BFG-Weihnachtswunderland) (Version:  - )
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3005 - Packard Bell)
WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Word Monaco (HKLM-x32\...\BFG-Word Monaco) (Version:  - )
World Mosaics 2 (HKLM-x32\...\BFG-World Mosaics 2) (Version:  - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version:  - )
Youda Survivor 2 (HKLM-x32\...\BFG-Youda Survivor 2) (Version:  - )
Youda Survivor 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zombie Solitaire (HKLM-x32\...\BFG-Zombie Solitaire) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

30-09-2014 19:42:41 Geplanter Prüfpunkt
24-10-2014 13:09:03 Geplanter Prüfpunkt
02-11-2014 20:09:52 Geplanter Prüfpunkt
11-11-2014 17:59:51 Geplanter Prüfpunkt
23-11-2014 20:34:25 Geplanter Prüfpunkt
30-11-2014 20:49:57 Geplanter Prüfpunkt
09-12-2014 18:28:43 Geplanter Prüfpunkt
23-12-2014 11:02:09 Geplanter Prüfpunkt
03-01-2015 20:43:27 Geplanter Prüfpunkt
19-01-2015 13:10:46 Geplanter Prüfpunkt
26-01-2015 19:03:51 Geplanter Prüfpunkt
04-02-2015 21:24:47 Geplanter Prüfpunkt
14-02-2015 11:40:34 Geplanter Prüfpunkt
21-02-2015 14:57:24 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-15 16:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {045C0764-10AA-44D6-8A74-6569D0DD7A7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A79FCD3E-A7F5-4509-B2BC-067FF1539D85} - System32\Tasks\{97D45397-06F7-4FCB-B931-1382A8F0BFB1} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.370/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B899A2CB-EB5B-4489-BD42-6848BC970444} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F12E6247-518A-4F2D-BD21-86C9BD4C8F2C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) ==============

2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2010-12-09 02:31 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-01-17 15:19 - 2011-04-16 16:05 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:0406003C
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:06B8FE62
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:08D8BB20
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:113787F5
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:14D29229
AlternateDataStreams: C:\ProgramData\Temp:18B3AE54
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
AlternateDataStreams: C:\ProgramData\Temp:20EB6823
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:3B622E21
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3D033DEC
AlternateDataStreams: C:\ProgramData\Temp:3E988A0F
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:425759C6
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:436BE28C
AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:4A853310
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4FE884C2
AlternateDataStreams: C:\ProgramData\Temp:51E83E25
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:587F3582
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5A437AC3
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5BC73C48
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:61FEC5E3
AlternateDataStreams: C:\ProgramData\Temp:639F0420
AlternateDataStreams: C:\ProgramData\Temp:66AA0486
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:6AD65294
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6EA64886
AlternateDataStreams: C:\ProgramData\Temp:701B92FB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:73461BFA
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:803039D6
AlternateDataStreams: C:\ProgramData\Temp:8140CB50
AlternateDataStreams: C:\ProgramData\Temp:81653DC8
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:85376176
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:8866C899
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:938EC881
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9CF728A6
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D2DE4B4
AlternateDataStreams: C:\ProgramData\Temp:9DA44E6B
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4ACFB14
AlternateDataStreams: C:\ProgramData\Temp:A745DB5D
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A899E64E
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA92F7C7
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:AD020DC3
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8
AlternateDataStreams: C:\ProgramData\Temp:B268A25C
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B83F1B83
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BACB6B6C
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BEB6D0B2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C3392F75
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D1979811
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DEEA5B0E
AlternateDataStreams: C:\ProgramData\Temp:E06963C0
AlternateDataStreams: C:\ProgramData\Temp:E07230CC
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E2CB42C9
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
AlternateDataStreams: C:\ProgramData\Temp:E4FD113F
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EB333CFC
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED221572
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F43B7E8F
AlternateDataStreams: C:\ProgramData\Temp:F53B274A
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29323582.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53853283.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84531758.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29323582.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53853283.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84531758.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1217486657-1501702325-3848289321-500 - Administrator - Disabled)
Gast (S-1-5-21-1217486657-1501702325-3848289321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1217486657-1501702325-3848289321-1003 - Limited - Enabled)
Sonja (S-1-5-21-1217486657-1501702325-3848289321-1001 - Administrator - Enabled) => C:\Users\Sonja

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2015 08:21:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/24/2015 08:13:48 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (02/24/2015 07:21:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16483 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10c8

Startzeit: 01d0505dc6cd8612

Endzeit: 110

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (02/24/2015 05:48:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "Packard Bell (C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Zugriff verweigert (0x80070005)

Error: (02/24/2015 08:14:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 07:15:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 05:44:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/22/2015 04:41:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:31:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/24/2015 08:36:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: 0x80070057

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0x80070505

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14356) (User: )
Description: 0x80070057

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0x80070505

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0x80070505

Error: (02/24/2015 08:13:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (02/21/2015 04:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (02/24/2015 08:21:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/24/2015 08:13:48 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7601.17514

Error: (02/24/2015 07:21:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1648310c801d0505dc6cd8612110C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (02/24/2015 05:48:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Packard Bell (C:)Zugriff verweigert (0x80070005)

Error: (02/24/2015 08:14:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 07:15:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 05:44:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/22/2015 04:41:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/22/2015 02:31:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-15 19:29:27.666
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\92d6c1.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-15 19:29:27.417
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\92d6c1.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-15 16:41:58.983
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-15 16:41:58.749
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II P340 Dual-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 3838.17 MB
Available physical RAM: 2652.25 MB
Total Pagefile: 7674.53 MB
Available Pagefile: 6422.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:387.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: ED94ED94)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 25.02.2015, 11:48

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte. Noch probleme?

AB12398 · 25.02.2015, 18:50

anbei die Logs. Scheint im Moment keine Probleme zu geben.

fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Sonja at 2015-02-25 18:39:59 Run:2
Running from C:\Users\Sonja\Desktop
Loaded Profiles: Sonja (Available profiles: Sonja)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

*****************


Der Vorgang wurde erfolgreich beendet.

==== End of Fixlog 18:39:59 ====

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Sonja (administrator) on LÄPPI on 25-02-2015 18:45:05
Running from C:\Users\Sonja\Desktop
Loaded Profiles: Sonja (Available profiles: Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1302722312\ee\aolsoftware.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1302722312\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 20:32 - 2015-02-24 20:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-23 19:01 - 2015-02-23 19:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sonja\Desktop\tdsskiller.exe
2015-02-22 16:33 - 2015-02-22 16:33 - 00852594 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe
2015-02-22 14:31 - 2015-02-22 14:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-22 10:00 - 2015-02-22 10:00 - 02347384 _____ (ESET) C:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe
2015-02-21 16:25 - 2015-02-21 16:25 - 00001706 _____ () C:\Users\Sonja\Desktop\MBAM.txt
2015-02-21 16:16 - 2015-02-25 18:39 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion
2015-02-21 16:15 - 2015-02-21 16:15 - 00001403 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-02-21 16:04 - 2015-02-21 16:08 - 00000000 ____D () C:\AdwCleaner
2015-02-21 15:50 - 2015-02-21 16:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 15:50 - 2015-02-21 15:50 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2015-02-21 15:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-21 15:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 15:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 15:48 - 2015-02-21 15:48 - 01388274 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-02-21 15:47 - 2015-02-21 15:47 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-02-21 15:46 - 2015-02-21 15:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-15 17:03 - 2015-02-15 17:03 - 00014219 _____ () C:\ComboFix.txt
2015-02-15 16:30 - 2015-02-15 17:04 - 00000000 ____D () C:\Qoobox
2015-02-15 16:30 - 2015-02-15 17:00 - 00000000 ____D () C:\Windows\erdnt
2015-02-15 16:30 - 2015-02-15 16:30 - 05611771 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-02-15 16:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 16:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 16:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 16:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 15:01 - 2015-02-24 20:45 - 00040038 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-02-15 15:00 - 2015-02-25 18:46 - 00012674 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-02-15 15:00 - 2015-02-25 18:45 - 00000000 ____D () C:\FRST
2015-02-15 15:00 - 2015-02-25 18:39 - 02087936 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 18:44 - 2010-12-08 17:57 - 01153657 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 18:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 18:41 - 2009-07-14 05:51 - 00127403 _____ () C:\Windows\setupact.log
2015-02-25 16:34 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 16:34 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 18:59 - 2011-03-28 19:34 - 00292616 _____ () C:\Windows\PFRO.log
2015-02-21 16:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Malwarebytes
2015-02-21 15:50 - 2012-10-05 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-15 16:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 16:48 - 2009-07-14 03:34 - 58982400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-15 16:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-15 14:53 - 2012-04-09 19:30 - 00000000 ____D () C:\Users\Sonja\Documents\1
2015-02-12 21:43 - 2012-06-20 20:14 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\SoftGrid Client
2015-01-27 08:14 - 2010-12-08 18:02 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-23 16:48 - 2013-06-23 16:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Sonja\bigfishgames_p150955713_s2_l2.exe


Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 17:47

==================== End Of Log ============================

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Sonja at 2015-02-25 18:46:36
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10 Tage Unter Dem Meer (HKLM-x32\...\BFG-10 Tage Unter Dem Meer) (Version:  - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version:  - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Amaranthine Voyage: Die Schatten des Wanderers Sammleredition (HKLM-x32\...\BFG-Amaranthine Voyage - Die Schatten des Wanderers Sammleredition) (Version:  - )
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Quest (HKLM-x32\...\BFG-Arctic Quest) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Ausfüllen und ankreuzen: Piratenrätsel (HKLM-x32\...\BFG-Ausfuellen und ankreuzen - Piratenraetsel) (Version:  - )
Avalon Legends Solitaire (HKLM-x32\...\BFG-Avalon Legends Solitaire) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barn Yarn (HKLM-x32\...\BFG-Barn Yarn) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 16.001.06.00.761 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Bubble Shooter (HKLM-x32\...\fbe83e4b6f63f3e850ac3907350adb95) (Version:  - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calavera: Tag der Toten Sammleredition (HKLM-x32\...\BFG-Calavera - Tag der Toten Sammleredition) (Version:  - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version:  - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version:  - )
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden
Christmas Stories: Eine Weihnachtsgeschichte (HKLM-x32\...\BFG-Christmas Stories - Eine Weihnachtsgeschichte) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cooking Dash(R) 3 - Thrills & Spills (HKLM-x32\...\08ab9cbf5344299c7d466bd8e94d7e0a) (Version:  - )
Dark Dimensions: Stadt im Nebel Sammleredition (HKLM-x32\...\BFG-Dark Dimensions - Stadt im Nebel Sammleredition) (Version:  - )
Das Haus am See - Kinder der Stille Sammleredition (HKLM-x32\...\BFG-Das Haus am See - Kinder der Stille Sammleredition) (Version:  - )
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version:  - )
Die verzauberten Inseln (HKLM-x32\...\BFG-Die verzauberten Inseln) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dr. Mal: Practice of Horror (HKLM-x32\...\BFG-Dr. Mal - Practice of Horror) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
Dream Hills: Gestohlene Magie (HKLM-x32\...\BFG-Dream Hills - Gestohlene Magie) (Version:  - )
Druid Kingdom (HKLM-x32\...\BFG-Druid Kingdom) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.1.1.8531 - Landesfinanzdirektion Thüringen)
ElsterFormular-Update (HKLM-x32\...\ElsterFormular für Unternehmer 12.2.1.6570u) (Version: 1.0 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evy: Magische Kugeln (HKLM-x32\...\BFG-Evy - Magische Kugeln) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy 3 (HKLM-x32\...\BFG-Farm Frenzy 3) (Version:  - )
Farm Frenzy: Frische Fische (HKLM-x32\...\BFG-Farm Frenzy - Frische Fische) (Version:  - )
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes(TM) Premium Edition (HKLM-x32\...\00e1b559ced624f1a3ef930630c2d865) (Version:  - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version:  - )
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version:  - )
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Hyperballoid 2 (HKLM-x32\...\BFG-Hyperballoid 2) (Version:  - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Ice Cream Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\BFG-Imperial Island - Ursprung eines Imperiums) (Version:  - )
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Island Tribe 4 (HKLM-x32\...\BFG-Island Tribe 4) (Version:  - )
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Jewel Match 3 (HKLM-x32\...\BFG-Jewel Match 3) (Version:  - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle vs. Droids (HKLM-x32\...\BFG-Jungle vs. Droids) (Version:  - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kingdom Chronicles Sammleredition (HKLM-x32\...\BFG-Kingdom Chronicles Sammleredition) (Version:  - )
Kingdom Tales (HKLM-x32\...\BFG-Kingdom Tales) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\BFG-Legends of Solitaire - Der Fluch des Drachen) (Version:  - )
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein Landleben 2 (HKLM-x32\...\BFG-Mein Landleben 2) (Version:  - )
Meridian: Zeitalter der Erfindungen (HKLM-x32\...\BFG-Meridian - Zeitalter der Erfindungen) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MOAI: Erschaffe deinen Traum (HKLM-x32\...\BFG-MOAI - Erschaffe deinen Traum) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystika 2: Die Zuflucht (HKLM-x32\...\BFG-Mystika 2 - Die Zuflucht) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{3b53cb85-2662-4bb8-968c-a4f4e8e06353}) (Version:  - Nero AG)
Netzwerkhandbuch EPSON SX440 Series (HKLM-x32\...\EPSON SX440 Series Netg) (Version:  - )
Northern Tale 4 (HKLM-x32\...\BFG-Northern Tale 4) (Version:  - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Rainbow Web 3 (HKLM-x32\...\BFG-Rainbow Web 3) (Version:  - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version:  - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version:  - )
Royal Envoy 3 (HKLM-x32\...\BFG-Royal Envoy 3) (Version:  - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version:  - )
Rush for Gold: Alaska (HKLM-x32\...\BFG-Rush for Gold - Alaska) (Version:  - )
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version:  - )
Spooky Mall (HKLM-x32\...\BFG-Spooky Mall) (Version:  - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
The Treasures of Montezuma 2 (HKLM-x32\...\b3dd4d4fb8b29537c9286bf9aa3be254) (Version:  - )
Tibet Quest (HKLM-x32\...\BFG-Tibet Quest) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.4.6 - liteon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Weihnachtswunderland (HKLM-x32\...\BFG-Weihnachtswunderland) (Version:  - )
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3005 - Packard Bell)
WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Word Monaco (HKLM-x32\...\BFG-Word Monaco) (Version:  - )
World Mosaics 2 (HKLM-x32\...\BFG-World Mosaics 2) (Version:  - )
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version:  - )
Youda Survivor 2 (HKLM-x32\...\BFG-Youda Survivor 2) (Version:  - )
Youda Survivor 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zombie Solitaire (HKLM-x32\...\BFG-Zombie Solitaire) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

30-09-2014 19:42:41 Geplanter Prüfpunkt
24-10-2014 13:09:03 Geplanter Prüfpunkt
02-11-2014 20:09:52 Geplanter Prüfpunkt
11-11-2014 17:59:51 Geplanter Prüfpunkt
23-11-2014 20:34:25 Geplanter Prüfpunkt
30-11-2014 20:49:57 Geplanter Prüfpunkt
09-12-2014 18:28:43 Geplanter Prüfpunkt
23-12-2014 11:02:09 Geplanter Prüfpunkt
03-01-2015 20:43:27 Geplanter Prüfpunkt
19-01-2015 13:10:46 Geplanter Prüfpunkt
26-01-2015 19:03:51 Geplanter Prüfpunkt
04-02-2015 21:24:47 Geplanter Prüfpunkt
14-02-2015 11:40:34 Geplanter Prüfpunkt
21-02-2015 14:57:24 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-15 16:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {045C0764-10AA-44D6-8A74-6569D0DD7A7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A79FCD3E-A7F5-4509-B2BC-067FF1539D85} - System32\Tasks\{97D45397-06F7-4FCB-B931-1382A8F0BFB1} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.370/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B899A2CB-EB5B-4489-BD42-6848BC970444} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F12E6247-518A-4F2D-BD21-86C9BD4C8F2C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) ==============

2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2011-01-17 15:19 - 2011-04-16 16:05 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-12-09 02:31 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:0406003C
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:06B8FE62
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:08D8BB20
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:113787F5
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:14D29229
AlternateDataStreams: C:\ProgramData\Temp:18B3AE54
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:1B47CB83
AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
AlternateDataStreams: C:\ProgramData\Temp:20EB6823
AlternateDataStreams: C:\ProgramData\Temp:2121613F
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:3B622E21
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3D033DEC
AlternateDataStreams: C:\ProgramData\Temp:3E988A0F
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:425759C6
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:436BE28C
AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:4A853310
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4FE884C2
AlternateDataStreams: C:\ProgramData\Temp:51E83E25
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:587F3582
AlternateDataStreams: C:\ProgramData\Temp:5A15BCD4
AlternateDataStreams: C:\ProgramData\Temp:5A437AC3
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5BC73C48
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:61FEC5E3
AlternateDataStreams: C:\ProgramData\Temp:639F0420
AlternateDataStreams: C:\ProgramData\Temp:66AA0486
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:6AD65294
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6EA64886
AlternateDataStreams: C:\ProgramData\Temp:701B92FB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:73461BFA
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:803039D6
AlternateDataStreams: C:\ProgramData\Temp:8140CB50
AlternateDataStreams: C:\ProgramData\Temp:81653DC8
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:85376176
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:8866C899
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:938EC881
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9CF728A6
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D2DE4B4
AlternateDataStreams: C:\ProgramData\Temp:9DA44E6B
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4ACFB14
AlternateDataStreams: C:\ProgramData\Temp:A745DB5D
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A851461E
AlternateDataStreams: C:\ProgramData\Temp:A899E64E
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA92F7C7
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:AD020DC3
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8
AlternateDataStreams: C:\ProgramData\Temp:B268A25C
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B83F1B83
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BACB6B6C
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BD27B7FC
AlternateDataStreams: C:\ProgramData\Temp:BEB6D0B2
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C3392F75
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8
AlternateDataStreams: C:\ProgramData\Temp:CB0FEE2B
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D1979811
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DEEA5B0E
AlternateDataStreams: C:\ProgramData\Temp:E06963C0
AlternateDataStreams: C:\ProgramData\Temp:E07230CC
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E2CB42C9
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
AlternateDataStreams: C:\ProgramData\Temp:E4FD113F
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EB333CFC
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:ED194880
AlternateDataStreams: C:\ProgramData\Temp:ED221572
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F43B7E8F
AlternateDataStreams: C:\ProgramData\Temp:F53B274A
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29323582.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53853283.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84531758.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29323582.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53853283.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84531758.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1217486657-1501702325-3848289321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1217486657-1501702325-3848289321-500 - Administrator - Disabled)
Gast (S-1-5-21-1217486657-1501702325-3848289321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1217486657-1501702325-3848289321-1003 - Limited - Enabled)
Sonja (S-1-5-21-1217486657-1501702325-3848289321-1001 - Administrator - Enabled) => C:\Users\Sonja

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2015 08:21:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/24/2015 08:13:48 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (02/24/2015 07:21:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16483 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10c8

Startzeit: 01d0505dc6cd8612

Endzeit: 110

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (02/24/2015 05:48:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "Packard Bell (C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Zugriff verweigert (0x80070005)

Error: (02/24/2015 08:14:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 07:15:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 05:44:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/22/2015 04:41:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:31:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/25/2015 04:27:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2015 08:36:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: 0x80070057

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0x80070505

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14356) (User: )
Description: 0x80070057

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0x80070505

Error: (02/24/2015 08:13:51 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0x80070505

Error: (02/24/2015 08:13:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (02/21/2015 04:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (02/24/2015 08:21:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/24/2015 08:13:48 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0xD00000226.1.7601.17514

Error: (02/24/2015 07:21:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1648310c801d0505dc6cd8612110C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (02/24/2015 05:48:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Packard Bell (C:)Zugriff verweigert (0x80070005)

Error: (02/24/2015 08:14:36 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 07:15:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/23/2015 05:44:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/22/2015 04:41:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/22/2015 02:31:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe

Error: (02/22/2015 02:31:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-15 19:29:27.666
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\92d6c1.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-15 19:29:27.417
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\92d6c1.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-15 16:41:58.983
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-15 16:41:58.749
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II P340 Dual-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 3838.17 MB
Available physical RAM: 2641.36 MB
Total Pagefile: 7674.53 MB
Available Pagefile: 6411.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:387.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: ED94ED94)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Was haben die ganzen Errors in der Addition zu bedeuten?