Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] (https://www.trojaner-board.de/157921-win7-antivirensoftware-aktiviert-antivir-windowsdefender.html)

VChecker1992 23.08.2014 15:49
[WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender]
 
Hallo,

ich kann den Echtzeitscanner von meinem Avira Antivir nicht aktivieren. Ich kann auch nicht den Updateplan von Windows einstellen, sowie den Windows Defender aktivieren bzw. starten.

zunächst defogger_disalbe:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:12 on 23/08/2014 (Acer Aspire 5742G)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST Logfile
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 23-08-2014 16:14:28
Running from C:\Users\Acer Aspire 5742G\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\Run: [Google Update] => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-05] (Google Inc.)
HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\MountPoints2: {927a4797-2b52-11e2-9cf5-1c75080cd246} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273608118105l04c4z1i5v48522526
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]
CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]
CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]
CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit?
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed]
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 16:14 - 2014-08-23 16:14 - 00026218 _____ () C:\Users\Acer Aspire 5742G\Downloads\FRST.txt
2014-08-23 16:13 - 2014-08-23 16:14 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Downloads\FRST64.exe
2014-08-23 16:12 - 2014-08-23 16:12 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat
2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:18 - 2014-08-23 16:14 - 00000000 ____D () C:\FRST
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 15:55 - 2014-08-23 14:17 - 00001680 _____ () C:\Windows\setupact.log
2014-08-01 15:55 - 2014-08-05 16:03 - 00452086 _____ () C:\Windows\PFRO.log
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 15:53 - 2014-08-05 15:05 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:38 - 2014-08-01 15:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 16:14 - 2014-08-23 16:14 - 00026218 _____ () C:\Users\Acer Aspire 5742G\Downloads\FRST.txt
2014-08-23 16:14 - 2014-08-23 16:13 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Downloads\FRST64.exe
2014-08-23 16:14 - 2014-08-01 16:18 - 00000000 ____D () C:\FRST
2014-08-23 16:12 - 2014-08-23 16:12 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log
2014-08-23 16:10 - 2012-09-25 20:47 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-23 16:08 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 16:07 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 16:07 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 15:38 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job
2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-23 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 14:18 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-23 14:17 - 2014-08-01 15:55 - 00001680 _____ () C:\Windows\setupact.log
2014-08-23 14:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-22 07:26 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 16:03 - 2014-08-01 15:55 - 00452086 _____ () C:\Windows\PFRO.log
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt
2014-08-05 15:05 - 2014-08-01 15:53 - 00000000 ____D () C:\AdwCleaner
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:39 - 2014-08-01 15:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-07 14:51

==================== End Of Log ============================
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-23 16:38:13
Windows 6.1.7601 Service Pack 1 x64
Running: 0m45n9xs.exe


---- Services - GMER 2.1 ----

Service  System32\Drivers\508286c0aae35d85.sys (*** hidden *** )                                                                                                                                  [BOOT] 508286c0aae35d85                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ImagePath                                                                                                                        \SystemRoot\System32\Drivers\508286c0aae35d85.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Group                                                                                                                            Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ErrorControl                                                                                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Type                                                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Start                                                                                                                            0
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Tag                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@DisplayName                                                                                                                      syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge                                                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                          ?Sa?, ?Aug ?23 ?14, 02:19:51????????????H??????????????????????
Reg      HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemStartTime                                                                                                                            0x7F 0x2C 0xFB 0x24 ...
Reg      HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemLastStartTime                                                                                                                        0xFC 0x83 0xCA 0x96 ...
Reg      HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData\BootLanguages@de-DE                                                                                                                        2085
Reg      HKLM\SYSTEM\ControlSet002\Control\Diagnostics\Performance@ActiveShutdownDCL                                                                                                              C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002
Reg      HKLM\SYSTEM\ControlSet002\Control\GraphicsDrivers\Configuration\AUO22EC0_01_07D9_C0^4EA9F56D234B0A8BC22D458D6788508F@Timestamp                                                          0xA2 0xDC 0x2B 0x26 ...
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft-ISATAP-Adapter                                                                  2?4?5?6?
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet)                                         
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection (not active ControlSet)                             
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameResourceId                                1801
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameIndex                                      13
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@Name                                                  Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206}
Reg      HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@ACSettingIndex  30
Reg      HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@DCSettingIndex  30
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                                                                            2115
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                                                                          420399421
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyBytes                                                                                                                  0x10 0x1A 0xE2 0x5C ...
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberElapsedTime                                                                                                                20227
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberIoTime                                                                                                                      8825
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberInitTime                                                                                                                    1091
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyTime                                                                                                                    1116
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesWritten                                                                                                                146610
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesProcessed                                                                                                              345848
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberDumpCount                                                                                                                  10033
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberFileRuns                                                                                                                    3
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberReadTime                                                                                                                    9194
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberResumeAppTime                                                                                                              9913
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCompressTime                                                                                                                10156
Reg      HKLM\SYSTEM\ControlSet002\Control\Terminal Server@InstanceID                                                                                                                            f864c9c1-924f-49f6-9832-294636d
Reg      HKLM\SYSTEM\ControlSet002\Control\WDI\Config@ServerName                                                                                                                                  \BaseNamedObjects\WDI_{91d9a5d6-ef5d-4f07-aeee-b9b445d6603a}
Reg      HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                                                              3
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ImagePath                                                                                                                            \SystemRoot\System32\Drivers\508286c0aae35d85.sys
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Group                                                                                                                                Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ErrorControl                                                                                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Type                                                                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Start                                                                                                                                0
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Tag                                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@DisplayName                                                                                                                          syshost.exe
Reg      HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet)                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@InterfaceName                                                                      Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206}
Reg      HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@ReusableType                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                                                                                            \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                                                                                            "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                                                                          \Device\LanmanServer_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanServer_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanServer_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanServer_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Tcpip_{AD365836-7E
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                                                                                        \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                                                                                      "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                                                                      \Device\LanmanWorkstation_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanWorkstation_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanWorkstation_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanWorkstation_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Tcpip_{4E0F26E
Reg      HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind                                                                                                                                  \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route                                                                                                                                "NetBT" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"NetBT" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"NetBT" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"NetBT" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"NetBT" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export                                                                                                                                \Device\NetBIOS_NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBIOS_NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBIOS_NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBIOS_NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBIOS_NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind                                                                                                                                    \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route                                                                                                                                  "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export                                                                                                                                  \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@ReadyBootPlanAge                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                              ?Fr?, ?Aug ?22 ?14, 07:29:19????????????N??????????????????????
Reg      HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch@Epoch                                                                                                                              16997
Reg      HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch2@Epoch                                                                                                                            12965
Reg      HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind                                                                                                                                      \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route                                                                                                                                    "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export                                                                                                                                    \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters@DhcpNameServer                                                                                                                      192.168.0.1
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseObtainedTime                                                                  1408796235
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T1                                                                                1408799835
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T2                                                                                1408802535
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseTerminatesTime                                                                1408803435
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind                                                                                                                                  \Device\{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route                                                                                                                                  "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export                                                                                                                                \Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206} (not active ControlSet)                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6Iaid                                                                        587202560
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6State                                                                      0

---- EOF - GMER 2.1 ----
Konnte den Scan zunächst nur im abgesichteren Modus starten und der Scan endet mit einer Meldung "GMER has found System modification caused by ROOTKIT activity"



Freundliche Grüße

schrauber 23.08.2014 15:57
hi,

addition.txt fehlt noch.

VChecker1992 23.08.2014 16:44
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by Acer Aspire 5742G at 2014-08-23 17:41:12
Running from C:\Users\Acer Aspire 5742G\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: nlsvc => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: Virtual Router => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.


Kontext:
  Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\

Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.


Kontext:
  Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\

Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator


System errors:
=============
Error: (08/23/2014 05:39:04 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 05:38:44 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/23/2014 05:36:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 05:31:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 05:26:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 05:26:08 PM) (Source: BROWSER) (EventID: 8009) (User: )
Description: Der Suchdienst konnte sich nicht selbst zur Funktion als Hauptsuchdienst heraufstufen.
Der Computer, der zurzeit die Funktion als Hauptsuchdienst erfüllt, ist NILS****.

Error: (08/23/2014 05:20:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 05:15:48 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 05:10:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 05:05:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-27 10:32:05.772
  Description: N/A

  Date: 2014-07-27 10:32:05.554
  Description: N/A


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3958.71 MB
Available physical RAM: 2545.93 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6202.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:185.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

VChecker1992 23.08.2014 20:16
So, habe gerade gesehen, dass man alles auf dem Desktop machen muss... Habe ich wie ihr vermutlich seht nicht bei allen Programmen gemacht. Hier folgt der Logfile auf dem Desktop:

defogger_disable
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:07 on 23/08/2014 (Acer Aspire 5742G)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 23-08-2014 21:09:13
Running from C:\Users\Acer Aspire 5742G\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\Run: [Google Update] => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-05] (Google Inc.)
HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\MountPoints2: {927a4797-2b52-11e2-9cf5-1c75080cd246} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273608118105l04c4z1i5v48522526
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]
CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]
CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] () [File not signed]
U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit?
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] () [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] () [File not signed]
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] () [File not signed]
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] () [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] () [File not signed]
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] () [File not signed]
R2 aksdf; C:\Windows\system32\drivers\aksdf.sys [78208 2011-11-22] () [File not signed]
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [139592 2011-11-22] () [File not signed]
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] () [File not signed]
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] () [File not signed]
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6856192 2010-05-27] () [File not signed]
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [264192 2010-05-27] () [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-03-11] () [File not signed]
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] () [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2229608 2010-05-11] () [File not signed]
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] () [File not signed]
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] () [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed]
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [135560 2010-04-13] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] () [File not signed]
R3 HECIx64; C:\Windows\system32\DRIVERS\HECIx64.sys [56344 2009-09-17] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] () [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [540696 2010-04-13] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2399848 2010-06-22] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] () [File not signed]
R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] () [File not signed]
R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [384040 2010-05-15] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-12] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-04-12] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed]
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 21:09 - 2014-08-23 21:09 - 00380416 _____ () C:\Users\Acer Aspire 5742G\Downloads\cy8crmy5.exe
2014-08-23 21:08 - 2014-08-23 21:09 - 00036698 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-23 21:07 - 2014-08-23 21:07 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-23 21:07 - 2014-08-23 21:07 - 00050477 _____ () C:\Users\Acer Aspire 5742G\Desktop\Defogger.exe
2014-08-23 21:07 - 2014-08-23 21:07 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat
2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:18 - 2014-08-23 21:09 - 00000000 ____D () C:\FRST
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 15:55 - 2014-08-23 20:58 - 00003248 _____ () C:\Windows\setupact.log
2014-08-01 15:55 - 2014-08-05 16:03 - 00452086 _____ () C:\Windows\PFRO.log
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 15:53 - 2014-08-05 15:05 - 00000000 ____D () C:\AdwCleaner
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:38 - 2014-08-01 15:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 21:09 - 2014-08-23 21:09 - 00380416 _____ () C:\Users\Acer Aspire 5742G\Downloads\cy8crmy5.exe
2014-08-23 21:09 - 2014-08-23 21:08 - 00036698 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-23 21:09 - 2014-08-01 16:18 - 00000000 ____D () C:\FRST
2014-08-23 21:07 - 2014-08-23 21:07 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-23 21:07 - 2014-08-23 21:07 - 00050477 _____ () C:\Users\Acer Aspire 5742G\Desktop\Defogger.exe
2014-08-23 21:07 - 2014-08-23 21:07 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log
2014-08-23 21:06 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 21:06 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 20:59 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-23 20:58 - 2014-08-01 15:55 - 00003248 _____ () C:\Windows\setupact.log
2014-08-23 20:58 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 20:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 20:21 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job
2014-08-23 20:21 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job
2014-08-23 19:47 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 19:45 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 18:07 - 2013-10-05 14:15 - 00002427 _____ () C:\Users\Acer Aspire 5742G\Desktop\Google Chrome.lnk
2014-08-23 16:55 - 2012-09-25 20:47 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-23 16:47 - 2013-05-01 15:29 - 00000971 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 16:03 - 2014-08-01 15:55 - 00452086 _____ () C:\Windows\PFRO.log
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt
2014-08-05 15:05 - 2014-08-01 15:53 - 00000000 ____D () C:\AdwCleaner
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:39 - 2014-08-01 15:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-07 14:51

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by Acer Aspire 5742G at 2014-08-23 21:09:34
Running from C:\Users\Acer Aspire 5742G\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: nlsvc => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: Virtual Router => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2014 05:59:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0xa5c
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.


Kontext:
  Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\

Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.


Kontext:
  Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\

Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator

Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Ausführungskontext: Coordinator
  Anbieter-ID: {00000000-0000-0000-0000-000000000000}
  Volumename: C:\
  Ausführungskontext: Coordinator


System errors:
=============
Error: (08/23/2014 08:59:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCLEPCI

Error: (08/23/2014 08:58:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (08/23/2014 08:58:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\pclepci.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/23/2014 08:25:31 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/23/2014 08:20:27 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/23/2014 07:20:27 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/23/2014 07:02:47 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/23/2014 06:49:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 06:44:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/23/2014 06:39:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-27 10:32:05.772
  Description: N/A

  Date: 2014-07-27 10:32:05.554
  Description: N/A


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3958.71 MB
Available physical RAM: 2542.44 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6223.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:184.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-23 16:38:13
Windows 6.1.7601 Service Pack 1 x64
Running: 0m45n9xs.exe


---- Services - GMER 2.1 ----

Service  System32\Drivers\508286c0aae35d85.sys (*** hidden *** )                                                                                                                                  [BOOT] 508286c0aae35d85                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ImagePath                                                                                                                        \SystemRoot\System32\Drivers\508286c0aae35d85.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Group                                                                                                                            Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ErrorControl                                                                                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Type                                                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Start                                                                                                                            0
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Tag                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@DisplayName                                                                                                                      syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge                                                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                          ?Sa?, ?Aug ?23 ?14, 02:19:51????????????H??????????????????????
Reg      HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemStartTime                                                                                                                            0x7F 0x2C 0xFB 0x24 ...
Reg      HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemLastStartTime                                                                                                                        0xFC 0x83 0xCA 0x96 ...
Reg      HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData\BootLanguages@de-DE                                                                                                                        2085
Reg      HKLM\SYSTEM\ControlSet002\Control\Diagnostics\Performance@ActiveShutdownDCL                                                                                                              C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002
Reg      HKLM\SYSTEM\ControlSet002\Control\GraphicsDrivers\Configuration\AUO22EC0_01_07D9_C0^4EA9F56D234B0A8BC22D458D6788508F@Timestamp                                                          0xA2 0xDC 0x2B 0x26 ...
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft-ISATAP-Adapter                                                                  2?4?5?6?
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet)                                         
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection (not active ControlSet)                             
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameResourceId                                1801
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameIndex                                      13
Reg      HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@Name                                                  Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206}
Reg      HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@ACSettingIndex  30
Reg      HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@DCSettingIndex  30
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                                                                            2115
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                                                                          420399421
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyBytes                                                                                                                  0x10 0x1A 0xE2 0x5C ...
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberElapsedTime                                                                                                                20227
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberIoTime                                                                                                                      8825
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberInitTime                                                                                                                    1091
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyTime                                                                                                                    1116
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesWritten                                                                                                                146610
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesProcessed                                                                                                              345848
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberDumpCount                                                                                                                  10033
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberFileRuns                                                                                                                    3
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberReadTime                                                                                                                    9194
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberResumeAppTime                                                                                                              9913
Reg      HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCompressTime                                                                                                                10156
Reg      HKLM\SYSTEM\ControlSet002\Control\Terminal Server@InstanceID                                                                                                                            f864c9c1-924f-49f6-9832-294636d
Reg      HKLM\SYSTEM\ControlSet002\Control\WDI\Config@ServerName                                                                                                                                  \BaseNamedObjects\WDI_{91d9a5d6-ef5d-4f07-aeee-b9b445d6603a}
Reg      HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                                                              3
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ImagePath                                                                                                                            \SystemRoot\System32\Drivers\508286c0aae35d85.sys
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Group                                                                                                                                Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ErrorControl                                                                                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Type                                                                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Start                                                                                                                                0
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Tag                                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@DisplayName                                                                                                                          syshost.exe
Reg      HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet)                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@InterfaceName                                                                      Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206}
Reg      HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@ReusableType                                                                        1
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                                                                                            \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                                                                                            "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                                                                          \Device\LanmanServer_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanServer_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanServer_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanServer_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Tcpip_{AD365836-7E
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                                                                                        \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                                                                                      "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                                                                      \Device\LanmanWorkstation_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanWorkstation_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanWorkstation_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanWorkstation_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Tcpip_{4E0F26E
Reg      HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind                                                                                                                                  \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route                                                                                                                                "NetBT" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"NetBT" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"NetBT" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"NetBT" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"NetBT" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export                                                                                                                                \Device\NetBIOS_NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBIOS_NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBIOS_NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBIOS_NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBIOS_NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind                                                                                                                                    \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route                                                                                                                                  "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export                                                                                                                                  \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@ReadyBootPlanAge                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                              ?Fr?, ?Aug ?22 ?14, 07:29:19????????????N??????????????????????
Reg      HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch@Epoch                                                                                                                              16997
Reg      HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch2@Epoch                                                                                                                            12965
Reg      HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind                                                                                                                                      \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route                                                                                                                                    "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export                                                                                                                                    \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters@DhcpNameServer                                                                                                                      192.168.0.1
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseObtainedTime                                                                  1408796235
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T1                                                                                1408799835
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T2                                                                                1408802535
Reg      HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseTerminatesTime                                                                1408803435
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind                                                                                                                                  \Device\{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route                                                                                                                                  "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export                                                                                                                                \Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206} (not active ControlSet)                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6Iaid                                                                        587202560
Reg      HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6State                                                                      0

---- EOF - GMER 2.1 ----
Entschuldigt, die Unannehmlichkeiten meinerseits.

schrauber 24.08.2014 06:53
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

VChecker1992 24.08.2014 08:19
Hat alles ohne Probleme so wie in der Anleitung beschrieben geklappt...

Combofix.txt
Code:
ComboFix 14-08-24.01 - Acer Aspire 5742G 24.08.2014  9:03.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3959.2543 [GMT 2:00]
ausgeführt von:: c:\users\Acer Aspire 5742G\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-07-24 bis 2014-08-24  ))))))))))))))))))))))))))))))
.
.
2014-08-24 07:11 . 2014-08-24 07:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-08-05 14:02 . 2014-08-05 14:02        --------        d-----w-        c:\users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 14:01 . 2014-07-23 11:29        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-08-05 14:01 . 2014-08-05 14:01        --------        d-----w-        c:\program files (x86)\Avira
2014-08-05 12:57 . 2014-08-05 12:57        --------        d-----w-        c:\program files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 12:55 . 2011-08-05 14:33        2768384        ----a-w-        c:\windows\system32\athrx.sys
2014-08-05 12:54 . 2014-08-05 12:54        --------        d-----w-        c:\programdata\Qualcomm Atheros
2014-08-01 14:18 . 2014-08-23 19:09        --------        d-----w-        C:\FRST
2014-08-01 13:54 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-08-01 13:53 . 2014-08-05 13:05        --------        d-----w-        C:\AdwCleaner
2014-08-01 13:41 . 2014-08-01 13:41        --------        d-----w-        c:\programdata\Malwarebytes
2014-08-01 13:41 . 2014-08-01 13:41        --------        d-----w-        c:\users\Acer Aspire 5742G\AppData\Local\Programs
2014-08-01 13:40 . 2014-08-01 13:40        --------        d-----w-        c:\program files\CCleaner
2014-08-01 13:29 . 2014-07-11 01:02        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 13:13 . 2014-07-02 03:09        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3981642D-2CB1-4A1D-A428-D970C6E052A7}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-01 13:33 . 2012-05-19 19:40        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-01 13:33 . 2011-09-07 13:25        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 13:52 . 2011-08-22 14:44        96441528        ----a-w-        c:\windows\system32\MRT.exe
2014-06-20 20:14 . 2014-07-09 11:19        266424        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-09 11:19        23464448        ----a-w-        c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-09 11:19        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-09 11:19        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-09 11:19        2768384        ----a-w-        c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-09 11:19        548352        ----a-w-        c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-09 11:19        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-09 11:19        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-09 11:19        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-09 11:19        51200        ----a-w-        c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-09 11:19        33792        ----a-w-        c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-09 11:19        598016        ----a-w-        c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-09 11:19        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-09 11:19        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-09 11:19        752640        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-09 11:19        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-09 11:19        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-09 11:19        38400        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-09 11:19        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-09 11:19        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-09 11:19        5721088        ----a-w-        c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-09 11:19        85504        ----a-w-        c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-09 11:19        292864        ----a-w-        c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-09 11:19        608768        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-09 11:19        455168        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-09 11:19        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-09 11:19        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 11:19        62464        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-09 11:19        631808        ----a-w-        c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-09 11:19        1249280        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-09 11:19        2040832        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-09 11:19        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-09 11:19        592896        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-09 11:19        32256        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-09 11:19        2266112        ----a-w-        c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-09 11:19        4254720        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-09 11:19        13527040        ----a-w-        c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-09 11:19        1068032        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 11:19        1964544        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-09 11:19        1393664        ----a-w-        c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-09 11:19        846336        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-09 11:19        1791488        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-06-18 02:18 . 2014-07-09 11:21        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 11:21        646144        ----a-w-        c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 11:20        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 11:20        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 11:17        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 11:17        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 11:17        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 11:20        210944        ----a-w-        c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 11:19        86528        ----a-w-        c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 11:20        340992        ----a-w-        c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 11:20        314880        ----a-w-        c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 11:20        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 11:20        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 11:19        22016        ----a-w-        c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 11:19        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 11:19        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 11:20        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 11:19        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 11:20        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 11:20        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 11:19        17408        ----a-w-        c:\windows\SysWow64\credssp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2014-03-04 . A9D735A8C6010DCE1148D4BC32365C14 . 5553088 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2\ntoskrnl.exe
[7] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
[7] 2013-08-29 . C842D8DC6E5BCD750FA50E4083CBBBEB . 5552064 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_cacc4a02e3eec656\ntoskrnl.exe
[7] 2013-08-29 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_ca38dbafcad85ead\ntoskrnl.exe
[7] 2013-08-02 . 5DA80B9D5EB7197AA99006C2DDD14E08 . 5554624 . . [6.1.7601.22411] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_cadce868e3e30fc1\ntoskrnl.exe
[7] 2013-08-02 . 63B563F1FC047AB3E21530DBBE773260 . 5550528 . . [6.1.7601.18229] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_ca507c1bcac65979\ntoskrnl.exe
[7] 2013-07-09 . C19DCA1024135D5485E25AB1047F77BC . 5550528 . . [6.1.7601.18205] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_ca621acbcab9bc3b\ntoskrnl.exe
[7] 2013-07-08 . 3431F8C9C9B18EE536453FC55B87DA3E . 5554624 . . [6.1.7601.22379] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_caa4094ae40c84f8\ntoskrnl.exe
[7] 2013-03-19 . EF1D47835019186DB5E34C52571A6539 . 5497688 . . [6.1.7600.17273] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_c82e09f1cdcde6ea\ntoskrnl.exe
[7] 2013-03-19 . A38A87E18A3417FEB138A5E2709D66BA . 5466472 . . [6.1.7600.21490] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_c89f07ece6fe6fb8\ntoskrnl.exe
[7] 2013-03-19 . AC3232ED772403D38D64C18CD5A66FBD . 5550424 . . [6.1.7601.18113] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857\ntoskrnl.exe
[7] 2013-03-19 . 25F87CF0EAF38AD1D412E804AE00CE3B . 5553496 . . [6.1.7601.22280] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3\ntoskrnl.exe
[7] 2013-01-05 . 5DEF532B4661D612CD4E894CD3688E4C . 5500776 . . [6.1.7600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_c87dba8dcd9188af\ntoskrnl.exe
[7] 2013-01-05 . 24607D189375475224138CE863A1A9D5 . 5467992 . . [6.1.7600.21417] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_c8fc8952e6b74191\ntoskrnl.exe
[7] 2013-01-05 . 6B0D9CF92C08D42533C12FC1A0B5403F . 5553512 . . [6.1.7601.18044] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe
[7] 2013-01-05 . A0F9F36C3F670053F9A2E9B9577CD1AB . 5554536 . . [6.1.7601.22210] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_cadbe452e3e3fc1c\ntoskrnl.exe
[7] 2012-08-30 . CD632F72C798CA012FE429F66E1F1CAD . 5505904 . . [6.1.7600.17118] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_c873e905cd98c0d0\ntoskrnl.exe
[7] 2012-08-30 . 502070A5B89F1E6DEC54817DEBF46425 . 5473136 . . [6.1.7600.21315] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_c8fa86d8e6b911bc\ntoskrnl.exe
[7] 2012-08-30 . FE905D59663E86BFE51623947B7425FD . 5559664 . . [6.1.7601.17944] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe
[7] 2012-08-30 . A0D1C0E813A7C6E17C029375AC2ACE18 . 5562736 . . [6.1.7601.22103] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe
[7] 2012-05-04 . C4C870BD7F081C7AAC4DA553CD17E0F1 . 5473136 . . [6.1.7600.21207] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21207_none_c9075572e6af2b52\ntoskrnl.exe
[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[7] 2012-05-04 . BD31B81BFA2E89680315AB15D0D58671 . 5505392 . . [6.1.7600.17017] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17017_none_c872e6d5cd99aa52\ntoskrnl.exe
[7] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[7] 2012-04-02 . 9579F84C40B3BE205C9FD4CCDD99B6B7 . 5504880 . . [6.1.7600.16988] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_c8285f89cdd153fe\ntoskrnl.exe
[7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[7] 2012-03-31 . 5E6017E5814B3BC366A5A7A88538D0FC . 5473136 . . [6.1.7600.21179] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_c8bda4ace6e62470\ntoskrnl.exe
[7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[7] 2012-03-06 . F96AA8BE1890C99883A6C233F9FB59A7 . 5473136 . . [6.1.7600.21163] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_c8c272dce6e37075\ntoskrnl.exe
[7] 2012-03-06 . 51F2FD7B6C7966AFE271611D786D35A3 . 5504880 . . [6.1.7600.16973] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_c82e2e03cdcdb95a\ntoskrnl.exe
[7] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe
[7] 2011-11-19 . 999865426F641D575072064575E9CC37 . 5504880 . . [6.1.7600.16917] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_c8730eb3cd997710\ntoskrnl.exe
[7] 2011-11-19 . 1AFFF8D5352AECEF2ECD47FFA02D7F7D . 5559152 . . [6.1.7601.17727] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe
[7] 2011-11-19 . B183970D6E87A359E3EB7A72D489DEBF . 5473136 . . [6.1.7600.21094] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_c8a3017ce6fae078\ntoskrnl.exe
[7] 2011-11-19 . 70A2D18E0B2A1ADBAE90008684E030AC . 5561200 . . [6.1.7601.21863] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe
[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[7] 2011-06-23 . 12EC6D619756240886680523392EEF9C . 5474688 . . [6.1.7600.20994] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_c8a3295ae6faad36\ntoskrnl.exe
[7] 2011-06-23 . EBECACD545E280FE7A0A2CBFC0AC29BD . 5507968 . . [6.1.7600.16841] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2\ntoskrnl.exe
[7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[7] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2010-02-27 . 7B7253D90EF53BAFCDC96C888B1DB4F3 . 5485448 . . [6.1.7600.20655] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_c8cf63a2e6d95f54\ntoskrnl.exe
[7] 2010-02-27 . FD787551F58F9686CEC6353F693EF571 . 5509008 . . [6.1.7600.16539] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[7] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-23 751184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - 508286c0aae35d85
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 13:33]
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 13:59]
.
2014-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 13:59]
.
2014-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job
- c:\users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05 12:14]
.
2014-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job
- c:\users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: t-online.de\email
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\508286c0aae35d85]
"ImagePath"="\SystemRoot\System32\Drivers\508286c0aae35d85.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-24  09:17:00
ComboFix-quarantined-files.txt  2014-08-24 07:17
.
Vor Suchlauf: 11 Verzeichnis(se), 199.144.173.568 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 199.947.653.120 Bytes frei
.
- - End Of File - - 7FFF8D77C740FC596A04E7341F7CEFFE

schrauber 24.08.2014 10:17
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

VChecker1992 24.08.2014 12:41
mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 24.08.2014
Suchlauf-Zeit: 13:09:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.24.02
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Acer Aspire 5742G

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313370
Verstrichene Zeit: 8 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner
Code:
# AdwCleaner v3.308 - Bericht erstellt am 24/08/2014 um 13:20:58
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Acer Aspire 5742G - ACERASPIRE5742G
# Gestartet von : C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v12.0 (de)

[ Datei : C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R3].txt - [1280 octets] - [24/08/2014 13:20:11]
AdwCleaner[S2].txt - [1197 octets] - [24/08/2014 13:20:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1257 octets] ##########
JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Acer Aspire 5742G on 24.08.2014 at 13:24:55,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3263861943-4074465539-867821772-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Acer Aspire 5742G\AppData\Roaming\mozilla\firefox\profiles\702wv88f.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.08.2014 at 13:32:11,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01
Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 24-08-2014 13:34:22
Running from C:\Users\Acer Aspire 5742G\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]
CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]
CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit?
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] () [File not signed]
R3 HECIx64; C:\Windows\system32\DRIVERS\HECIx64.sys [56344 2009-09-17] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] () [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [540696 2010-04-13] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2399848 2010-06-22] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] () [File not signed]
R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] () [File not signed]
R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [384040 2010-05-15] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-12] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-04-12] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed]
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:34 - 2014-08-24 13:34 - 00030793 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-24 13:34 - 2014-08-24 13:34 - 00000000 ____D () C:\FRST
2014-08-24 13:33 - 2014-08-24 13:34 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-24 13:32 - 2014-08-24 13:32 - 00001039 _____ () C:\Users\Acer Aspire 5742G\Desktop\JRT.txt
2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 13:22 - 2014-08-24 13:22 - 00001341 _____ () C:\Users\Acer Aspire 5742G\Desktop\AdwCleaner[S2].txt
2014-08-24 13:19 - 2014-08-24 13:21 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe
2014-08-24 13:18 - 2014-08-24 13:18 - 00001177 _____ () C:\Users\Acer Aspire 5742G\Desktop\MBAM_240814.txt
2014-08-24 13:05 - 2014-08-24 13:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 13:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 13:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt
2014-08-24 09:00 - 2014-08-24 09:17 - 00000000 ____D () C:\Qoobox
2014-08-24 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-24 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-24 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-24 08:59 - 2014-08-24 09:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat
2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 15:55 - 2014-08-24 13:21 - 00453258 _____ () C:\Windows\PFRO.log
2014-08-01 15:55 - 2014-08-24 13:21 - 00003640 _____ () C:\Windows\setupact.log
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:34 - 2014-08-24 13:34 - 00030793 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-24 13:34 - 2014-08-24 13:34 - 00000000 ____D () C:\FRST
2014-08-24 13:34 - 2014-08-24 13:33 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-24 13:32 - 2014-08-24 13:32 - 00001039 _____ () C:\Users\Acer Aspire 5742G\Desktop\JRT.txt
2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 13:22 - 2014-08-24 13:22 - 00001341 _____ () C:\Users\Acer Aspire 5742G\Desktop\AdwCleaner[S2].txt
2014-08-24 13:22 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-24 13:22 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 13:21 - 2014-08-24 13:19 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:21 - 2014-08-01 15:55 - 00453258 _____ () C:\Windows\PFRO.log
2014-08-24 13:21 - 2014-08-01 15:55 - 00003640 _____ () C:\Windows\setupact.log
2014-08-24 13:21 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job
2014-08-24 13:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe
2014-08-24 13:18 - 2014-08-24 13:18 - 00001177 _____ () C:\Users\Acer Aspire 5742G\Desktop\MBAM_240814.txt
2014-08-24 13:06 - 2014-08-24 13:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 12:47 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 12:46 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt
2014-08-24 09:17 - 2014-08-24 09:00 - 00000000 ____D () C:\Qoobox
2014-08-24 09:12 - 2014-08-24 08:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-24 09:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-23 20:21 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job
2014-08-23 18:07 - 2013-10-05 14:15 - 00002427 _____ () C:\Users\Acer Aspire 5742G\Desktop\Google Chrome.lnk
2014-08-23 16:47 - 2013-05-01 15:29 - 00000971 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-07 14:51

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 01
Ran by Acer Aspire 5742G at 2014-08-24 13:35:28
Running from C:\Users\Acer Aspire 5742G\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-24 09:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: nlsvc => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: Virtual Router => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-24 09:10:58.556
  Description: N/A

  Date: 2014-08-24 09:10:58.369
  Description: N/A

  Date: 2014-07-27 10:32:05.772
  Description: N/A

  Date: 2014-07-27 10:32:05.554
  Description: N/A


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 3958.71 MB
Available physical RAM: 2752.78 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6489.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:186.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Hat alles ohne Probleme funktioniert, wie in der Anleitung beschrieben...

schrauber 24.08.2014 12:44

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

VChecker1992 24.08.2014 14:37
ESET Logfile:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=94a72e024bbd6747a16741ef7970e57c
# engine=19814
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-24 01:21:38
# local_time=2014-08-24 03:21:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 66209 2771552 0 0
# scanned=189695
# found=13
# cleaned=0
# scan_time=5318
sh=A58FE6880A76C1364B17A235951ABE9C95FC7299 ft=1 fh=1ab78df13745b7f5 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll.vir"
sh=D987048C3FF42F81F39E3B15E57F32AF7AA0BD00 ft=1 fh=47df87911e710cf9 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll.vir"
sh=781F353EA130DCB9C496D35204CB5AB96C4DCCBF ft=1 fh=7e2601b6c3711131 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe.vir"
sh=02515F710B884FF8B426B43DF8C9B05E943B6AED ft=1 fh=d9df6fa40224409d vn="Win32/Toolbar.Babylon.G evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll.vir"
sh=AE0BF6A9D8E66B04214FEBB5BF4B086E8AA34498 ft=1 fh=502ed3b2eef6754b vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\uninstall.exe.vir"
sh=DFB461F520B77E9CF268FDFBFFBBB624C7EA5064 ft=1 fh=0fb3be40d7aae6ee vn="Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Users\Acer Aspire 5742G\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"

checkup.txt
Es kam folgende Fehlermeldung (?)
Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01
Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 24-08-2014 15:28:38
Running from C:\Users\Acer Aspire 5742G\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]
CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]
CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit?
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed]
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 15:28 - 2014-08-24 15:29 - 00025304 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-24 15:27 - 2014-08-24 15:27 - 00000041 _____ () C:\Users\Acer Aspire 5742G\Desktop\checkup.txt
2014-08-24 15:26 - 2014-08-24 15:26 - 00854417 _____ () C:\Users\Acer Aspire 5742G\Desktop\SecurityCheck.exe
2014-08-24 13:50 - 2014-08-24 13:50 - 02347384 _____ (ESET) C:\Users\Acer Aspire 5742G\Desktop\esetsmartinstaller_deu.exe
2014-08-24 13:34 - 2014-08-24 15:28 - 00000000 ____D () C:\FRST
2014-08-24 13:33 - 2014-08-24 13:34 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 13:19 - 2014-08-24 13:21 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe
2014-08-24 13:05 - 2014-08-24 13:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 13:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 13:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt
2014-08-24 09:00 - 2014-08-24 09:17 - 00000000 ____D () C:\Qoobox
2014-08-24 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-24 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-24 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-24 08:59 - 2014-08-24 09:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat
2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 15:55 - 2014-08-24 13:21 - 00453258 _____ () C:\Windows\PFRO.log
2014-08-01 15:55 - 2014-08-24 13:21 - 00003640 _____ () C:\Windows\setupact.log
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 15:29 - 2014-08-24 15:28 - 00025304 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-24 15:28 - 2014-08-24 13:34 - 00000000 ____D () C:\FRST
2014-08-24 15:27 - 2014-08-24 15:27 - 00000041 _____ () C:\Users\Acer Aspire 5742G\Desktop\checkup.txt
2014-08-24 15:26 - 2014-08-24 15:26 - 00854417 _____ () C:\Users\Acer Aspire 5742G\Desktop\SecurityCheck.exe
2014-08-24 15:21 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job
2014-08-24 14:47 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 14:45 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 13:50 - 2014-08-24 13:50 - 02347384 _____ (ESET) C:\Users\Acer Aspire 5742G\Desktop\esetsmartinstaller_deu.exe
2014-08-24 13:38 - 2014-08-24 13:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:34 - 2014-08-24 13:33 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 13:22 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-24 13:22 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 13:21 - 2014-08-24 13:19 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:21 - 2014-08-01 15:55 - 00453258 _____ () C:\Windows\PFRO.log
2014-08-24 13:21 - 2014-08-01 15:55 - 00003640 _____ () C:\Windows\setupact.log
2014-08-24 13:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe
2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt
2014-08-24 09:17 - 2014-08-24 09:00 - 00000000 ____D () C:\Qoobox
2014-08-24 09:12 - 2014-08-24 08:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-24 09:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-23 20:21 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job
2014-08-23 18:07 - 2013-10-05 14:15 - 00002427 _____ () C:\Users\Acer Aspire 5742G\Desktop\Google Chrome.lnk
2014-08-23 16:47 - 2013-05-01 15:29 - 00000971 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-07 14:51

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 01
Ran by Acer Aspire 5742G at 2014-08-24 15:29:27
Running from C:\Users\Acer Aspire 5742G\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-24 09:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: nlsvc => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: Virtual Router => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

Name: PnP-Monitor (Standard)
Description: PnP-Monitor (Standard)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardmonitortypen)
Service: monitor
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2014 03:23:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/24/2014 01:51:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/24/2014 01:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/24/2014 01:50:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/24/2014 02:49:33 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/24/2014 01:38:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-24 09:10:58.556
  Description: N/A

  Date: 2014-08-24 09:10:58.369
  Description: N/A

  Date: 2014-07-27 10:32:05.772
  Description: N/A

  Date: 2014-07-27 10:32:05.554
  Description: N/A


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 3958.71 MB
Available physical RAM: 2332.44 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6259.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:185.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Also AntiVir Echtzeitscanner und Windows Defender kann ich immer noch nicht aktivieren. Updates bei Windows auch nicht starten.

schrauber 24.08.2014 15:25
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

VChecker1992 24.08.2014 16:57
Es stand dort, dass ich es als Anhang hochladen müsse. Habe ich auch getan...

Passt das so?

schrauber 25.08.2014 12:10
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

VChecker1992 25.08.2014 12:22
TSSKiller Logfile Teil 1
Code:
17:38:32.0846 0x0a44  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:38:33.0377 0x0a44  ============================================================
17:38:33.0377 0x0a44  Current date / time: 2014/08/24 17:38:33.0377
17:38:33.0377 0x0a44  SystemInfo:
17:38:33.0377 0x0a44 
17:38:33.0377 0x0a44  OS Version: 6.1.7601 ServicePack: 1.0
17:38:33.0377 0x0a44  Product type: Workstation
17:38:33.0377 0x0a44  ComputerName: ACERASPIRE5742G
17:38:33.0377 0x0a44  UserName: Acer Aspire 5742G
17:38:33.0377 0x0a44  Windows directory: C:\Windows
17:38:33.0377 0x0a44  System windows directory: C:\Windows
17:38:33.0377 0x0a44  Running under WOW64
17:38:33.0377 0x0a44  Processor architecture: Intel x64
17:38:33.0377 0x0a44  Number of processors: 4
17:38:33.0377 0x0a44  Page size: 0x1000
17:38:33.0377 0x0a44  Boot type: Normal boot
17:38:33.0377 0x0a44  ============================================================
17:38:33.0392 0x0a44  BG loaded
17:38:34.0188 0x0a44  System UUID: {BFAF0882-7AD8-0E87-6045-A8C288D53868}
17:38:35.0608 0x0a44  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:35.0623 0x0a44  ============================================================
17:38:35.0623 0x0a44  \Device\Harddisk0\DR0:
17:38:35.0623 0x0a44  MBR partitions:
17:38:35.0623 0x0a44  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
17:38:35.0623 0x0a44  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
17:38:35.0623 0x0a44  ============================================================
17:38:35.0748 0x0a44  C: <-> \Device\Harddisk0\DR0\Partition2
17:38:35.0748 0x0a44  ============================================================
17:38:35.0748 0x0a44  Initialize success
17:38:35.0748 0x0a44  ============================================================
17:40:15.0468 0x12f8  ============================================================
17:40:15.0468 0x12f8  Scan started
17:40:15.0468 0x12f8  Mode: Manual; SigCheck; TDLFS;
17:40:15.0468 0x12f8  ============================================================
17:40:15.0468 0x12f8  KSN ping started
17:40:18.0369 0x12f8  KSN ping finished: true
17:40:20.0772 0x12f8  ================ Scan system memory ========================
17:40:20.0772 0x12f8  System memory - ok
17:40:20.0772 0x12f8  ================ Scan services =============================
17:40:21.0162 0x12f8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:40:21.0349 0x12f8  1394ohci - ok
17:40:21.0396 0x12f8  Suspicious service (NoAccess): 508286c0aae35d85
17:40:21.0458 0x12f8  [ C165DD5F33FDF8AAD5E970E69394230F, C36D47BE0062AF1739DC2766383293707B1F9C710FB77B4235E4C586A7F3B2BD ] 508286c0aae35d85 C:\Windows\System32\Drivers\508286c0aae35d85.sys
17:40:21.0458 0x12f8  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\508286c0aae35d85.sys. md5: C165DD5F33FDF8AAD5E970E69394230F, sha256: C36D47BE0062AF1739DC2766383293707B1F9C710FB77B4235E4C586A7F3B2BD
17:40:21.0489 0x12f8  508286c0aae35d85 - detected Rootkit.Win32.Necurs.gen ( 0 )
17:40:24.0453 0x12f8  508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - infected
17:40:24.0453 0x12f8  Force sending object to P2P due to detect: 508286c0aae35d85
17:40:27.0355 0x12f8  Object send P2P result: true
17:40:30.0179 0x12f8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:40:30.0225 0x12f8  ACPI - ok
17:40:30.0272 0x12f8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
17:40:30.0366 0x12f8  AcpiPmi - ok
17:40:30.0537 0x12f8  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:40:30.0569 0x12f8  AdobeFlashPlayerUpdateSvc - ok
17:40:30.0662 0x12f8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
17:40:30.0709 0x12f8  adp94xx - ok
17:40:30.0740 0x12f8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
17:40:30.0771 0x12f8  adpahci - ok
17:40:30.0787 0x12f8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
17:40:30.0803 0x12f8  adpu320 - ok
17:40:30.0849 0x12f8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:40:31.0068 0x12f8  AeLookupSvc - ok
17:40:31.0130 0x12f8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\Windows\system32\drivers\afd.sys
17:40:31.0239 0x12f8  AFD - ok
17:40:31.0302 0x12f8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:40:31.0333 0x12f8  agp440 - ok
17:40:31.0395 0x12f8  [ 44F360B65C37A42EB5B71C2E5179FDD5, A7E65515FEE1698C96F647111F5C7D009C5FAC9A1F62D027802861A699AF1F93 ] aksdf          C:\Windows\system32\drivers\aksdf.sys
17:40:31.0458 0x12f8  aksdf - ok
17:40:31.0536 0x12f8  [ 43415AF4F20E9867974623840A22FE98, 6AA2B5C000D984D21AC75A0BE48D359C24EDEB6343A9B507C299ECDA5DEAD367 ] aksfridge      C:\Windows\system32\drivers\aksfridge.sys
17:40:31.0567 0x12f8  aksfridge - ok
17:40:31.0629 0x12f8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
17:40:31.0676 0x12f8  ALG - ok
17:40:31.0754 0x12f8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:40:31.0785 0x12f8  aliide - ok
17:40:31.0848 0x12f8  [ F687D4976EFF550FB0BE45A5CB19F18F, 96AEFAB5B1960DFBFB9F1C74A1C2A03E765B7807985A75D6689E00EE6C23BE34 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:40:31.0926 0x12f8  AMD External Events Utility - ok
17:40:31.0957 0x12f8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:40:31.0988 0x12f8  amdide - ok
17:40:32.0035 0x12f8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
17:40:32.0097 0x12f8  AmdK8 - ok
17:40:32.0363 0x12f8  [ 74687C33C4AD25A975BBB1EA1E8B3884, 30A53DF35C013DFE28C6FC200E93ABCA47BDE9104215ABC9E14E435B9FDBE4E1 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:40:32.0597 0x12f8  amdkmdag - ok
17:40:32.0643 0x12f8  [ C7F56ED86327A78E7F8A5CC503A98BD6, 4DA79D45CCDC47380C67889F842454D18C5B140A71A7AF11A63206FF74C2E2B3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:40:32.0721 0x12f8  amdkmdap - ok
17:40:32.0784 0x12f8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:40:32.0831 0x12f8  AmdPPM - ok
17:40:32.0877 0x12f8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
17:40:32.0893 0x12f8  amdsata - ok
17:40:32.0940 0x12f8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:40:32.0971 0x12f8  amdsbs - ok
17:40:32.0987 0x12f8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
17:40:33.0002 0x12f8  amdxata - ok
17:40:33.0267 0x12f8  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:40:33.0299 0x12f8  AntiVirSchedulerService - ok
17:40:33.0361 0x12f8  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:40:33.0392 0x12f8  AntiVirService - ok
17:40:33.0533 0x12f8  [ 8275A6F8857CB98F72CBAF75770E9E10, B945A8937E95269A84C4B0EA0E202EE564B457E32DE239DCCDF9F14D9CC204C7 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:40:33.0611 0x12f8  AntiVirWebService - ok
17:40:33.0657 0x12f8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\Windows\system32\drivers\appid.sys
17:40:33.0860 0x12f8  AppID - ok
17:40:33.0891 0x12f8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:40:33.0969 0x12f8  AppIDSvc - ok
17:40:34.0016 0x12f8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
17:40:34.0079 0x12f8  Appinfo - ok
17:40:34.0125 0x12f8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\DRIVERS\arc.sys
17:40:34.0157 0x12f8  arc - ok
17:40:34.0172 0x12f8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:40:34.0188 0x12f8  arcsas - ok
17:40:34.0344 0x12f8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:40:34.0437 0x12f8  aspnet_state - ok
17:40:34.0469 0x12f8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:40:34.0547 0x12f8  AsyncMac - ok
17:40:34.0593 0x12f8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
17:40:34.0609 0x12f8  atapi - ok
17:40:34.0781 0x12f8  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:40:34.0843 0x12f8  athr - ok
17:40:34.0968 0x12f8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:40:35.0061 0x12f8  AudioEndpointBuilder - ok
17:40:35.0108 0x12f8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:40:35.0171 0x12f8  AudioSrv - ok
17:40:35.0233 0x12f8  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:40:35.0264 0x12f8  avgntflt - ok
17:40:35.0295 0x12f8  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:40:35.0327 0x12f8  avipbb - ok
17:40:35.0342 0x12f8  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:40:35.0358 0x12f8  avkmgr - ok
17:40:35.0420 0x12f8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:40:35.0529 0x12f8  AxInstSV - ok
17:40:35.0607 0x12f8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
17:40:35.0701 0x12f8  b06bdrv - ok
17:40:35.0748 0x12f8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:40:35.0810 0x12f8  b57nd60a - ok
17:40:35.0857 0x12f8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:40:35.0904 0x12f8  BDESVC - ok
17:40:35.0935 0x12f8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:40:36.0044 0x12f8  Beep - ok
17:40:36.0153 0x12f8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
17:40:36.0216 0x12f8  BFE - ok
17:40:36.0309 0x12f8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
17:40:36.0434 0x12f8  BITS - ok
17:40:36.0450 0x12f8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:40:36.0481 0x12f8  blbdrive - ok
17:40:36.0528 0x12f8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:40:36.0575 0x12f8  bowser - ok
17:40:36.0621 0x12f8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:40:36.0699 0x12f8  BrFiltLo - ok
17:40:36.0746 0x12f8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:40:36.0793 0x12f8  BrFiltUp - ok
17:40:36.0840 0x12f8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:40:36.0933 0x12f8  BridgeMP - ok
17:40:36.0980 0x12f8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
17:40:37.0043 0x12f8  Browser - ok
17:40:37.0089 0x12f8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
17:40:37.0167 0x12f8  Brserid - ok
17:40:37.0199 0x12f8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:40:37.0230 0x12f8  BrSerWdm - ok
17:40:37.0261 0x12f8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:40:37.0323 0x12f8  BrUsbMdm - ok
17:40:37.0339 0x12f8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:40:37.0386 0x12f8  BrUsbSer - ok
17:40:37.0401 0x12f8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:40:37.0433 0x12f8  BTHMODEM - ok
17:40:37.0479 0x12f8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
17:40:37.0557 0x12f8  bthserv - ok
17:40:37.0589 0x12f8  catchme - ok
17:40:37.0635 0x12f8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:40:37.0713 0x12f8  cdfs - ok
17:40:37.0791 0x12f8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
17:40:37.0838 0x12f8  cdrom - ok
17:40:37.0885 0x12f8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
17:40:37.0979 0x12f8  CertPropSvc - ok
17:40:38.0010 0x12f8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:40:38.0057 0x12f8  circlass - ok
17:40:38.0119 0x12f8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
17:40:38.0181 0x12f8  CLFS - ok
17:40:38.0244 0x12f8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:38.0259 0x12f8  clr_optimization_v2.0.50727_32 - ok
17:40:38.0291 0x12f8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:40:38.0322 0x12f8  clr_optimization_v2.0.50727_64 - ok
17:40:38.0431 0x12f8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:40:38.0587 0x12f8  clr_optimization_v4.0.30319_32 - ok
17:40:38.0634 0x12f8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:40:38.0712 0x12f8  clr_optimization_v4.0.30319_64 - ok
17:40:38.0743 0x12f8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:40:38.0790 0x12f8  CmBatt - ok
17:40:38.0821 0x12f8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:40:38.0852 0x12f8  cmdide - ok
17:40:38.0930 0x12f8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG            C:\Windows\system32\Drivers\cng.sys
17:40:38.0993 0x12f8  CNG - ok
17:40:39.0055 0x12f8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:40:39.0071 0x12f8  Compbatt - ok
17:40:39.0133 0x12f8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:40:39.0180 0x12f8  CompositeBus - ok
17:40:39.0195 0x12f8  COMSysApp - ok
17:40:39.0211 0x12f8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
17:40:39.0242 0x12f8  crcdisk - ok
17:40:39.0305 0x12f8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:40:39.0351 0x12f8  CryptSvc - ok
17:40:39.0429 0x12f8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:40:39.0507 0x12f8  DcomLaunch - ok
17:40:39.0554 0x12f8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
17:40:39.0663 0x12f8  defragsvc - ok
17:40:39.0710 0x12f8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:40:39.0788 0x12f8  DfsC - ok
17:40:39.0835 0x12f8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:40:39.0897 0x12f8  Dhcp - ok
17:40:39.0944 0x12f8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:40:40.0022 0x12f8  discache - ok
17:40:40.0053 0x12f8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:40:40.0085 0x12f8  Disk - ok
17:40:40.0131 0x12f8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:40:40.0194 0x12f8  Dnscache - ok
17:40:40.0241 0x12f8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
17:40:40.0334 0x12f8  dot3svc - ok
17:40:40.0397 0x12f8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
17:40:40.0490 0x12f8  DPS - ok
17:40:40.0521 0x12f8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:40:40.0568 0x12f8  drmkaud - ok
17:40:40.0662 0x12f8  [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1, 3508547FCE3B6ACA34511BB2C50A375E3894EBFAC656B9D1C82EA8439EFD8846 ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:40:40.0693 0x12f8  DsiWMIService - ok
17:40:40.0802 0x12f8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:40:40.0849 0x12f8  DXGKrnl - ok
17:40:40.0911 0x12f8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
17:40:41.0005 0x12f8  EapHost - ok
17:40:41.0177 0x12f8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
17:40:41.0395 0x12f8  ebdrv - ok
17:40:41.0457 0x12f8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS            C:\Windows\System32\lsass.exe
17:40:41.0504 0x12f8  EFS - ok
17:40:41.0598 0x12f8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:40:41.0754 0x12f8  ehRecvr - ok
17:40:41.0785 0x12f8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
17:40:41.0847 0x12f8  ehSched - ok
17:40:41.0925 0x12f8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
17:40:41.0972 0x12f8  elxstor - ok
17:40:42.0128 0x12f8  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
17:40:42.0206 0x12f8  ePowerSvc - ok
17:40:42.0237 0x12f8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:40:42.0284 0x12f8  ErrDev - ok
17:40:42.0347 0x12f8  [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD            C:\Windows\system32\DRIVERS\ETD.sys
17:40:42.0378 0x12f8  ETD - ok
17:40:42.0440 0x12f8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
17:40:42.0534 0x12f8  EventSystem - ok
17:40:42.0596 0x12f8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
17:40:42.0752 0x12f8  exfat - ok
17:40:42.0768 0x12f8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:40:42.0830 0x12f8  fastfat - ok
17:40:42.0908 0x12f8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
17:40:42.0971 0x12f8  Fax - ok
17:40:43.0017 0x12f8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:40:43.0064 0x12f8  fdc - ok
17:40:43.0142 0x12f8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
17:40:43.0236 0x12f8  fdPHost - ok
17:40:43.0251 0x12f8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:40:43.0298 0x12f8  FDResPub - ok
17:40:43.0329 0x12f8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:40:43.0345 0x12f8  FileInfo - ok
17:40:43.0407 0x12f8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:40:43.0532 0x12f8  Filetrace - ok
17:40:43.0719 0x12f8  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:40:43.0782 0x12f8  FLEXnet Licensing Service - ok
17:40:43.0797 0x12f8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:40:43.0829 0x12f8  flpydisk - ok
17:40:43.0891 0x12f8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:40:43.0938 0x12f8  FltMgr - ok
17:40:44.0078 0x12f8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache      C:\Windows\system32\FntCache.dll
17:40:44.0250 0x12f8  FontCache - ok
17:40:44.0359 0x12f8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:40:44.0375 0x12f8  FontCache3.0.0.0 - ok
17:40:44.0421 0x12f8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
17:40:44.0453 0x12f8  FsDepends - ok
17:40:44.0546 0x12f8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:40:44.0577 0x12f8  Fs_Rec - ok
17:40:45.0014 0x12f8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:40:45.0061 0x12f8  fvevol - ok
17:40:45.0123 0x12f8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:40:45.0123 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
17:40:45.0123 0x12f8  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
17:40:47.0869 0x12f8  Detect skipped due to KSN trusted
17:40:47.0869 0x12f8  gagp30kx - ok
17:40:48.0056 0x12f8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
17:40:48.0197 0x12f8  gpsvc - ok
17:40:48.0306 0x12f8  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
17:40:48.0321 0x12f8  GREGService - ok
17:40:48.0431 0x12f8  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:48.0431 0x12f8  gupdate - ok
17:40:48.0524 0x12f8  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:48.0587 0x12f8  gupdatem - ok
17:40:48.0774 0x12f8  [ D619BA1712B83D14149850E758B835AD, AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
17:40:48.0789 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hardlock.sys. md5: D619BA1712B83D14149850E758B835AD, sha256: AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4
17:40:48.0805 0x12f8  hardlock - detected LockedFile.Multi.Generic ( 1 )
17:40:51.0644 0x12f8  Detect skipped due to KSN trusted
17:40:51.0644 0x12f8  hardlock - ok
17:40:51.0644 0x12f8  hasplms - ok
17:40:51.0738 0x12f8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:40:51.0738 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
17:40:51.0738 0x12f8  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
17:40:54.0499 0x12f8  Detect skipped due to KSN trusted
17:40:54.0499 0x12f8  hcw85cir - ok
17:40:54.0577 0x12f8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:40:54.0577 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
17:40:54.0577 0x12f8  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
17:40:57.0354 0x12f8  Detect skipped due to KSN trusted
17:40:57.0354 0x12f8  HdAudAddService - ok
17:40:57.0385 0x12f8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:40:57.0385 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
17:40:57.0401 0x12f8  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
17:41:00.0177 0x12f8  Detect skipped due to KSN trusted
17:41:00.0177 0x12f8  HDAudBus - ok
17:41:00.0240 0x12f8  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
17:41:00.0240 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
17:41:00.0240 0x12f8  HECIx64 - detected LockedFile.Multi.Generic ( 1 )
17:41:03.0017 0x12f8  Detect skipped due to KSN trusted
17:41:03.0017 0x12f8  HECIx64 - ok
17:41:03.0079 0x12f8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
17:41:03.0079 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
17:41:03.0079 0x12f8  HidBatt - detected LockedFile.Multi.Generic ( 1 )
17:41:05.0825 0x12f8  Detect skipped due to KSN trusted
17:41:05.0825 0x12f8  HidBatt - ok
17:41:05.0934 0x12f8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:41:05.0934 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
17:41:05.0934 0x12f8  HidBth - detected LockedFile.Multi.Generic ( 1 )
17:41:08.0695 0x12f8  Detect skipped due to KSN trusted
17:41:08.0695 0x12f8  HidBth - ok
17:41:08.0742 0x12f8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
17:41:08.0742 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
17:41:08.0742 0x12f8  HidIr - detected LockedFile.Multi.Generic ( 1 )
17:41:11.0597 0x12f8  Detect skipped due to KSN trusted
17:41:11.0597 0x12f8  HidIr - ok
17:41:11.0659 0x12f8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\System32\hidserv.dll
17:41:11.0768 0x12f8  hidserv - ok
17:41:11.0815 0x12f8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:41:11.0815 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
17:41:11.0815 0x12f8  HidUsb - detected LockedFile.Multi.Generic ( 1 )
17:41:14.0654 0x12f8  Detect skipped due to KSN trusted
17:41:14.0654 0x12f8  HidUsb - ok
17:41:14.0732 0x12f8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:41:14.0810 0x12f8  hkmsvc - ok
17:41:14.0888 0x12f8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:41:14.0966 0x12f8  HomeGroupListener - ok
17:41:15.0029 0x12f8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:41:15.0076 0x12f8  HomeGroupProvider - ok
17:41:15.0122 0x12f8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:41:15.0122 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
17:41:15.0122 0x12f8  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
17:41:17.0884 0x12f8  Detect skipped due to KSN trusted
17:41:17.0884 0x12f8  HpSAMD - ok
17:41:18.0008 0x12f8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:41:18.0008 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
17:41:18.0008 0x12f8  HTTP - detected LockedFile.Multi.Generic ( 1 )
17:41:20.0957 0x12f8  Detect skipped due to KSN trusted
17:41:20.0957 0x12f8  HTTP - ok
17:41:21.0019 0x12f8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:41:21.0019 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
17:41:21.0019 0x12f8  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
17:41:31.0034 0x12f8  hwpolicy ( LockedFile.Multi.Generic ) - warning
17:41:33.0889 0x12f8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:41:33.0889 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
17:41:33.0889 0x12f8  i8042prt - detected LockedFile.Multi.Generic ( 1 )
17:41:36.0650 0x12f8  Detect skipped due to KSN trusted
17:41:36.0650 0x12f8  i8042prt - ok
17:41:36.0744 0x12f8  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:41:36.0744 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1384872112E8E7FD5786ECEB8BDDF4C9, sha256: DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02
17:41:36.0760 0x12f8  iaStor - detected LockedFile.Multi.Generic ( 1 )
17:41:39.0521 0x12f8  Detect skipped due to KSN trusted
17:41:39.0521 0x12f8  iaStor - ok
17:41:39.0630 0x12f8  [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:41:39.0661 0x12f8  IAStorDataMgrSvc - ok
17:41:39.0724 0x12f8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
17:41:39.0724 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
17:41:39.0724 0x12f8  iaStorV - detected LockedFile.Multi.Generic ( 1 )
17:41:42.0500 0x12f8  Detect skipped due to KSN trusted
17:41:42.0500 0x12f8  iaStorV - ok
17:41:42.0610 0x12f8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:41:42.0703 0x12f8  idsvc - ok
17:41:42.0750 0x12f8  IEEtwCollectorService - ok
17:41:42.0781 0x12f8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
17:41:42.0781 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
17:41:42.0781 0x12f8  iirsp - detected LockedFile.Multi.Generic ( 1 )
17:41:45.0558 0x12f8  Detect skipped due to KSN trusted
17:41:45.0558 0x12f8  iirsp - ok
17:41:45.0652 0x12f8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:41:45.0714 0x12f8  IKEEXT - ok
17:41:45.0870 0x12f8  [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:41:45.0870 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 235362D403D9D677514649D88DB31914, sha256: 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965
17:41:45.0886 0x12f8  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
17:41:48.0616 0x12f8  Detect skipped due to KSN trusted
17:41:48.0616 0x12f8  IntcAzAudAddService - ok
17:41:48.0694 0x12f8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:41:48.0694 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
17:41:48.0694 0x12f8  intelide - detected LockedFile.Multi.Generic ( 1 )
17:41:51.0455 0x12f8  Detect skipped due to KSN trusted
17:41:51.0455 0x12f8  intelide - ok
17:41:51.0517 0x12f8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:41:51.0517 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
17:41:51.0533 0x12f8  intelppm - detected LockedFile.Multi.Generic ( 1 )
17:41:54.0325 0x12f8  Detect skipped due to KSN trusted
17:41:54.0325 0x12f8  intelppm - ok
17:41:54.0388 0x12f8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:41:54.0466 0x12f8  IPBusEnum - ok
17:41:54.0512 0x12f8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:41:54.0512 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
17:41:54.0512 0x12f8  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
17:41:57.0289 0x12f8  Detect skipped due to KSN trusted
17:41:57.0289 0x12f8  IpFilterDriver - ok
17:41:57.0383 0x12f8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:41:57.0430 0x12f8  iphlpsvc - ok
17:41:57.0476 0x12f8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
17:41:57.0476 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
17:41:57.0476 0x12f8  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
17:42:00.0222 0x12f8  Detect skipped due to KSN trusted
17:42:00.0222 0x12f8  IPMIDRV - ok
17:42:00.0284 0x12f8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
17:42:00.0284 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
17:42:00.0284 0x12f8  IPNAT - detected LockedFile.Multi.Generic ( 1 )
17:42:03.0046 0x12f8  Detect skipped due to KSN trusted
17:42:03.0046 0x12f8  IPNAT - ok
17:42:03.0108 0x12f8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:42:03.0108 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
17:42:03.0108 0x12f8  IRENUM - detected LockedFile.Multi.Generic ( 1 )
17:42:05.0854 0x12f8  Detect skipped due to KSN trusted
17:42:05.0854 0x12f8  IRENUM - ok
17:42:05.0916 0x12f8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:42:05.0916 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
17:42:05.0916 0x12f8  isapnp - detected LockedFile.Multi.Generic ( 1 )
17:42:09.0145 0x12f8  Detect skipped due to KSN trusted
17:42:09.0145 0x12f8  isapnp - ok
17:42:09.0176 0x12f8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:42:09.0176 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: 96BB922A0981BC7432C8CF52B5410FE6, sha256: 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA
17:42:09.0176 0x12f8  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
17:42:11.0938 0x12f8  Detect skipped due to KSN trusted
17:42:11.0938 0x12f8  iScsiPrt - ok
17:42:12.0031 0x12f8  [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
17:42:12.0031 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 37E053A2CF8F0082B689ED74106E0CEC, sha256: 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7
17:42:12.0031 0x12f8  k57nd60a - detected LockedFile.Multi.Generic ( 1 )
17:42:14.0870 0x12f8  Detect skipped due to KSN trusted
17:42:14.0870 0x12f8  k57nd60a - ok
17:42:14.0933 0x12f8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:42:14.0933 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
17:42:14.0933 0x12f8  kbdclass - detected LockedFile.Multi.Generic ( 1 )
17:42:17.0725 0x12f8  Detect skipped due to KSN trusted
17:42:17.0725 0x12f8  kbdclass - ok
17:42:17.0772 0x12f8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:42:17.0772 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
17:42:17.0772 0x12f8  kbdhid - detected LockedFile.Multi.Generic ( 1 )
17:42:20.0549 0x12f8  Detect skipped due to KSN trusted
17:42:20.0549 0x12f8  kbdhid - ok
17:42:20.0580 0x12f8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
17:42:20.0611 0x12f8  KeyIso - ok
17:42:20.0642 0x12f8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:42:20.0642 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 353009DEDF918B2A51414F330CF72DEC, sha256: BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2
17:42:20.0642 0x12f8  KSecDD - detected LockedFile.Multi.Generic ( 1 )
17:42:23.0450 0x12f8  Detect skipped due to KSN trusted
17:42:23.0450 0x12f8  KSecDD - ok
17:42:23.0513 0x12f8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
17:42:23.0513 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 1C2D8E18AA8FD50CD04C15CC27F7F5AB, sha256: 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989
17:42:23.0513 0x12f8  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
17:42:26.0258 0x12f8  Detect skipped due to KSN trusted
17:42:26.0258 0x12f8  KSecPkg - ok
17:42:26.0336 0x12f8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
17:42:26.0336 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
17:42:26.0336 0x12f8  ksthunk - detected LockedFile.Multi.Generic ( 1 )
17:42:29.0191 0x12f8  Detect skipped due to KSN trusted
17:42:29.0191 0x12f8  ksthunk - ok
17:42:29.0269 0x12f8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:42:29.0378 0x12f8  KtmRm - ok
17:42:29.0441 0x12f8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:42:29.0550 0x12f8  LanmanServer - ok
17:42:29.0581 0x12f8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:42:29.0659 0x12f8  LanmanWorkstation - ok
17:42:29.0706 0x12f8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:42:29.0706 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
17:42:29.0706 0x12f8  lltdio - detected LockedFile.Multi.Generic ( 1 )
17:42:32.0452 0x12f8  Detect skipped due to KSN trusted
17:42:32.0452 0x12f8  lltdio - ok
17:42:32.0530 0x12f8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:42:32.0654 0x12f8  lltdsvc - ok
17:42:32.0686 0x12f8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:42:32.0748 0x12f8  lmhosts - ok
17:42:32.0810 0x12f8  [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:42:32.0842 0x12f8  LMS - ok
17:42:32.0873 0x12f8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:42:32.0873 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
17:42:32.0873 0x12f8  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
17:42:38.0816 0x12f8  Detect skipped due to KSN trusted
17:42:38.0816 0x12f8  LSI_FC - ok
17:42:38.0863 0x12f8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
17:42:38.0863 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
17:42:38.0863 0x12f8  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
17:42:41.0624 0x12f8  Detect skipped due to KSN trusted
17:42:41.0624 0x12f8  LSI_SAS - ok
17:42:41.0671 0x12f8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:42:41.0671 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
17:42:41.0671 0x12f8  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
17:42:44.0542 0x12f8  Detect skipped due to KSN trusted
17:42:44.0542 0x12f8  LSI_SAS2 - ok
17:42:44.0588 0x12f8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:42:44.0588 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
17:42:44.0588 0x12f8  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
17:42:54.0604 0x12f8  Object is SCO, delete is not allowed
17:42:54.0604 0x12f8  LSI_SCSI ( LockedFile.Multi.Generic ) - warning
17:42:54.0604 0x12f8  Force sending object to P2P due to detect: LSI_SCSI
17:42:57.0427 0x12f8  Object send P2P result: true
17:43:00.0235 0x12f8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\Windows\system32\drivers\luafv.sys
17:43:00.0235 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
17:43:00.0235 0x12f8  luafv - detected LockedFile.Multi.Generic ( 1 )
17:43:03.0308 0x12f8  Detect skipped due to KSN trusted
17:43:03.0308 0x12f8  luafv - ok
17:43:03.0371 0x12f8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:43:03.0418 0x12f8  Mcx2Svc - ok
17:43:03.0433 0x12f8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
17:43:03.0433 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
17:43:03.0433 0x12f8  megasas - detected LockedFile.Multi.Generic ( 1 )
17:43:06.0226 0x12f8  Detect skipped due to KSN trusted
17:43:06.0226 0x12f8  megasas - ok
17:43:06.0272 0x12f8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:43:06.0272 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
17:43:06.0272 0x12f8  MegaSR - detected LockedFile.Multi.Generic ( 1 )
17:43:09.0127 0x12f8  Detect skipped due to KSN trusted
17:43:09.0127 0x12f8  MegaSR - ok
17:43:09.0174 0x12f8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
17:43:09.0252 0x12f8  MMCSS - ok
17:43:09.0268 0x12f8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\Windows\system32\drivers\modem.sys
17:43:09.0268 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
17:43:09.0268 0x12f8  Modem - detected LockedFile.Multi.Generic ( 1 )
17:43:19.0283 0x12f8  Object is SCO, delete is not allowed
17:43:19.0283 0x12f8  Modem ( LockedFile.Multi.Generic ) - warning
17:43:19.0283 0x12f8  Force sending object to P2P due to detect: Modem
17:43:22.0153 0x12f8  Object send P2P result: true
17:43:25.0008 0x12f8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:43:25.0008 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
17:43:25.0008 0x12f8  monitor - detected LockedFile.Multi.Generic ( 1 )
17:43:27.0785 0x12f8  Detect skipped due to KSN trusted
17:43:27.0785 0x12f8  monitor - ok
17:43:27.0863 0x12f8  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
17:43:27.0863 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MijXfilt.sys. md5: C030F9E822A057C1A7A9BB4EA3E8877E, sha256: 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A
17:43:27.0863 0x12f8  MotioninJoyXFilter - detected LockedFile.Multi.Generic ( 1 )
17:43:30.0702 0x12f8  Detect skipped due to KSN trusted
17:43:30.0702 0x12f8  MotioninJoyXFilter - ok
17:43:30.0780 0x12f8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:43:30.0780 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
17:43:30.0780 0x12f8  mouclass - detected LockedFile.Multi.Generic ( 1 )
17:43:33.0635 0x12f8  Detect skipped due to KSN trusted
17:43:33.0635 0x12f8  mouclass - ok
17:43:33.0697 0x12f8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:43:33.0697 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
17:43:33.0697 0x12f8  mouhid - detected LockedFile.Multi.Generic ( 1 )
17:43:36.0568 0x12f8  Detect skipped due to KSN trusted
17:43:36.0568 0x12f8  mouhid - ok
17:43:36.0630 0x12f8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:43:36.0630 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
17:43:36.0630 0x12f8  mountmgr - detected LockedFile.Multi.Generic ( 1 )
17:43:39.0391 0x12f8  Detect skipped due to KSN trusted
17:43:39.0391 0x12f8  mountmgr - ok
17:43:39.0469 0x12f8  [ 96AA8BA23142CC8E2B30F3CAE0C80254, C65380761373DAD16425211FBA0B4E15F260F79A1FF328B1314076D732EE6F0E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:43:39.0501 0x12f8  MozillaMaintenance - ok
17:43:39.0563 0x12f8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:43:39.0563 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
17:43:39.0563 0x12f8  mpio - detected LockedFile.Multi.Generic ( 1 )
17:43:42.0324 0x12f8  Detect skipped due to KSN trusted
17:43:42.0324 0x12f8  mpio - ok
17:43:42.0402 0x12f8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:43:42.0402 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
17:43:42.0402 0x12f8  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
17:43:45.0257 0x12f8  Detect skipped due to KSN trusted
17:43:45.0257 0x12f8  mpsdrv - ok
17:43:45.0382 0x12f8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:43:45.0507 0x12f8  MpsSvc - ok
17:43:45.0538 0x12f8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:43:45.0538 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 1A4F75E63C9FB84B85DFFC6B63FD5404, sha256: 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F
17:43:45.0538 0x12f8  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
17:43:48.0408 0x12f8  Detect skipped due to KSN trusted
17:43:48.0408 0x12f8  MRxDAV - ok
17:43:48.0471 0x12f8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:43:48.0471 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
17:43:48.0471 0x12f8  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
17:43:51.0294 0x12f8  Detect skipped due to KSN trusted
17:43:51.0294 0x12f8  mrxsmb - ok
17:43:51.0372 0x12f8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:43:51.0372 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
17:43:51.0372 0x12f8  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
17:43:54.0165 0x12f8  Detect skipped due to KSN trusted
17:43:54.0165 0x12f8  mrxsmb10 - ok
17:43:54.0211 0x12f8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:43:54.0211 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
17:43:54.0227 0x12f8  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
17:43:57.0144 0x12f8  Detect skipped due to KSN trusted
17:43:57.0144 0x12f8  mrxsmb20 - ok
17:43:57.0207 0x12f8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:43:57.0207 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
17:43:57.0207 0x12f8  msahci - detected LockedFile.Multi.Generic ( 1 )
17:44:00.0046 0x12f8  Detect skipped due to KSN trusted
17:44:00.0046 0x12f8  msahci - ok
17:44:00.0155 0x12f8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
17:44:00.0155 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
17:44:00.0155 0x12f8  msdsm - detected LockedFile.Multi.Generic ( 1 )
17:44:02.0901 0x12f8  Detect skipped due to KSN trusted
17:44:02.0901 0x12f8  msdsm - ok
17:44:02.0947 0x12f8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
17:44:02.0994 0x12f8  MSDTC - ok
17:44:03.0025 0x12f8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:44:03.0025 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
17:44:03.0025 0x12f8  Msfs - detected LockedFile.Multi.Generic ( 1 )
17:44:05.0865 0x12f8  Detect skipped due to KSN trusted
17:44:05.0865 0x12f8  Msfs - ok
17:44:05.0896 0x12f8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
17:44:05.0896 0x12f8  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
17:44:05.0896 0x12f8  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
17:44:08.0657 0x12f8  Detect skipped due to KSN trusted
17:44:08.0657 0x12f8  mshidkmdf - ok
17:44:08.0719 0x12f8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:44:08.0719 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
17:44:08.0719 0x12f8  msisadrv - detected LockedFile.Multi.Generic ( 1 )
17:44:11.0465 0x12f8  Detect skipped due to KSN trusted
17:44:11.0465 0x12f8  msisadrv - ok
17:44:11.0527 0x12f8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:44:11.0605 0x12f8  MSiSCSI - ok
17:44:11.0605 0x12f8  msiserver - ok
17:44:11.0637 0x12f8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:44:11.0637 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
17:44:11.0637 0x12f8  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
17:44:14.0367 0x12f8  Detect skipped due to KSN trusted
17:44:14.0367 0x12f8  MSKSSRV - ok
17:44:14.0413 0x12f8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:44:14.0413 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
17:44:14.0413 0x12f8  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
17:44:17.0346 0x12f8  Detect skipped due to KSN trusted
17:44:17.0346 0x12f8  MSPCLOCK - ok
17:44:17.0393 0x12f8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:44:17.0393 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
17:44:17.0393 0x12f8  MSPQM - detected LockedFile.Multi.Generic ( 1 )
17:44:20.0232 0x12f8  Detect skipped due to KSN trusted
17:44:20.0232 0x12f8  MSPQM - ok
17:44:20.0295 0x12f8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:44:20.0295 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
17:44:20.0295 0x12f8  MsRPC - detected LockedFile.Multi.Generic ( 1 )
17:44:23.0056 0x12f8  Detect skipped due to KSN trusted
17:44:23.0056 0x12f8  MsRPC - ok
17:44:23.0134 0x12f8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:44:23.0134 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
17:44:23.0134 0x12f8  mssmbios - detected LockedFile.Multi.Generic ( 1 )
17:44:25.0957 0x12f8  Detect skipped due to KSN trusted
17:44:25.0957 0x12f8  mssmbios - ok
17:44:25.0973 0x12f8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:44:25.0973 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
17:44:25.0973 0x12f8  MSTEE - detected LockedFile.Multi.Generic ( 1 )
17:44:28.0734 0x12f8  Detect skipped due to KSN trusted
17:44:28.0734 0x12f8  MSTEE - ok
17:44:28.0781 0x12f8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:44:28.0781 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
17:44:28.0781 0x12f8  MTConfig - detected LockedFile.Multi.Generic ( 1 )
17:44:38.0578 0x12f8  Detect skipped due to KSN trusted
17:44:38.0578 0x12f8  MTConfig - ok
17:44:38.0625 0x12f8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\Windows\system32\Drivers\mup.sys
17:44:38.0625 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
17:44:38.0625 0x12f8  Mup - detected LockedFile.Multi.Generic ( 1 )
17:44:43.0960 0x12f8  Detect skipped due to KSN trusted
17:44:43.0960 0x12f8  Mup - ok
17:44:44.0038 0x12f8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:44:44.0147 0x12f8  napagent - ok
17:44:44.0178 0x12f8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:44:44.0178 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
17:44:44.0209 0x12f8  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
17:44:47.0064 0x12f8  Detect skipped due to KSN trusted
17:44:47.0064 0x12f8  NativeWifiP - ok
17:44:47.0189 0x12f8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:44:47.0189 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
17:44:47.0189 0x12f8  NDIS - detected LockedFile.Multi.Generic ( 1 )
17:44:50.0028 0x12f8  Detect skipped due to KSN trusted
17:44:50.0028 0x12f8  NDIS - ok
17:44:50.0091 0x12f8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
17:44:50.0091 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
17:44:50.0091 0x12f8  NdisCap - detected LockedFile.Multi.Generic ( 1 )
17:44:52.0883 0x12f8  Detect skipped due to KSN trusted
17:44:52.0883 0x12f8  NdisCap - ok
17:44:52.0930 0x12f8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:44:52.0930 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
17:44:52.0930 0x12f8  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
17:44:55.0769 0x12f8  Detect skipped due to KSN trusted
17:44:55.0769 0x12f8  NdisTapi - ok
17:44:55.0847 0x12f8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:44:55.0847 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
17:44:55.0847 0x12f8  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
17:44:58.0842 0x12f8  Detect skipped due to KSN trusted
17:44:58.0842 0x12f8  Ndisuio - ok
17:44:58.0889 0x12f8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:44:58.0889 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
17:44:58.0889 0x12f8  NdisWan - detected LockedFile.Multi.Generic ( 1 )
17:45:01.0728 0x12f8  Detect skipped due to KSN trusted
17:45:01.0728 0x12f8  NdisWan - ok
17:45:01.0806 0x12f8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:45:01.0806 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
17:45:01.0806 0x12f8  NDProxy - detected LockedFile.Multi.Generic ( 1 )
17:45:04.0614 0x12f8  Detect skipped due to KSN trusted
17:45:04.0614 0x12f8  NDProxy - ok
17:45:04.0677 0x12f8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:45:04.0677 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
17:45:04.0677 0x12f8  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
17:45:07.0438 0x12f8  Detect skipped due to KSN trusted
17:45:07.0438 0x12f8  NetBIOS - ok
17:45:07.0516 0x12f8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
17:45:07.0516 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
17:45:07.0516 0x12f8  NetBT - detected LockedFile.Multi.Generic ( 1 )
17:45:10.0371 0x12f8  Detect skipped due to KSN trusted
17:45:10.0371 0x12f8  NetBT - ok
17:45:10.0433 0x12f8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
17:45:10.0449 0x12f8  Netlogon - ok
17:45:10.0511 0x12f8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:45:10.0574 0x12f8  Netman - ok
17:45:10.0636 0x12f8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:10.0683 0x12f8  NetMsmqActivator - ok
17:45:10.0714 0x12f8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:10.0730 0x12f8  NetPipeActivator - ok
17:45:10.0776 0x12f8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:45:10.0870 0x12f8  netprofm - ok
17:45:10.0870 0x12f8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:10.0886 0x12f8  NetTcpActivator - ok
17:45:10.0901 0x12f8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:10.0917 0x12f8  NetTcpPortSharing - ok
17:45:10.0932 0x12f8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
17:45:10.0932 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
17:45:10.0932 0x12f8  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
17:45:13.0694 0x12f8  Detect skipped due to KSN trusted
17:45:13.0694 0x12f8  nfrd960 - ok
17:45:13.0772 0x12f8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:45:13.0834 0x12f8  NlaSvc - ok
17:45:13.0865 0x12f8  NLNdisMP - ok
17:45:13.0896 0x12f8  NLNdisPT - ok
17:45:13.0943 0x12f8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:45:13.0943 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
17:45:13.0943 0x12f8  Npfs - detected LockedFile.Multi.Generic ( 1 )
17:45:16.0704 0x12f8  Detect skipped due to KSN trusted
17:45:16.0704 0x12f8  Npfs - ok
17:45:16.0751 0x12f8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\Windows\system32\nsisvc.dll
17:45:16.0845 0x12f8  nsi - ok
17:45:16.0860 0x12f8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:45:16.0860 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
17:45:16.0860 0x12f8  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
17:45:19.0715 0x12f8  Detect skipped due to KSN trusted
17:45:19.0715 0x12f8  nsiproxy - ok
17:45:19.0856 0x12f8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:45:19.0856 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 1A29A59A4C5BA6F8C85062A613B7E2B2, sha256: CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1
17:45:19.0856 0x12f8  Ntfs - detected LockedFile.Multi.Generic ( 1 )
17:45:29.0871 0x12f8  Object is SCO, delete is not allowed
17:45:29.0871 0x12f8  Ntfs ( LockedFile.Multi.Generic ) - warning
17:45:32.0757 0x12f8  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
17:45:32.0788 0x12f8  NTI IScheduleSvc - ok
17:45:32.0835 0x12f8  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
17:45:32.0835 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NTIDrvr.sys. md5: EE3BA1024594D5D09E314F206B94069E, sha256: 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6
17:45:32.0835 0x12f8  NTIDrvr - detected LockedFile.Multi.Generic ( 1 )
17:45:35.0674 0x12f8  Detect skipped due to KSN trusted
17:45:35.0674 0x12f8  NTIDrvr - ok
17:45:35.0736 0x12f8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:45:35.0736 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
17:45:35.0736 0x12f8  Null - detected LockedFile.Multi.Generic ( 1 )
17:45:38.0560 0x12f8  Detect skipped due to KSN trusted
17:45:38.0560 0x12f8  Null - ok
17:45:38.0638 0x12f8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:45:38.0638 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
17:45:38.0638 0x12f8  nvraid - detected LockedFile.Multi.Generic ( 1 )
17:45:41.0477 0x12f8  Detect skipped due to KSN trusted
17:45:41.0477 0x12f8  nvraid - ok
17:45:41.0540 0x12f8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:45:41.0540 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
17:45:41.0540 0x12f8  nvstor - detected LockedFile.Multi.Generic ( 1 )
17:45:44.0379 0x12f8  Detect skipped due to KSN trusted
17:45:44.0379 0x12f8  nvstor - ok
17:45:44.0457 0x12f8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:45:44.0457 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
17:45:44.0457 0x12f8  nv_agp - detected LockedFile.Multi.Generic ( 1 )
17:45:47.0202 0x12f8  Detect skipped due to KSN trusted
17:45:47.0202 0x12f8  nv_agp - ok
17:45:47.0343 0x12f8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:45:47.0390 0x12f8  odserv - ok
17:45:47.0421 0x12f8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:45:47.0421 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
17:45:47.0421 0x12f8  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
17:45:50.0166 0x12f8  Detect skipped due to KSN trusted
17:45:50.0166 0x12f8  ohci1394 - ok
17:45:50.0260 0x12f8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:45:50.0291 0x12f8  ose - ok
17:45:50.0338 0x12f8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:45:50.0400 0x12f8  p2pimsvc - ok
17:45:50.0432 0x12f8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:45:50.0510 0x12f8  p2psvc - ok
17:45:50.0541 0x12f8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
17:45:50.0541 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
17:45:50.0556 0x12f8  Parport - detected LockedFile.Multi.Generic ( 1 )
17:45:53.0380 0x12f8  Detect skipped due to KSN trusted
17:45:53.0380 0x12f8  Parport - ok
17:45:53.0442 0x12f8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:45:53.0442 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
17:45:53.0442 0x12f8  partmgr - detected LockedFile.Multi.Generic ( 1 )
17:45:56.0204 0x12f8  Detect skipped due to KSN trusted
17:45:56.0204 0x12f8  partmgr - ok
17:45:56.0282 0x12f8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:45:56.0375 0x12f8  PcaSvc - ok
17:45:56.0406 0x12f8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\Windows\system32\drivers\pci.sys
17:45:56.0406 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
17:45:56.0406 0x12f8  pci - detected LockedFile.Multi.Generic ( 1 )
17:45:59.0230 0x12f8  Detect skipped due to KSN trusted
17:45:59.0230 0x12f8  pci - ok
17:45:59.0308 0x12f8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:45:59.0308 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
17:45:59.0308 0x12f8  pciide - detected LockedFile.Multi.Generic ( 1 )
17:46:02.0054 0x12f8  Detect skipped due to KSN trusted
17:46:02.0054 0x12f8  pciide - ok
17:46:02.0116 0x12f8  PCLEPCI - ok
17:46:02.0147 0x12f8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:46:02.0147 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
17:46:02.0147 0x12f8  pcmcia - detected LockedFile.Multi.Generic ( 1 )
17:46:04.0908 0x12f8  Detect skipped due to KSN trusted
17:46:04.0908 0x12f8  pcmcia - ok
17:46:04.0940 0x12f8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
17:46:04.0955 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
17:46:04.0955 0x12f8  pcw - detected LockedFile.Multi.Generic ( 1 )
17:46:07.0701 0x12f8  Detect skipped due to KSN trusted
17:46:07.0701 0x12f8  pcw - ok
17:46:07.0779 0x12f8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:46:07.0779 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
17:46:07.0779 0x12f8  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
17:46:10.0524 0x12f8  Detect skipped due to KSN trusted
17:46:10.0524 0x12f8  PEAUTH - ok
17:46:10.0852 0x12f8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:46:10.0883 0x12f8  PerfHost - ok
17:46:11.0008 0x12f8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\Windows\system32\pla.dll
17:46:11.0164 0x12f8  pla - ok
17:46:11.0211 0x12f8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:46:11.0289 0x12f8  PlugPlay - ok
17:46:11.0320 0x12f8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
17:46:11.0351 0x12f8  PNRPAutoReg - ok
17:46:11.0382 0x12f8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
17:46:11.0414 0x12f8  PNRPsvc - ok
17:46:11.0460 0x12f8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:46:11.0523 0x12f8  PolicyAgent - ok
17:46:11.0554 0x12f8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\Windows\system32\umpo.dll
17:46:11.0632 0x12f8  Power - ok
17:46:11.0663 0x12f8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:46:11.0663 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
17:46:11.0663 0x12f8  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
17:46:14.0409 0x12f8  Detect skipped due to KSN trusted
17:46:14.0409 0x12f8  PptpMiniport - ok
17:46:14.0471 0x12f8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
17:46:14.0471 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
17:46:14.0471 0x12f8  Processor - detected LockedFile.Multi.Generic ( 1 )
17:46:17.0295 0x12f8  Detect skipped due to KSN trusted
17:46:17.0295 0x12f8  Processor - ok
17:46:17.0357 0x12f8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc        C:\Windows\system32\profsvc.dll
17:46:17.0420 0x12f8  ProfSvc - ok
17:46:17.0451 0x12f8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:46:17.0466 0x12f8  ProtectedStorage - ok
17:46:17.0544 0x12f8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:46:17.0544 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
17:46:17.0544 0x12f8  Psched - detected LockedFile.Multi.Generic ( 1 )
17:46:20.0384 0x12f8  Detect skipped due to KSN trusted
17:46:20.0384 0x12f8  Psched - ok
17:46:20.0508 0x12f8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:46:20.0508 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
17:46:20.0508 0x12f8  ql2300 - detected LockedFile.Multi.Generic ( 1 )
17:46:23.0394 0x12f8  Detect skipped due to KSN trusted
17:46:23.0394 0x12f8  ql2300 - ok
17:46:23.0426 0x12f8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:46:23.0426 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
17:46:23.0426 0x12f8  ql40xx - detected LockedFile.Multi.Generic ( 1 )
17:46:26.0358 0x12f8  Detect skipped due to KSN trusted
17:46:26.0358 0x12f8  ql40xx - ok
17:46:26.0421 0x12f8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
17:46:26.0483 0x12f8  QWAVE - ok
17:46:26.0499 0x12f8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:46:26.0499 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
17:46:26.0499 0x12f8  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
17:46:29.0260 0x12f8  Detect skipped due to KSN trusted
17:46:29.0260 0x12f8  QWAVEdrv - ok
17:46:29.0307 0x12f8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:46:29.0307 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
17:46:29.0307 0x12f8  RasAcd - detected LockedFile.Multi.Generic ( 1 )
17:46:32.0162 0x12f8  Detect skipped due to KSN trusted
17:46:32.0162 0x12f8  RasAcd - ok
17:46:32.0240 0x12f8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
17:46:32.0240 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
17:46:32.0240 0x12f8  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
17:46:35.0001 0x12f8  Detect skipped due to KSN trusted
17:46:35.0001 0x12f8  RasAgileVpn - ok
17:46:35.0063 0x12f8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
17:46:35.0157 0x12f8  RasAuto - ok
17:46:35.0188 0x12f8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:46:35.0188 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
17:46:35.0188 0x12f8  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
17:46:37.0980 0x12f8  Detect skipped due to KSN trusted
17:46:37.0980 0x12f8  Rasl2tp - ok
17:46:38.0058 0x12f8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:46:38.0136 0x12f8  RasMan - ok
17:46:38.0168 0x12f8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:46:38.0168 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
17:46:38.0168 0x12f8  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
17:46:40.0929 0x12f8  Detect skipped due to KSN trusted
17:46:40.0929 0x12f8  RasPppoe - ok
17:46:40.0991 0x12f8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:46:40.0991 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
17:46:40.0991 0x12f8  RasSstp - detected LockedFile.Multi.Generic ( 1 )
17:46:43.0846 0x12f8  Detect skipped due to KSN trusted
17:46:43.0846 0x12f8  RasSstp - ok
17:46:43.0924 0x12f8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:46:43.0924 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
17:46:43.0924 0x12f8  rdbss - detected LockedFile.Multi.Generic ( 1 )
17:46:46.0685 0x12f8  Detect skipped due to KSN trusted
17:46:46.0685 0x12f8  rdbss - ok
17:46:46.0732 0x12f8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:46:46.0732 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
17:46:46.0732 0x12f8  rdpbus - detected LockedFile.Multi.Generic ( 1 )
17:46:52.0566 0x12f8  Detect skipped due to KSN trusted
17:46:52.0566 0x12f8  rdpbus - ok
17:46:52.0629 0x12f8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:46:52.0629 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
17:46:52.0629 0x12f8  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
17:46:55.0468 0x12f8  Detect skipped due to KSN trusted
17:46:55.0468 0x12f8  RDPCDD - ok
17:46:55.0515 0x12f8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:46:55.0515 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
17:46:55.0515 0x12f8  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
17:46:58.0276 0x12f8  Detect skipped due to KSN trusted
17:46:58.0276 0x12f8  RDPENCDD - ok
17:46:58.0339 0x12f8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:46:58.0339 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
17:46:58.0339 0x12f8  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
17:47:01.0100 0x12f8  Detect skipped due to KSN trusted
17:47:01.0100 0x12f8  RDPREFMP - ok
17:47:01.0193 0x12f8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:47:01.0193 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 313F68E1A3E6345A4F47A36B07062F34, sha256: B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F
17:47:01.0193 0x12f8  RdpVideoMiniport - detected LockedFile.Multi.Generic ( 1 )
17:47:03.0955 0x12f8  Detect skipped due to KSN trusted
17:47:03.0970 0x12f8  RdpVideoMiniport - ok
17:47:04.0033 0x12f8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:47:04.0033 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
17:47:04.0033 0x12f8  RDPWD - detected LockedFile.Multi.Generic ( 1 )
17:47:06.0778 0x12f8  Detect skipped due to KSN trusted
17:47:06.0778 0x12f8  RDPWD - ok
17:47:06.0841 0x12f8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:47:06.0841 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
17:47:06.0856 0x12f8  rdyboost - detected LockedFile.Multi.Generic ( 1 )
17:47:09.0773 0x12f8  Detect skipped due to KSN trusted
17:47:09.0773 0x12f8  rdyboost - ok
17:47:09.0836 0x12f8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:47:09.0929 0x12f8  RemoteAccess - ok
17:47:09.0961 0x12f8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:47:10.0023 0x12f8  RemoteRegistry - ok
17:47:10.0054 0x12f8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:47:10.0132 0x12f8  RpcEptMapper - ok
17:47:10.0163 0x12f8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:47:10.0210 0x12f8  RpcLocator - ok
17:47:10.0273 0x12f8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\Windows\system32\rpcss.dll
17:47:10.0335 0x12f8  RpcSs - ok
17:47:10.0382 0x12f8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:47:10.0382 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
17:47:10.0382 0x12f8  rspndr - detected LockedFile.Multi.Generic ( 1 )
17:47:13.0237 0x12f8  Detect skipped due to KSN trusted
17:47:13.0237 0x12f8  rspndr - ok
17:47:13.0315 0x12f8  [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
17:47:13.0315 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 763AE0C6D9DF4C24B7E2C26036A8188A, sha256: 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48
17:47:13.0315 0x12f8  RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
17:47:16.0154 0x12f8  Detect skipped due to KSN trusted
17:47:16.0154 0x12f8  RSUSBSTOR - ok
17:47:16.0232 0x12f8  [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
17:47:16.0232 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: D6D381B76056C668679723938F06F16C, sha256: A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341
17:47:16.0232 0x12f8  RTHDMIAzAudService - detected LockedFile.Multi.Generic ( 1 )
17:47:19.0055 0x12f8  Detect skipped due to KSN trusted
17:47:19.0055 0x12f8  RTHDMIAzAudService - ok
17:47:19.0180 0x12f8  [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
17:47:19.0180 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RTL8192su.sys. md5: B3F36B4B3F192EA87DDC119F3A0B3E45, sha256: DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7
17:47:19.0196 0x12f8  RTL8192su - detected LockedFile.Multi.Generic ( 1 )
17:47:22.0035 0x12f8  Detect skipped due to KSN trusted
17:47:22.0035 0x12f8  RTL8192su - ok
17:47:22.0066 0x12f8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs          C:\Windows\system32\lsass.exe
17:47:22.0097 0x12f8  SamSs - ok
17:47:22.0144 0x12f8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:47:22.0144 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
17:47:22.0144 0x12f8  sbp2port - detected LockedFile.Multi.Generic ( 1 )
17:47:24.0921 0x12f8  Detect skipped due to KSN trusted
17:47:24.0921 0x12f8  sbp2port - ok
17:47:24.0952 0x12f8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:47:25.0030 0x12f8  SCardSvr - ok
17:47:25.0046 0x12f8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:47:25.0046 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
17:47:25.0046 0x12f8  scfilter - detected LockedFile.Multi.Generic ( 1 )
17:47:27.0807 0x12f8  Detect skipped due to KSN trusted
17:47:27.0807 0x12f8  scfilter - ok
17:47:27.0916 0x12f8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:47:28.0010 0x12f8  Schedule - ok
17:47:28.0041 0x12f8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:47:28.0088 0x12f8  SCPolicySvc - ok
17:47:28.0135 0x12f8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:47:28.0181 0x12f8  SDRSVC - ok
17:47:28.0228 0x12f8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:47:28.0228 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
17:47:28.0228 0x12f8  secdrv - detected LockedFile.Multi.Generic ( 1 )
17:47:32.0471 0x12f8  Detect skipped due to KSN trusted
17:47:32.0471 0x12f8  secdrv - ok
17:47:32.0534 0x12f8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:47:32.0612 0x12f8  seclogon - ok
17:47:32.0627 0x12f8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
17:47:32.0674 0x12f8  SENS - ok
17:47:32.0705 0x12f8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:47:32.0752 0x12f8  SensrSvc - ok
17:47:32.0799 0x12f8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
17:47:32.0799 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
17:47:32.0799 0x12f8  Serenum - detected LockedFile.Multi.Generic ( 1 )
17:47:35.0638 0x12f8  Detect skipped due to KSN trusted
17:47:35.0638 0x12f8  Serenum - ok
17:47:35.0701 0x12f8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:47:35.0701 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
17:47:35.0701 0x12f8  Serial - detected LockedFile.Multi.Generic ( 1 )
17:47:38.0462 0x12f8  Detect skipped due to KSN trusted
17:47:38.0462 0x12f8  Serial - ok
17:47:38.0555 0x12f8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:47:38.0555 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
17:47:38.0555 0x12f8  sermouse - detected LockedFile.Multi.Generic ( 1 )
17:47:41.0395 0x12f8  Detect skipped due to KSN trusted
17:47:41.0395 0x12f8  sermouse - ok
17:47:41.0457 0x12f8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:47:41.0551 0x12f8  SessionEnv - ok
17:47:41.0582 0x12f8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
17:47:41.0582 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
17:47:41.0582 0x12f8  sffdisk - detected LockedFile.Multi.Generic ( 1 )
17:47:44.0359 0x12f8  Detect skipped due to KSN trusted
17:47:44.0359 0x12f8  sffdisk - ok
17:47:44.0374 0x12f8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:47:44.0374 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
17:47:44.0374 0x12f8  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
17:47:47.0213 0x12f8  Detect skipped due to KSN trusted
17:47:47.0213 0x12f8  sffp_mmc - ok
17:47:47.0229 0x12f8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
17:47:47.0229 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
17:47:47.0229 0x12f8  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
17:47:50.0068 0x12f8  Detect skipped due to KSN trusted
17:47:50.0068 0x12f8  sffp_sd - ok
17:47:50.0131 0x12f8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
17:47:50.0131 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
17:47:50.0131 0x12f8  sfloppy - detected LockedFile.Multi.Generic ( 1 )
17:47:52.0892 0x12f8  Detect skipped due to KSN trusted
17:47:52.0892 0x12f8  sfloppy - ok
17:47:52.0985 0x12f8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:47:53.0063 0x12f8  SharedAccess - ok
17:47:53.0126 0x12f8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:47:53.0204 0x12f8  ShellHWDetection - ok
17:47:53.0235 0x12f8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:47:53.0235 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
17:47:53.0235 0x12f8  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
17:47:55.0996 0x12f8  Detect skipped due to KSN trusted
17:47:55.0996 0x12f8  SiSRaid2 - ok
17:47:56.0027 0x12f8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:47:56.0027 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
17:47:56.0027 0x12f8  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
17:47:58.0773 0x12f8  Detect skipped due to KSN trusted
17:47:58.0773 0x12f8  SiSRaid4 - ok
17:47:58.0867 0x12f8  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
17:47:58.0913 0x12f8  SkypeUpdate - ok
17:47:58.0929 0x12f8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:47:58.0929 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
17:47:58.0929 0x12f8  Smb - detected LockedFile.Multi.Generic ( 1 )
17:48:01.0706 0x12f8  Detect skipped due to KSN trusted
17:48:01.0706 0x12f8  Smb - ok
17:48:01.0768 0x12f8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:48:01.0815 0x12f8  SNMPTRAP - ok
17:48:01.0831 0x12f8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
17:48:01.0831 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
17:48:01.0831 0x12f8  spldr - detected LockedFile.Multi.Generic ( 1 )
17:48:04.0592 0x12f8  Detect skipped due to KSN trusted
17:48:04.0592 0x12f8  spldr - ok
17:48:04.0685 0x12f8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\Windows\System32\spoolsv.exe
17:48:04.0763 0x12f8  Spooler - ok
17:48:04.0951 0x12f8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:48:05.0200 0x12f8  sppsvc - ok
17:48:05.0231 0x12f8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
17:48:05.0294 0x12f8  sppuinotify - ok
17:48:05.0341 0x12f8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:48:05.0341 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
17:48:05.0341 0x12f8  srv - detected LockedFile.Multi.Generic ( 1 )
17:48:08.0117 0x12f8  Detect skipped due to KSN trusted
17:48:08.0117 0x12f8  srv - ok
17:48:08.0195 0x12f8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:48:08.0195 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
17:48:08.0195 0x12f8  srv2 - detected LockedFile.Multi.Generic ( 1 )

VChecker1992 25.08.2014 12:23
TSSKiller Logfile Teil2:
Code:
17:48:11.0035 0x12f8  Detect skipped due to KSN trusted
17:48:11.0035 0x12f8  srv2 - ok
17:48:11.0081 0x12f8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:48:11.0081 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
17:48:11.0081 0x12f8  srvnet - detected LockedFile.Multi.Generic ( 1 )
17:48:13.0936 0x12f8  Detect skipped due to KSN trusted
17:48:13.0936 0x12f8  srvnet - ok
17:48:13.0983 0x12f8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:48:14.0077 0x12f8  SSDPSRV - ok
17:48:14.0077 0x12f8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:48:14.0139 0x12f8  SstpSvc - ok
17:48:14.0155 0x12f8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:48:14.0155 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
17:48:14.0155 0x12f8  stexstor - detected LockedFile.Multi.Generic ( 1 )
17:48:16.0978 0x12f8  Detect skipped due to KSN trusted
17:48:16.0978 0x12f8  stexstor - ok
17:48:17.0072 0x12f8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:48:17.0134 0x12f8  stisvc - ok
17:48:17.0165 0x12f8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:48:17.0165 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
17:48:17.0181 0x12f8  swenum - detected LockedFile.Multi.Generic ( 1 )
17:48:19.0927 0x12f8  Detect skipped due to KSN trusted
17:48:19.0927 0x12f8  swenum - ok
17:48:20.0005 0x12f8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\Windows\System32\swprv.dll
17:48:20.0129 0x12f8  swprv - ok
17:48:20.0239 0x12f8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\Windows\system32\sysmain.dll
17:48:20.0332 0x12f8  SysMain - ok
17:48:20.0379 0x12f8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:48:20.0441 0x12f8  TabletInputService - ok
17:48:20.0488 0x12f8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:48:20.0566 0x12f8  TapiSrv - ok
17:48:20.0613 0x12f8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\Windows\System32\tbssvc.dll
17:48:20.0691 0x12f8  TBS - ok
17:48:20.0831 0x12f8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:48:20.0831 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, sha256: F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611
17:48:20.0863 0x12f8  Tcpip - detected LockedFile.Multi.Generic ( 1 )
17:48:23.0655 0x12f8  Detect skipped due to KSN trusted
17:48:23.0655 0x12f8  Tcpip - ok
17:48:23.0780 0x12f8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:48:23.0780 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, sha256: F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611
17:48:23.0795 0x12f8  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
17:48:23.0795 0x12f8  Detect skipped due to KSN trusted
17:48:23.0795 0x12f8  TCPIP6 - ok
17:48:23.0827 0x12f8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:48:23.0827 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 1B16D0BD9841794A6E0CDE0CEF744ABC, sha256: 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C
17:48:23.0827 0x12f8  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
17:48:26.0572 0x12f8  Detect skipped due to KSN trusted
17:48:26.0588 0x12f8  tcpipreg - ok
17:48:26.0650 0x12f8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:48:26.0650 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
17:48:26.0650 0x12f8  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
17:48:29.0474 0x12f8  Detect skipped due to KSN trusted
17:48:29.0474 0x12f8  TDPIPE - ok
17:48:29.0521 0x12f8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:48:29.0521 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
17:48:29.0536 0x12f8  TDTCP - detected LockedFile.Multi.Generic ( 1 )
17:48:32.0375 0x12f8  Detect skipped due to KSN trusted
17:48:32.0375 0x12f8  TDTCP - ok
17:48:32.0422 0x12f8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:48:32.0422 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
17:48:32.0422 0x12f8  tdx - detected LockedFile.Multi.Generic ( 1 )
17:48:35.0215 0x12f8  Detect skipped due to KSN trusted
17:48:35.0215 0x12f8  tdx - ok
17:48:35.0277 0x12f8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:48:35.0277 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
17:48:35.0277 0x12f8  TermDD - detected LockedFile.Multi.Generic ( 1 )
17:48:38.0116 0x12f8  Detect skipped due to KSN trusted
17:48:38.0116 0x12f8  TermDD - ok
17:48:38.0210 0x12f8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService    C:\Windows\System32\termsrv.dll
17:48:38.0366 0x12f8  TermService - ok
17:48:38.0397 0x12f8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:48:38.0444 0x12f8  Themes - ok
17:48:38.0475 0x12f8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
17:48:38.0553 0x12f8  THREADORDER - ok
17:48:38.0615 0x12f8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:48:38.0709 0x12f8  TrkWks - ok
17:48:38.0771 0x12f8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:48:38.0865 0x12f8  TrustedInstaller - ok
17:48:38.0912 0x12f8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:48:38.0912 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300
17:48:38.0912 0x12f8  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
17:48:41.0782 0x12f8  Detect skipped due to KSN trusted
17:48:41.0782 0x12f8  tssecsrv - ok
17:48:41.0845 0x12f8  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:48:41.0845 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: 17C6B51CBCCDED95B3CC14E22791F85E, sha256: EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C
17:48:41.0845 0x12f8  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
17:48:44.0606 0x12f8  Detect skipped due to KSN trusted
17:48:44.0606 0x12f8  TsUsbFlt - ok
17:48:44.0684 0x12f8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:48:44.0684 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
17:48:44.0684 0x12f8  tunnel - detected LockedFile.Multi.Generic ( 1 )
17:48:47.0445 0x12f8  Detect skipped due to KSN trusted
17:48:47.0445 0x12f8  tunnel - ok
17:48:47.0507 0x12f8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:48:47.0507 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
17:48:47.0507 0x12f8  uagp35 - detected LockedFile.Multi.Generic ( 1 )
17:48:50.0253 0x12f8  Detect skipped due to KSN trusted
17:48:50.0253 0x12f8  uagp35 - ok
17:48:50.0300 0x12f8  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:48:50.0300 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\UBHelper.sys. md5: A17D5E1A6DF4EAB0A480F2C490DE4C9D, sha256: 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B
17:48:50.0300 0x12f8  UBHelper - detected LockedFile.Multi.Generic ( 1 )
17:48:53.0077 0x12f8  Detect skipped due to KSN trusted
17:48:53.0077 0x12f8  UBHelper - ok
17:48:53.0155 0x12f8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:48:53.0155 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
17:48:53.0155 0x12f8  udfs - detected LockedFile.Multi.Generic ( 1 )
17:48:55.0994 0x12f8  Detect skipped due to KSN trusted
17:48:55.0994 0x12f8  udfs - ok
17:48:56.0056 0x12f8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:48:56.0088 0x12f8  UI0Detect - ok
17:48:56.0119 0x12f8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:48:56.0119 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
17:48:56.0119 0x12f8  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
17:48:59.0005 0x12f8  Detect skipped due to KSN trusted
17:48:59.0005 0x12f8  uliagpkx - ok
17:48:59.0083 0x12f8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
17:48:59.0083 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
17:48:59.0083 0x12f8  umbus - detected LockedFile.Multi.Generic ( 1 )
17:49:01.0953 0x12f8  Detect skipped due to KSN trusted
17:49:01.0953 0x12f8  umbus - ok
17:49:02.0016 0x12f8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:49:02.0016 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
17:49:02.0016 0x12f8  UmPass - detected LockedFile.Multi.Generic ( 1 )
17:49:04.0777 0x12f8  Detect skipped due to KSN trusted
17:49:04.0777 0x12f8  UmPass - ok
17:49:04.0964 0x12f8  [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:49:05.0042 0x12f8  UNS - ok
17:49:05.0198 0x12f8  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:49:05.0229 0x12f8  Updater Service - ok
17:49:05.0276 0x12f8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:49:05.0370 0x12f8  upnphost - ok
17:49:05.0416 0x12f8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:49:05.0416 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbaudio.sys. md5: B0435098C81D04CAFFF80DDB746CD3A2, sha256: A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A
17:49:05.0416 0x12f8  usbaudio - detected LockedFile.Multi.Generic ( 1 )
17:49:08.0178 0x12f8  Detect skipped due to KSN trusted
17:49:08.0178 0x12f8  usbaudio - ok
17:49:08.0240 0x12f8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:08.0240 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
17:49:08.0240 0x12f8  usbccgp - detected LockedFile.Multi.Generic ( 1 )
17:49:11.0017 0x12f8  Detect skipped due to KSN trusted
17:49:11.0017 0x12f8  usbccgp - ok
17:49:11.0079 0x12f8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:49:11.0079 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
17:49:11.0079 0x12f8  usbcir - detected LockedFile.Multi.Generic ( 1 )
17:49:14.0152 0x12f8  Detect skipped due to KSN trusted
17:49:14.0152 0x12f8  usbcir - ok
17:49:14.0230 0x12f8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
17:49:14.0230 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
17:49:14.0230 0x12f8  usbehci - detected LockedFile.Multi.Generic ( 1 )
17:49:16.0976 0x12f8  Detect skipped due to KSN trusted
17:49:16.0976 0x12f8  usbehci - ok
17:49:17.0070 0x12f8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:49:17.0070 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
17:49:17.0085 0x12f8  usbhub - detected LockedFile.Multi.Generic ( 1 )
17:49:19.0831 0x12f8  Detect skipped due to KSN trusted
17:49:19.0831 0x12f8  usbhub - ok
17:49:19.0893 0x12f8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\Windows\system32\drivers\usbohci.sys
17:49:19.0893 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
17:49:19.0893 0x12f8  usbohci - detected LockedFile.Multi.Generic ( 1 )
17:49:22.0654 0x12f8  Detect skipped due to KSN trusted
17:49:22.0654 0x12f8  usbohci - ok
17:49:22.0701 0x12f8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:49:22.0701 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
17:49:22.0701 0x12f8  usbprint - detected LockedFile.Multi.Generic ( 1 )
17:49:25.0447 0x12f8  Detect skipped due to KSN trusted
17:49:25.0447 0x12f8  usbprint - ok
17:49:25.0509 0x12f8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:49:25.0509 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
17:49:25.0509 0x12f8  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
17:49:28.0348 0x12f8  Detect skipped due to KSN trusted
17:49:28.0348 0x12f8  USBSTOR - ok
17:49:28.0411 0x12f8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
17:49:28.0411 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
17:49:28.0411 0x12f8  usbuhci - detected LockedFile.Multi.Generic ( 1 )
17:49:31.0312 0x12f8  Detect skipped due to KSN trusted
17:49:31.0312 0x12f8  usbuhci - ok
17:49:31.0375 0x12f8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:49:31.0375 0x12f8  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
17:49:31.0375 0x12f8  usbvideo - detected LockedFile.Multi.Generic ( 1 )
17:49:34.0152 0x12f8  Detect skipped due to KSN trusted
17:49:34.0152 0x12f8  usbvideo - ok
17:49:34.0183 0x12f8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\Windows\System32\uxsms.dll
17:49:34.0276 0x12f8  UxSms - ok
17:49:34.0308 0x12f8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
17:49:34.0339 0x12f8  VaultSvc - ok
17:49:34.0401 0x12f8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:49:34.0401 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
17:49:34.0417 0x12f8  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
17:49:37.0178 0x12f8  Detect skipped due to KSN trusted
17:49:37.0194 0x12f8  vdrvroot - ok
17:49:37.0272 0x12f8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\Windows\System32\vds.exe
17:49:37.0381 0x12f8  vds - ok
17:49:37.0428 0x12f8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:49:37.0428 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
17:49:37.0443 0x12f8  vga - detected LockedFile.Multi.Generic ( 1 )
17:49:40.0189 0x12f8  Detect skipped due to KSN trusted
17:49:40.0189 0x12f8  vga - ok
17:49:40.0220 0x12f8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:49:40.0220 0x12f8  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
17:49:40.0220 0x12f8  VgaSave - detected LockedFile.Multi.Generic ( 1 )
17:49:43.0012 0x12f8  Detect skipped due to KSN trusted
17:49:43.0012 0x12f8  VgaSave - ok
17:49:43.0075 0x12f8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
17:49:43.0075 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
17:49:43.0075 0x12f8  vhdmp - detected LockedFile.Multi.Generic ( 1 )
17:49:45.0914 0x12f8  Detect skipped due to KSN trusted
17:49:45.0914 0x12f8  vhdmp - ok
17:49:45.0976 0x12f8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:49:45.0976 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
17:49:45.0976 0x12f8  viaide - detected LockedFile.Multi.Generic ( 1 )
17:49:48.0738 0x12f8  Detect skipped due to KSN trusted
17:49:48.0738 0x12f8  viaide - ok
17:49:48.0800 0x12f8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:49:48.0800 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
17:49:48.0800 0x12f8  volmgr - detected LockedFile.Multi.Generic ( 1 )
17:49:51.0546 0x12f8  Detect skipped due to KSN trusted
17:49:51.0546 0x12f8  volmgr - ok
17:49:51.0608 0x12f8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:49:51.0624 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
17:49:51.0624 0x12f8  volmgrx - detected LockedFile.Multi.Generic ( 1 )
17:49:54.0400 0x12f8  Detect skipped due to KSN trusted
17:49:54.0400 0x12f8  volmgrx - ok
17:49:54.0478 0x12f8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\Windows\system32\drivers\volsnap.sys
17:49:54.0478 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
17:49:54.0478 0x12f8  volsnap - detected LockedFile.Multi.Generic ( 1 )
17:49:57.0240 0x12f8  Detect skipped due to KSN trusted
17:49:57.0240 0x12f8  volsnap - ok
17:49:57.0302 0x12f8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
17:49:57.0302 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
17:49:57.0302 0x12f8  vsmraid - detected LockedFile.Multi.Generic ( 1 )
17:50:00.0079 0x12f8  Detect skipped due to KSN trusted
17:50:00.0079 0x12f8  vsmraid - ok
17:50:00.0219 0x12f8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\Windows\system32\vssvc.exe
17:50:00.0391 0x12f8  VSS - ok
17:50:00.0406 0x12f8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:50:00.0406 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
17:50:00.0406 0x12f8  vwifibus - detected LockedFile.Multi.Generic ( 1 )
17:50:03.0152 0x12f8  Detect skipped due to KSN trusted
17:50:03.0152 0x12f8  vwifibus - ok
17:50:03.0183 0x12f8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:50:03.0183 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
17:50:03.0199 0x12f8  vwififlt - detected LockedFile.Multi.Generic ( 1 )
17:50:05.0929 0x12f8  Detect skipped due to KSN trusted
17:50:05.0929 0x12f8  vwififlt - ok
17:50:05.0991 0x12f8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
17:50:05.0991 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
17:50:05.0991 0x12f8  vwifimp - detected LockedFile.Multi.Generic ( 1 )
17:50:08.0830 0x12f8  Detect skipped due to KSN trusted
17:50:08.0830 0x12f8  vwifimp - ok
17:50:08.0893 0x12f8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\Windows\system32\w32time.dll
17:50:09.0018 0x12f8  W32Time - ok
17:50:09.0049 0x12f8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:50:09.0049 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
17:50:09.0049 0x12f8  WacomPen - detected LockedFile.Multi.Generic ( 1 )
17:50:11.0872 0x12f8  Detect skipped due to KSN trusted
17:50:11.0872 0x12f8  WacomPen - ok
17:50:11.0935 0x12f8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:50:11.0935 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
17:50:11.0935 0x12f8  WANARP - detected LockedFile.Multi.Generic ( 1 )
17:50:14.0696 0x12f8  Detect skipped due to KSN trusted
17:50:14.0696 0x12f8  WANARP - ok
17:50:14.0743 0x12f8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:50:14.0743 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
17:50:14.0743 0x12f8  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
17:50:14.0743 0x12f8  Detect skipped due to KSN trusted
17:50:14.0743 0x12f8  Wanarpv6 - ok
17:50:14.0852 0x12f8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:50:15.0024 0x12f8  wbengine - ok
17:50:15.0070 0x12f8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:50:15.0133 0x12f8  WbioSrvc - ok
17:50:15.0180 0x12f8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:50:15.0258 0x12f8  wcncsvc - ok
17:50:15.0273 0x12f8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:50:15.0320 0x12f8  WcsPlugInService - ok
17:50:15.0336 0x12f8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:50:15.0336 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
17:50:15.0336 0x12f8  Wd - detected LockedFile.Multi.Generic ( 1 )
17:50:18.0081 0x12f8  Detect skipped due to KSN trusted
17:50:18.0081 0x12f8  Wd - ok
17:50:18.0190 0x12f8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:50:18.0190 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
17:50:18.0190 0x12f8  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
17:50:20.0952 0x12f8  Detect skipped due to KSN trusted
17:50:20.0952 0x12f8  Wdf01000 - ok
17:50:21.0014 0x12f8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:50:21.0108 0x12f8  WdiServiceHost - ok
17:50:21.0108 0x12f8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:50:21.0154 0x12f8  WdiSystemHost - ok
17:50:21.0201 0x12f8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\Windows\System32\webclnt.dll
17:50:21.0279 0x12f8  WebClient - ok
17:50:21.0310 0x12f8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:50:21.0404 0x12f8  Wecsvc - ok
17:50:21.0420 0x12f8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:50:21.0498 0x12f8  wercplsupport - ok
17:50:21.0513 0x12f8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:50:21.0622 0x12f8  WerSvc - ok
17:50:21.0654 0x12f8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:50:21.0654 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
17:50:21.0669 0x12f8  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
17:50:24.0415 0x12f8  Detect skipped due to KSN trusted
17:50:24.0415 0x12f8  WfpLwf - ok
17:50:24.0446 0x12f8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:50:24.0446 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
17:50:24.0446 0x12f8  WIMMount - detected LockedFile.Multi.Generic ( 1 )
17:50:27.0207 0x12f8  Detect skipped due to KSN trusted
17:50:27.0207 0x12f8  WIMMount - ok
17:50:27.0270 0x12f8  WinDefend - ok
17:50:27.0285 0x12f8  WinHttpAutoProxySvc - ok
17:50:27.0363 0x12f8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:50:27.0441 0x12f8  Winmgmt - ok
17:50:27.0597 0x12f8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM          C:\Windows\system32\WsmSvc.dll
17:50:27.0800 0x12f8  WinRM - ok
17:50:27.0878 0x12f8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:50:27.0878 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
17:50:27.0894 0x12f8  WinUsb - detected LockedFile.Multi.Generic ( 1 )
17:50:30.0655 0x12f8  Detect skipped due to KSN trusted
17:50:30.0655 0x12f8  WinUsb - ok
17:50:30.0748 0x12f8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:50:30.0795 0x12f8  Wlansvc - ok
17:50:30.0982 0x12f8  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:50:31.0060 0x12f8  wlidsvc - ok
17:50:31.0107 0x12f8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
17:50:31.0107 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
17:50:31.0107 0x12f8  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
17:50:34.0009 0x12f8  Detect skipped due to KSN trusted
17:50:34.0009 0x12f8  WmiAcpi - ok
17:50:34.0071 0x12f8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:50:34.0118 0x12f8  wmiApSrv - ok
17:50:34.0165 0x12f8  WMPNetworkSvc - ok
17:50:34.0180 0x12f8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:50:34.0227 0x12f8  WPCSvc - ok
17:50:34.0258 0x12f8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:50:34.0290 0x12f8  WPDBusEnum - ok
17:50:34.0321 0x12f8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:50:34.0321 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
17:50:34.0321 0x12f8  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
17:50:37.0066 0x12f8  Detect skipped due to KSN trusted
17:50:37.0066 0x12f8  ws2ifsl - ok
17:50:37.0113 0x12f8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
17:50:37.0176 0x12f8  wscsvc - ok
17:50:37.0238 0x12f8  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
17:50:37.0238 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 8D918B1DB190A4D9B1753A66FA8C96E8, sha256: DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE
17:50:37.0238 0x12f8  WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
17:50:40.0015 0x12f8  Detect skipped due to KSN trusted
17:50:40.0015 0x12f8  WSDPrintDevice - ok
17:50:40.0015 0x12f8  WSearch - ok
17:50:40.0202 0x12f8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:50:40.0358 0x12f8  wuauserv - ok
17:50:40.0389 0x12f8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:50:40.0389 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6
17:50:40.0389 0x12f8  WudfPf - detected LockedFile.Multi.Generic ( 1 )
17:50:43.0150 0x12f8  Detect skipped due to KSN trusted
17:50:43.0150 0x12f8  WudfPf - ok
17:50:43.0228 0x12f8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:43.0228 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978
17:50:43.0228 0x12f8  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
17:50:46.0099 0x12f8  Detect skipped due to KSN trusted
17:50:46.0099 0x12f8  WUDFRd - ok
17:50:46.0146 0x12f8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:50:46.0208 0x12f8  wudfsvc - ok
17:50:46.0255 0x12f8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\Windows\System32\wwansvc.dll
17:50:46.0302 0x12f8  WwanSvc - ok
17:50:46.0349 0x12f8  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
17:50:46.0349 0x12f8  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\xusb21.sys. md5: 9176C0822FAA649E45121875BE32F5D2, sha256: B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F
17:50:46.0349 0x12f8  xusb21 - detected LockedFile.Multi.Generic ( 1 )
17:50:49.0188 0x12f8  Detect skipped due to KSN trusted
17:50:49.0188 0x12f8  xusb21 - ok
17:50:49.0297 0x12f8  [ 6DB01688FDBF299F426EEB01DDEC684A, B183578E52662CAC6253E418B25BA1B9E4FF825485531C8749A130358D98A856 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
17:50:49.0313 0x12f8  ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )
17:50:52.0152 0x12f8  Detect skipped due to KSN trusted
17:50:52.0152 0x12f8  ZAtheros Wlan Agent - ok
17:50:52.0214 0x12f8  ================ Scan global ===============================
17:50:52.0230 0x12f8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:50:52.0292 0x12f8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:50:52.0339 0x12f8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:50:52.0386 0x12f8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:50:52.0433 0x12f8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:50:52.0448 0x12f8  [ Global ] - ok
17:50:52.0448 0x12f8  ================ Scan MBR ==================================
17:50:52.0479 0x12f8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:50:52.0916 0x12f8  \Device\Harddisk0\DR0 - ok
17:50:52.0916 0x12f8  ================ Scan VBR ==================================
17:50:52.0916 0x12f8  [ 0F52ECB401DEFCD7985FAE8A3CBE3646 ] \Device\Harddisk0\DR0\Partition1
17:50:52.0963 0x12f8  \Device\Harddisk0\DR0\Partition1 - ok
17:50:52.0994 0x12f8  [ 70EDB7B76CAB2518557095201DE0E05E ] \Device\Harddisk0\DR0\Partition2
17:50:52.0994 0x12f8  \Device\Harddisk0\DR0\Partition2 - ok
17:50:52.0994 0x12f8  ================ Scan generic autorun ======================
17:50:53.0384 0x12f8  [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:50:53.0665 0x12f8  RtHDVCpl - ok
17:50:53.0681 0x12f8  ETDWare - ok
17:50:53.0805 0x12f8  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
17:50:53.0852 0x12f8  Acer ePower Management - ok
17:50:53.0899 0x12f8  [ 9ECF375A6E4E74D056F4B54E76D58721, 29C89504C369CC40BC6BEDE965F52736CB01FA70644059392C912FFB35C4ED0A ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
17:50:53.0930 0x12f8  IAStorIcon - ok
17:50:54.0039 0x12f8  [ 5A5BF95C7410E96E04C57B06232E9965, 942CBC854CC7A729AAADE2C4E96CA20EF488701F4FA200D0FC8CEF3D35E90EF1 ] C:\Program Files (x86)\Launch Manager\LManager.exe
17:50:54.0086 0x12f8  LManager - ok
17:50:54.0149 0x12f8  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
17:50:54.0164 0x12f8  Adobe Reader Speed Launcher - ok
17:50:54.0383 0x12f8  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
17:50:54.0414 0x12f8  avgnt - ok
17:50:54.0554 0x12f8  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
17:50:54.0663 0x12f8  Sidebar - ok
17:50:54.0663 0x12f8  Waiting for KSN requests completion. In queue: 7
17:50:55.0677 0x12f8  Waiting for KSN requests completion. In queue: 7
17:50:56.0691 0x12f8  Waiting for KSN requests completion. In queue: 7
17:50:57.0783 0x12f8  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x40000 ( disabled : updated )
17:50:57.0799 0x12f8  Win FW state via NFP2: enabled
17:51:00.0607 0x12f8  ============================================================
17:51:00.0607 0x12f8  Scan finished
17:51:00.0607 0x12f8  ============================================================
17:51:00.0623 0x12f0  Detected object count: 5
17:51:00.0623 0x12f0  Actual detected object count: 5
17:51:50.0761 0x12f0  508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - skipped by user
17:51:50.0761 0x12f0  508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
17:51:50.0761 0x12f0  hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
17:51:50.0761 0x12f0  hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
17:51:50.0761 0x12f0  LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
17:51:50.0761 0x12f0  LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
17:51:50.0777 0x12f0  Modem ( LockedFile.Multi.Generic ) - skipped by user
17:51:50.0777 0x12f0  Modem ( LockedFile.Multi.Generic ) - User select action: Skip
17:51:50.0777 0x12f0  Ntfs ( LockedFile.Multi.Generic ) - skipped by user
17:51:50.0777 0x12f0  Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
17:59:36.0169 0x0a14  Deinitialize success

schrauber 26.08.2014 06:20
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

VChecker1992 26.08.2014 08:22
Hey, wusste jetzt nicht, ob ich wieder die optionalen Parameter auch anwählen sollte? Habe ich jetzt aber nicht getan...

So sieht der Log aus:
TSSKiller Teil 1
Code:
09:00:47.0439 0x0ca8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:00:47.0954 0x0ca8  ============================================================
09:00:47.0954 0x0ca8  Current date / time: 2014/08/26 09:00:47.0954
09:00:47.0954 0x0ca8  SystemInfo:
09:00:47.0954 0x0ca8 
09:00:47.0954 0x0ca8  OS Version: 6.1.7601 ServicePack: 1.0
09:00:47.0954 0x0ca8  Product type: Workstation
09:00:47.0954 0x0ca8  ComputerName: ACERASPIRE5742G
09:00:47.0954 0x0ca8  UserName: Acer Aspire 5742G
09:00:47.0954 0x0ca8  Windows directory: C:\Windows
09:00:47.0954 0x0ca8  System windows directory: C:\Windows
09:00:47.0954 0x0ca8  Running under WOW64
09:00:47.0954 0x0ca8  Processor architecture: Intel x64
09:00:47.0954 0x0ca8  Number of processors: 4
09:00:47.0954 0x0ca8  Page size: 0x1000
09:00:47.0954 0x0ca8  Boot type: Normal boot
09:00:47.0954 0x0ca8  ============================================================
09:00:47.0954 0x0ca8  BG loaded
09:00:49.0233 0x0ca8  System UUID: {BFAF0882-7AD8-0E87-6045-A8C288D53868}
09:00:50.0684 0x0ca8  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:00:50.0684 0x0ca8  ============================================================
09:00:50.0684 0x0ca8  \Device\Harddisk0\DR0:
09:00:50.0684 0x0ca8  MBR partitions:
09:00:50.0684 0x0ca8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
09:00:50.0684 0x0ca8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
09:00:50.0684 0x0ca8  ============================================================
09:00:50.0762 0x0ca8  C: <-> \Device\Harddisk0\DR0\Partition2
09:00:50.0762 0x0ca8  ============================================================
09:00:50.0762 0x0ca8  Initialize success
09:00:50.0762 0x0ca8  ============================================================
09:01:26.0288 0x0140  ============================================================
09:01:26.0288 0x0140  Scan started
09:01:26.0288 0x0140  Mode: Manual;
09:01:26.0288 0x0140  ============================================================
09:01:26.0288 0x0140  KSN ping started
09:01:29.0111 0x0140  KSN ping finished: true
09:01:33.0479 0x0140  ================ Scan system memory ========================
09:01:33.0479 0x0140  System memory - ok
09:01:33.0479 0x0140  ================ Scan services =============================
09:01:34.0010 0x0140  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:01:34.0025 0x0140  1394ohci - ok
09:01:34.0057 0x0140  Suspicious service (NoAccess): 508286c0aae35d85
09:01:34.0197 0x0140  [ C165DD5F33FDF8AAD5E970E69394230F, C36D47BE0062AF1739DC2766383293707B1F9C710FB77B4235E4C586A7F3B2BD ] 508286c0aae35d85 C:\Windows\System32\Drivers\508286c0aae35d85.sys
09:01:34.0197 0x0140  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\508286c0aae35d85.sys. md5: C165DD5F33FDF8AAD5E970E69394230F, sha256: C36D47BE0062AF1739DC2766383293707B1F9C710FB77B4235E4C586A7F3B2BD
09:01:51.0638 0x0140  508286c0aae35d85 - detected Rootkit.Win32.Necurs.gen ( 0 )
09:01:54.0493 0x0140  508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - infected
09:01:54.0493 0x0140  Force sending object to P2P due to detect: 508286c0aae35d85
09:01:57.0332 0x0140  Object send P2P result: true
09:02:00.0265 0x0140  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:02:00.0280 0x0140  ACPI - ok
09:02:00.0358 0x0140  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
09:02:00.0358 0x0140  AcpiPmi - ok
09:02:02.0979 0x0140  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:02:02.0995 0x0140  AdobeFlashPlayerUpdateSvc - ok
09:02:03.0088 0x0140  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
09:02:03.0104 0x0140  adp94xx - ok
09:02:03.0197 0x0140  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
09:02:03.0213 0x0140  adpahci - ok
09:02:03.0260 0x0140  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
09:02:03.0260 0x0140  adpu320 - ok
09:02:03.0322 0x0140  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
09:02:03.0338 0x0140  AeLookupSvc - ok
09:02:03.0416 0x0140  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\Windows\system32\drivers\afd.sys
09:02:03.0431 0x0140  AFD - ok
09:02:03.0478 0x0140  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:02:03.0478 0x0140  agp440 - ok
09:02:03.0525 0x0140  [ 44F360B65C37A42EB5B71C2E5179FDD5, A7E65515FEE1698C96F647111F5C7D009C5FAC9A1F62D027802861A699AF1F93 ] aksdf          C:\Windows\system32\drivers\aksdf.sys
09:02:03.0525 0x0140  aksdf - ok
09:02:03.0572 0x0140  [ 43415AF4F20E9867974623840A22FE98, 6AA2B5C000D984D21AC75A0BE48D359C24EDEB6343A9B507C299ECDA5DEAD367 ] aksfridge      C:\Windows\system32\drivers\aksfridge.sys
09:02:03.0572 0x0140  aksfridge - ok
09:02:03.0634 0x0140  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
09:02:03.0634 0x0140  ALG - ok
09:02:03.0681 0x0140  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:02:03.0681 0x0140  aliide - ok
09:02:03.0743 0x0140  [ F687D4976EFF550FB0BE45A5CB19F18F, 96AEFAB5B1960DFBFB9F1C74A1C2A03E765B7807985A75D6689E00EE6C23BE34 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:02:03.0759 0x0140  AMD External Events Utility - ok
09:02:03.0775 0x0140  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:02:03.0775 0x0140  amdide - ok
09:02:03.0821 0x0140  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
09:02:03.0821 0x0140  AmdK8 - ok
09:02:04.0087 0x0140  [ 74687C33C4AD25A975BBB1EA1E8B3884, 30A53DF35C013DFE28C6FC200E93ABCA47BDE9104215ABC9E14E435B9FDBE4E1 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:02:04.0227 0x0140  amdkmdag - ok
09:02:04.0274 0x0140  [ C7F56ED86327A78E7F8A5CC503A98BD6, 4DA79D45CCDC47380C67889F842454D18C5B140A71A7AF11A63206FF74C2E2B3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:02:04.0289 0x0140  amdkmdap - ok
09:02:04.0305 0x0140  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:02:04.0305 0x0140  AmdPPM - ok
09:02:04.0352 0x0140  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
09:02:04.0352 0x0140  amdsata - ok
09:02:04.0399 0x0140  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:02:04.0399 0x0140  amdsbs - ok
09:02:04.0430 0x0140  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
09:02:04.0430 0x0140  amdxata - ok
09:02:04.0695 0x0140  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:02:04.0711 0x0140  AntiVirSchedulerService - ok
09:02:04.0789 0x0140  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:02:04.0804 0x0140  AntiVirService - ok
09:02:04.0929 0x0140  [ 8275A6F8857CB98F72CBAF75770E9E10, B945A8937E95269A84C4B0EA0E202EE564B457E32DE239DCCDF9F14D9CC204C7 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:02:05.0007 0x0140  AntiVirWebService - ok
09:02:05.0085 0x0140  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\Windows\system32\drivers\appid.sys
09:02:05.0085 0x0140  AppID - ok
09:02:05.0116 0x0140  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:02:05.0116 0x0140  AppIDSvc - ok
09:02:05.0163 0x0140  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
09:02:05.0179 0x0140  Appinfo - ok
09:02:05.0210 0x0140  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\DRIVERS\arc.sys
09:02:05.0210 0x0140  arc - ok
09:02:05.0241 0x0140  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:02:05.0241 0x0140  arcsas - ok
09:02:05.0413 0x0140  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:02:05.0491 0x0140  aspnet_state - ok
09:02:05.0522 0x0140  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:02:05.0537 0x0140  AsyncMac - ok
09:02:05.0584 0x0140  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
09:02:05.0584 0x0140  atapi - ok
09:02:05.0740 0x0140  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
09:02:05.0787 0x0140  athr - ok
09:02:05.0865 0x0140  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:02:05.0896 0x0140  AudioEndpointBuilder - ok
09:02:05.0943 0x0140  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:02:05.0943 0x0140  AudioSrv - ok
09:02:06.0005 0x0140  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
09:02:06.0021 0x0140  avgntflt - ok
09:02:06.0037 0x0140  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
09:02:06.0037 0x0140  avipbb - ok
09:02:06.0068 0x0140  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
09:02:06.0068 0x0140  avkmgr - ok
09:02:06.0115 0x0140  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:02:06.0130 0x0140  AxInstSV - ok
09:02:06.0177 0x0140  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
09:02:06.0208 0x0140  b06bdrv - ok
09:02:06.0255 0x0140  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:02:06.0255 0x0140  b57nd60a - ok
09:02:06.0302 0x0140  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:02:06.0302 0x0140  BDESVC - ok
09:02:06.0333 0x0140  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:02:06.0333 0x0140  Beep - ok
09:02:06.0427 0x0140  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
09:02:06.0442 0x0140  BFE - ok
09:02:06.0520 0x0140  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
09:02:06.0583 0x0140  BITS - ok
09:02:06.0598 0x0140  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:02:06.0598 0x0140  blbdrive - ok
09:02:06.0645 0x0140  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:02:06.0645 0x0140  bowser - ok
09:02:06.0676 0x0140  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:02:06.0676 0x0140  BrFiltLo - ok
09:02:06.0692 0x0140  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:02:06.0707 0x0140  BrFiltUp - ok
09:02:06.0754 0x0140  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:02:06.0754 0x0140  BridgeMP - ok
09:02:06.0801 0x0140  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
09:02:06.0817 0x0140  Browser - ok
09:02:06.0863 0x0140  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
09:02:06.0863 0x0140  Brserid - ok
09:02:06.0879 0x0140  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:02:06.0879 0x0140  BrSerWdm - ok
09:02:06.0895 0x0140  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:02:06.0895 0x0140  BrUsbMdm - ok
09:02:06.0910 0x0140  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:02:06.0910 0x0140  BrUsbSer - ok
09:02:06.0941 0x0140  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:02:06.0941 0x0140  BTHMODEM - ok
09:02:06.0988 0x0140  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
09:02:06.0988 0x0140  bthserv - ok
09:02:07.0004 0x0140  catchme - ok
09:02:07.0051 0x0140  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:02:07.0051 0x0140  cdfs - ok
09:02:07.0097 0x0140  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
09:02:07.0113 0x0140  cdrom - ok
09:02:07.0160 0x0140  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
09:02:07.0175 0x0140  CertPropSvc - ok
09:02:07.0207 0x0140  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:02:07.0207 0x0140  circlass - ok
09:02:07.0253 0x0140  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:02:07.0269 0x0140  CLFS - ok
09:02:07.0378 0x0140  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:02:07.0378 0x0140  clr_optimization_v2.0.50727_32 - ok
09:02:07.0409 0x0140  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:02:07.0409 0x0140  clr_optimization_v2.0.50727_64 - ok
09:02:07.0503 0x0140  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:02:07.0643 0x0140  clr_optimization_v4.0.30319_32 - ok
09:02:07.0690 0x0140  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:02:07.0784 0x0140  clr_optimization_v4.0.30319_64 - ok
09:02:07.0815 0x0140  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:02:07.0815 0x0140  CmBatt - ok
09:02:07.0846 0x0140  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:02:07.0846 0x0140  cmdide - ok
09:02:07.0924 0x0140  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG            C:\Windows\system32\Drivers\cng.sys
09:02:07.0955 0x0140  CNG - ok
09:02:08.0018 0x0140  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:02:08.0018 0x0140  Compbatt - ok
09:02:08.0080 0x0140  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:02:08.0080 0x0140  CompositeBus - ok
09:02:08.0111 0x0140  COMSysApp - ok
09:02:08.0127 0x0140  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
09:02:08.0127 0x0140  crcdisk - ok
09:02:08.0221 0x0140  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:02:08.0221 0x0140  CryptSvc - ok
09:02:08.0314 0x0140  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:02:08.0330 0x0140  DcomLaunch - ok
09:02:08.0377 0x0140  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
09:02:08.0392 0x0140  defragsvc - ok
09:02:08.0470 0x0140  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:02:08.0470 0x0140  DfsC - ok
09:02:08.0517 0x0140  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:02:08.0533 0x0140  Dhcp - ok
09:02:08.0579 0x0140  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:02:08.0579 0x0140  discache - ok
09:02:08.0611 0x0140  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:02:08.0611 0x0140  Disk - ok
09:02:08.0689 0x0140  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:02:08.0689 0x0140  Dnscache - ok
09:02:08.0767 0x0140  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
09:02:08.0782 0x0140  dot3svc - ok
09:02:08.0876 0x0140  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
09:02:08.0891 0x0140  DPS - ok
09:02:08.0969 0x0140  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
09:02:08.0969 0x0140  drmkaud - ok
09:02:09.0157 0x0140  [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1, 3508547FCE3B6ACA34511BB2C50A375E3894EBFAC656B9D1C82EA8439EFD8846 ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
09:02:09.0172 0x0140  DsiWMIService - ok
09:02:09.0281 0x0140  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
09:02:09.0297 0x0140  DXGKrnl - ok
09:02:09.0406 0x0140  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
09:02:09.0406 0x0140  EapHost - ok
09:02:10.0186 0x0140  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
09:02:10.0327 0x0140  ebdrv - ok
09:02:10.0389 0x0140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS            C:\Windows\System32\lsass.exe
09:02:10.0389 0x0140  EFS - ok
09:02:10.0483 0x0140  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
09:02:10.0529 0x0140  ehRecvr - ok
09:02:10.0561 0x0140  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
09:02:10.0576 0x0140  ehSched - ok
09:02:10.0639 0x0140  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
09:02:10.0654 0x0140  elxstor - ok
09:02:10.0826 0x0140  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
09:02:10.0857 0x0140  ePowerSvc - ok
09:02:10.0904 0x0140  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:02:10.0904 0x0140  ErrDev - ok
09:02:10.0951 0x0140  [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD            C:\Windows\system32\DRIVERS\ETD.sys
09:02:10.0951 0x0140  ETD - ok
09:02:10.0997 0x0140  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
09:02:10.0997 0x0140  EventSystem - ok
09:02:11.0044 0x0140  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
09:02:11.0044 0x0140  exfat - ok
09:02:11.0060 0x0140  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
09:02:11.0060 0x0140  fastfat - ok
09:02:11.0138 0x0140  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
09:02:11.0153 0x0140  Fax - ok
09:02:11.0200 0x0140  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
09:02:11.0200 0x0140  fdc - ok
09:02:11.0231 0x0140  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
09:02:11.0247 0x0140  fdPHost - ok
09:02:11.0263 0x0140  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:02:11.0263 0x0140  FDResPub - ok
09:02:11.0294 0x0140  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:02:11.0294 0x0140  FileInfo - ok
09:02:11.0309 0x0140  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
09:02:11.0309 0x0140  Filetrace - ok
09:02:11.0497 0x0140  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:02:11.0528 0x0140  FLEXnet Licensing Service - ok
09:02:11.0559 0x0140  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:02:11.0559 0x0140  flpydisk - ok
09:02:11.0637 0x0140  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:02:11.0653 0x0140  FltMgr - ok
09:02:11.0793 0x0140  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache      C:\Windows\system32\FntCache.dll
09:02:11.0809 0x0140  FontCache - ok
09:02:11.0902 0x0140  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:02:11.0902 0x0140  FontCache3.0.0.0 - ok
09:02:11.0949 0x0140  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
09:02:11.0949 0x0140  FsDepends - ok
09:02:11.0996 0x0140  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:02:12.0011 0x0140  Fs_Rec - ok
09:02:12.0074 0x0140  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:02:12.0074 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 8F6322049018354F45F05A2FD2D4E5E0, sha256: 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359
09:02:12.0074 0x0140  fvevol - detected LockedFile.Multi.Generic ( 1 )
09:02:14.0835 0x0140  Detect skipped due to KSN trusted
09:02:14.0835 0x0140  fvevol - ok
09:02:14.0897 0x0140  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:02:14.0897 0x0140  gagp30kx - ok
09:02:15.0038 0x0140  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
09:02:15.0069 0x0140  gpsvc - ok
09:02:15.0397 0x0140  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
09:02:15.0397 0x0140  GREGService - ok
09:02:15.0662 0x0140  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:02:15.0677 0x0140  gupdate - ok
09:02:15.0709 0x0140  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:02:15.0709 0x0140  gupdatem - ok
09:02:15.0989 0x0140  [ D619BA1712B83D14149850E758B835AD, AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
09:02:16.0005 0x0140  hardlock - ok
09:02:16.0005 0x0140  hasplms - ok
09:02:16.0208 0x0140  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:02:16.0208 0x0140  hcw85cir - ok
09:02:16.0582 0x0140  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:02:16.0582 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
09:02:16.0582 0x0140  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
09:02:19.0328 0x0140  Detect skipped due to KSN trusted
09:02:19.0328 0x0140  HdAudAddService - ok
09:02:19.0390 0x0140  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:02:19.0406 0x0140  HDAudBus - ok
09:02:19.0453 0x0140  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
09:02:19.0453 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
09:02:19.0453 0x0140  HECIx64 - detected LockedFile.Multi.Generic ( 1 )
09:02:22.0198 0x0140  Detect skipped due to KSN trusted
09:02:22.0198 0x0140  HECIx64 - ok
09:02:22.0261 0x0140  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
09:02:22.0261 0x0140  HidBatt - ok
09:02:22.0276 0x0140  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:02:22.0276 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
09:02:22.0276 0x0140  HidBth - detected LockedFile.Multi.Generic ( 1 )
09:02:25.0022 0x0140  Detect skipped due to KSN trusted
09:02:25.0022 0x0140  HidBth - ok
09:02:25.0069 0x0140  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
09:02:25.0069 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
09:02:25.0069 0x0140  HidIr - detected LockedFile.Multi.Generic ( 1 )
09:02:27.0908 0x0140  Detect skipped due to KSN trusted
09:02:27.0908 0x0140  HidIr - ok
09:02:27.0970 0x0140  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\System32\hidserv.dll
09:02:27.0986 0x0140  hidserv - ok
09:02:28.0017 0x0140  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:02:28.0017 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
09:02:28.0017 0x0140  HidUsb - detected LockedFile.Multi.Generic ( 1 )
09:02:30.0763 0x0140  Detect skipped due to KSN trusted
09:02:30.0763 0x0140  HidUsb - ok
09:02:30.0872 0x0140  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:02:30.0872 0x0140  hkmsvc - ok
09:02:30.0919 0x0140  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:02:30.0934 0x0140  HomeGroupListener - ok
09:02:30.0997 0x0140  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:02:31.0012 0x0140  HomeGroupProvider - ok
09:02:31.0075 0x0140  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:02:31.0075 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
09:02:31.0075 0x0140  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
09:02:33.0820 0x0140  Detect skipped due to KSN trusted
09:02:33.0820 0x0140  HpSAMD - ok
09:02:33.0929 0x0140  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:02:33.0929 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
09:02:33.0929 0x0140  HTTP - detected LockedFile.Multi.Generic ( 1 )
09:02:36.0753 0x0140  Detect skipped due to KSN trusted
09:02:36.0753 0x0140  HTTP - ok
09:02:36.0815 0x0140  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:02:36.0815 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
09:02:36.0815 0x0140  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
09:02:39.0655 0x0140  Detect skipped due to KSN trusted
09:02:39.0655 0x0140  hwpolicy - ok
09:02:39.0717 0x0140  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:02:39.0717 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
09:02:39.0733 0x0140  i8042prt - detected LockedFile.Multi.Generic ( 1 )
09:02:42.0478 0x0140  Detect skipped due to KSN trusted
09:02:42.0478 0x0140  i8042prt - ok
09:02:42.0587 0x0140  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:02:42.0587 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1384872112E8E7FD5786ECEB8BDDF4C9, sha256: DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02
09:02:42.0603 0x0140  iaStor - detected LockedFile.Multi.Generic ( 1 )
09:02:45.0411 0x0140  Detect skipped due to KSN trusted
09:02:45.0411 0x0140  iaStor - ok
09:02:45.0567 0x0140  [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:02:45.0567 0x0140  IAStorDataMgrSvc - ok
09:02:45.0770 0x0140  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
09:02:45.0770 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
09:02:45.0770 0x0140  iaStorV - detected LockedFile.Multi.Generic ( 1 )
09:02:48.0484 0x0140  Detect skipped due to KSN trusted
09:02:48.0484 0x0140  iaStorV - ok
09:02:48.0781 0x0140  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:02:48.0796 0x0140  idsvc - ok
09:02:48.0859 0x0140  IEEtwCollectorService - ok
09:02:48.0905 0x0140  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
09:02:48.0905 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
09:02:48.0905 0x0140  iirsp - detected LockedFile.Multi.Generic ( 1 )
09:02:51.0651 0x0140  Detect skipped due to KSN trusted
09:02:51.0651 0x0140  iirsp - ok
09:02:51.0729 0x0140  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:02:51.0760 0x0140  IKEEXT - ok
09:02:51.0916 0x0140  [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:02:51.0916 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 235362D403D9D677514649D88DB31914, sha256: 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965
09:02:51.0916 0x0140  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
09:02:54.0849 0x0140  Detect skipped due to KSN trusted
09:02:54.0849 0x0140  IntcAzAudAddService - ok
09:02:54.0911 0x0140  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:02:54.0911 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
09:02:54.0911 0x0140  intelide - detected LockedFile.Multi.Generic ( 1 )
09:02:57.0735 0x0140  Detect skipped due to KSN trusted
09:02:57.0735 0x0140  intelide - ok
09:02:57.0829 0x0140  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:02:57.0829 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
09:02:57.0844 0x0140  intelppm - detected LockedFile.Multi.Generic ( 1 )
09:03:00.0761 0x0140  Detect skipped due to KSN trusted
09:03:00.0761 0x0140  intelppm - ok
09:03:00.0824 0x0140  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
09:03:00.0824 0x0140  IPBusEnum - ok
09:03:00.0871 0x0140  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:03:00.0871 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
09:03:00.0871 0x0140  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
09:03:03.0725 0x0140  Detect skipped due to KSN trusted
09:03:03.0725 0x0140  IpFilterDriver - ok
09:03:03.0819 0x0140  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:03:03.0850 0x0140  iphlpsvc - ok
09:03:03.0881 0x0140  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
09:03:03.0881 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
09:03:03.0881 0x0140  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
09:03:06.0705 0x0140  Detect skipped due to KSN trusted
09:03:06.0705 0x0140  IPMIDRV - ok
09:03:06.0767 0x0140  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
09:03:06.0767 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
09:03:06.0767 0x0140  IPNAT - detected LockedFile.Multi.Generic ( 1 )
09:03:09.0591 0x0140  Detect skipped due to KSN trusted
09:03:09.0591 0x0140  IPNAT - ok
09:03:09.0653 0x0140  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:03:09.0653 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
09:03:09.0653 0x0140  IRENUM - detected LockedFile.Multi.Generic ( 1 )
09:03:12.0493 0x0140  Detect skipped due to KSN trusted
09:03:12.0493 0x0140  IRENUM - ok
09:03:12.0555 0x0140  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:03:12.0555 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
09:03:12.0555 0x0140  isapnp - detected LockedFile.Multi.Generic ( 1 )
09:03:15.0457 0x0140  Detect skipped due to KSN trusted
09:03:15.0457 0x0140  isapnp - ok
09:03:15.0503 0x0140  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:03:15.0503 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: 96BB922A0981BC7432C8CF52B5410FE6, sha256: 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA
09:03:15.0503 0x0140  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
09:03:18.0343 0x0140  Detect skipped due to KSN trusted
09:03:18.0343 0x0140  iScsiPrt - ok
09:03:18.0436 0x0140  [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
09:03:18.0436 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 37E053A2CF8F0082B689ED74106E0CEC, sha256: 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7
09:03:18.0436 0x0140  k57nd60a - detected LockedFile.Multi.Generic ( 1 )
09:03:21.0260 0x0140  Detect skipped due to KSN trusted
09:03:21.0260 0x0140  k57nd60a - ok
09:03:21.0322 0x0140  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:03:21.0322 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
09:03:21.0322 0x0140  kbdclass - detected LockedFile.Multi.Generic ( 1 )
09:03:24.0084 0x0140  Detect skipped due to KSN trusted
09:03:24.0084 0x0140  kbdclass - ok
09:03:24.0146 0x0140  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:03:24.0146 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
09:03:24.0146 0x0140  kbdhid - detected LockedFile.Multi.Generic ( 1 )
09:03:26.0892 0x0140  Detect skipped due to KSN trusted
09:03:26.0892 0x0140  kbdhid - ok
09:03:26.0954 0x0140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:03:26.0970 0x0140  KeyIso - ok
09:03:27.0001 0x0140  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:03:27.0001 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 353009DEDF918B2A51414F330CF72DEC, sha256: BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2
09:03:27.0001 0x0140  KSecDD - detected LockedFile.Multi.Generic ( 1 )
09:03:29.0840 0x0140  Detect skipped due to KSN trusted
09:03:29.0840 0x0140  KSecDD - ok
09:03:29.0887 0x0140  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
09:03:29.0887 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 1C2D8E18AA8FD50CD04C15CC27F7F5AB, sha256: 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989
09:03:29.0887 0x0140  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
09:03:32.0710 0x0140  Detect skipped due to KSN trusted
09:03:32.0710 0x0140  KSecPkg - ok
09:03:32.0773 0x0140  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
09:03:32.0773 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
09:03:32.0773 0x0140  ksthunk - detected LockedFile.Multi.Generic ( 1 )
09:03:35.0596 0x0140  Detect skipped due to KSN trusted
09:03:35.0596 0x0140  ksthunk - ok
09:03:35.0674 0x0140  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
09:03:35.0706 0x0140  KtmRm - ok
09:03:35.0752 0x0140  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:03:35.0752 0x0140  LanmanServer - ok
09:03:35.0799 0x0140  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:03:35.0815 0x0140  LanmanWorkstation - ok
09:03:35.0846 0x0140  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:03:35.0846 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
09:03:35.0846 0x0140  lltdio - detected LockedFile.Multi.Generic ( 1 )
09:03:38.0685 0x0140  Detect skipped due to KSN trusted
09:03:38.0685 0x0140  lltdio - ok
09:03:38.0763 0x0140  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
09:03:38.0794 0x0140  lltdsvc - ok
09:03:38.0826 0x0140  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
09:03:38.0826 0x0140  lmhosts - ok
09:03:38.0872 0x0140  [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:03:38.0888 0x0140  LMS - ok
09:03:38.0919 0x0140  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:03:38.0919 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
09:03:38.0919 0x0140  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
09:03:41.0680 0x0140  Detect skipped due to KSN trusted
09:03:41.0680 0x0140  LSI_FC - ok
09:03:41.0727 0x0140  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
09:03:41.0727 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
09:03:41.0727 0x0140  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
09:03:44.0488 0x0140  Detect skipped due to KSN trusted
09:03:44.0488 0x0140  LSI_SAS - ok
09:03:44.0535 0x0140  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:03:44.0535 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
09:03:44.0535 0x0140  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
09:03:47.0265 0x0140  Detect skipped due to KSN trusted
09:03:47.0265 0x0140  LSI_SAS2 - ok
09:03:47.0312 0x0140  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:03:47.0312 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
09:03:47.0312 0x0140  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
09:03:50.0089 0x0140  Detect skipped due to KSN trusted
09:03:50.0089 0x0140  LSI_SCSI - ok
09:03:50.0136 0x0140  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\Windows\system32\drivers\luafv.sys
09:03:50.0136 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
09:03:50.0136 0x0140  luafv - detected LockedFile.Multi.Generic ( 1 )
09:03:52.0897 0x0140  Detect skipped due to KSN trusted
09:03:52.0897 0x0140  luafv - ok
09:03:52.0959 0x0140  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
09:03:52.0959 0x0140  Mcx2Svc - ok
09:03:52.0990 0x0140  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
09:03:52.0990 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
09:03:52.0990 0x0140  megasas - detected LockedFile.Multi.Generic ( 1 )
09:03:55.0720 0x0140  Detect skipped due to KSN trusted
09:03:55.0720 0x0140  megasas - ok
09:03:55.0752 0x0140  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:03:55.0752 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
09:03:55.0752 0x0140  MegaSR - detected LockedFile.Multi.Generic ( 1 )
09:03:58.0482 0x0140  Detect skipped due to KSN trusted
09:03:58.0482 0x0140  MegaSR - ok
09:03:58.0528 0x0140  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
09:03:58.0544 0x0140  MMCSS - ok
09:03:58.0575 0x0140  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\Windows\system32\drivers\modem.sys
09:03:58.0575 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
09:03:58.0575 0x0140  Modem - detected LockedFile.Multi.Generic ( 1 )
09:04:01.0399 0x0140  Detect skipped due to KSN trusted
09:04:01.0399 0x0140  Modem - ok
09:04:01.0461 0x0140  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
09:04:01.0461 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
09:04:01.0461 0x0140  monitor - detected LockedFile.Multi.Generic ( 1 )
09:04:04.0222 0x0140  Detect skipped due to KSN trusted
09:04:04.0222 0x0140  monitor - ok
09:04:04.0316 0x0140  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
09:04:04.0316 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MijXfilt.sys. md5: C030F9E822A057C1A7A9BB4EA3E8877E, sha256: 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A
09:04:04.0316 0x0140  MotioninJoyXFilter - detected LockedFile.Multi.Generic ( 1 )
09:04:07.0155 0x0140  Detect skipped due to KSN trusted
09:04:07.0155 0x0140  MotioninJoyXFilter - ok
09:04:07.0249 0x0140  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:04:07.0249 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
09:04:07.0249 0x0140  mouclass - detected LockedFile.Multi.Generic ( 1 )
09:04:09.0994 0x0140  Detect skipped due to KSN trusted
09:04:09.0994 0x0140  mouclass - ok
09:04:10.0072 0x0140  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:04:10.0072 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
09:04:10.0072 0x0140  mouhid - detected LockedFile.Multi.Generic ( 1 )
09:04:12.0834 0x0140  Detect skipped due to KSN trusted
09:04:12.0834 0x0140  mouhid - ok
09:04:12.0912 0x0140  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:04:12.0912 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
09:04:12.0912 0x0140  mountmgr - detected LockedFile.Multi.Generic ( 1 )
09:04:15.0673 0x0140  Detect skipped due to KSN trusted
09:04:15.0673 0x0140  mountmgr - ok
09:04:15.0751 0x0140  [ 96AA8BA23142CC8E2B30F3CAE0C80254, C65380761373DAD16425211FBA0B4E15F260F79A1FF328B1314076D732EE6F0E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:04:15.0751 0x0140  MozillaMaintenance - ok
09:04:15.0798 0x0140  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:04:15.0798 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
09:04:15.0798 0x0140  mpio - detected LockedFile.Multi.Generic ( 1 )
09:04:18.0559 0x0140  Detect skipped due to KSN trusted
09:04:18.0559 0x0140  mpio - ok
09:04:18.0621 0x0140  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:04:18.0621 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
09:04:18.0621 0x0140  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
09:04:21.0445 0x0140  Detect skipped due to KSN trusted
09:04:21.0445 0x0140  mpsdrv - ok
09:04:21.0570 0x0140  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:04:21.0585 0x0140  MpsSvc - ok
09:04:21.0632 0x0140  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:04:21.0632 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 1A4F75E63C9FB84B85DFFC6B63FD5404, sha256: 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F
09:04:21.0632 0x0140  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
09:04:24.0378 0x0140  Detect skipped due to KSN trusted
09:04:24.0378 0x0140  MRxDAV - ok
09:04:24.0440 0x0140  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:04:24.0440 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
09:04:24.0440 0x0140  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
09:04:27.0186 0x0140  Detect skipped due to KSN trusted
09:04:27.0201 0x0140  mrxsmb - ok
09:04:27.0264 0x0140  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:04:27.0264 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
09:04:27.0264 0x0140  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
09:04:30.0009 0x0140  Detect skipped due to KSN trusted
09:04:30.0009 0x0140  mrxsmb10 - ok
09:04:30.0072 0x0140  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:04:30.0072 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
09:04:30.0072 0x0140  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
09:04:32.0833 0x0140  Detect skipped due to KSN trusted
09:04:32.0833 0x0140  mrxsmb20 - ok
09:04:32.0911 0x0140  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:04:32.0911 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
09:04:32.0911 0x0140  msahci - detected LockedFile.Multi.Generic ( 1 )
09:04:35.0656 0x0140  Detect skipped due to KSN trusted
09:04:35.0656 0x0140  msahci - ok
09:04:35.0719 0x0140  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
09:04:35.0719 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
09:04:35.0719 0x0140  msdsm - detected LockedFile.Multi.Generic ( 1 )
09:04:38.0542 0x0140  Detect skipped due to KSN trusted
09:04:38.0542 0x0140  msdsm - ok
09:04:38.0589 0x0140  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
09:04:38.0605 0x0140  MSDTC - ok
09:04:38.0652 0x0140  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:04:38.0652 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
09:04:38.0652 0x0140  Msfs - detected LockedFile.Multi.Generic ( 1 )
09:04:41.0413 0x0140  Detect skipped due to KSN trusted
09:04:41.0413 0x0140  Msfs - ok
09:04:41.0460 0x0140  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
09:04:41.0460 0x0140  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
09:04:41.0475 0x0140  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
09:04:44.0299 0x0140  Detect skipped due to KSN trusted
09:04:44.0299 0x0140  mshidkmdf - ok
09:04:44.0361 0x0140  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:04:44.0361 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
09:04:44.0361 0x0140  msisadrv - detected LockedFile.Multi.Generic ( 1 )
09:04:47.0216 0x0140  Detect skipped due to KSN trusted
09:04:47.0216 0x0140  msisadrv - ok
09:04:47.0263 0x0140  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
09:04:47.0278 0x0140  MSiSCSI - ok
09:04:47.0278 0x0140  msiserver - ok
09:04:47.0325 0x0140  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
09:04:47.0325 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
09:04:47.0325 0x0140  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
09:04:50.0149 0x0140  Detect skipped due to KSN trusted
09:04:50.0149 0x0140  MSKSSRV - ok
09:04:50.0196 0x0140  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:04:50.0196 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
09:04:50.0196 0x0140  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
09:04:53.0019 0x0140  Detect skipped due to KSN trusted
09:04:53.0019 0x0140  MSPCLOCK - ok
09:04:53.0066 0x0140  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
09:04:53.0066 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
09:04:53.0066 0x0140  MSPQM - detected LockedFile.Multi.Generic ( 1 )
09:04:55.0874 0x0140  Detect skipped due to KSN trusted
09:04:55.0874 0x0140  MSPQM - ok
09:04:55.0952 0x0140  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
09:04:55.0952 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
09:04:55.0952 0x0140  MsRPC - detected LockedFile.Multi.Generic ( 1 )
09:04:58.0698 0x0140  Detect skipped due to KSN trusted
09:04:58.0698 0x0140  MsRPC - ok
09:04:58.0760 0x0140  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:04:58.0760 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
09:04:58.0760 0x0140  mssmbios - detected LockedFile.Multi.Generic ( 1 )

VChecker1992 26.08.2014 08:58
TSSKiller Logfile Teil2:
Code:
09:05:01.0630 0x0140  Detect skipped due to KSN trusted
09:05:01.0630 0x0140  mssmbios - ok
09:05:01.0677 0x0140  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
09:05:01.0677 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
09:05:01.0677 0x0140  MSTEE - detected LockedFile.Multi.Generic ( 1 )
09:05:04.0438 0x0140  Detect skipped due to KSN trusted
09:05:04.0438 0x0140  MSTEE - ok
09:05:04.0532 0x0140  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:05:04.0532 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
09:05:04.0532 0x0140  MTConfig - detected LockedFile.Multi.Generic ( 1 )
09:05:07.0278 0x0140  Detect skipped due to KSN trusted
09:05:07.0278 0x0140  MTConfig - ok
09:05:07.0324 0x0140  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\Windows\system32\Drivers\mup.sys
09:05:07.0324 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
09:05:07.0324 0x0140  Mup - detected LockedFile.Multi.Generic ( 1 )
09:05:10.0164 0x0140  Detect skipped due to KSN trusted
09:05:10.0164 0x0140  Mup - ok
09:05:10.0242 0x0140  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:05:10.0257 0x0140  napagent - ok
09:05:10.0304 0x0140  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
09:05:10.0304 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
09:05:10.0320 0x0140  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
09:05:13.0065 0x0140  Detect skipped due to KSN trusted
09:05:13.0065 0x0140  NativeWifiP - ok
09:05:13.0190 0x0140  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:05:13.0190 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
09:05:13.0190 0x0140  NDIS - detected LockedFile.Multi.Generic ( 1 )
09:05:15.0936 0x0140  Detect skipped due to KSN trusted
09:05:15.0936 0x0140  NDIS - ok
09:05:16.0014 0x0140  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
09:05:16.0014 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
09:05:16.0014 0x0140  NdisCap - detected LockedFile.Multi.Generic ( 1 )
09:05:18.0759 0x0140  Detect skipped due to KSN trusted
09:05:18.0759 0x0140  NdisCap - ok
09:05:18.0806 0x0140  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:05:18.0806 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
09:05:18.0806 0x0140  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
09:05:21.0567 0x0140  Detect skipped due to KSN trusted
09:05:21.0567 0x0140  NdisTapi - ok
09:05:21.0630 0x0140  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
09:05:21.0630 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
09:05:21.0630 0x0140  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
09:05:24.0469 0x0140  Detect skipped due to KSN trusted
09:05:24.0469 0x0140  Ndisuio - ok
09:05:24.0531 0x0140  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
09:05:24.0531 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
09:05:24.0531 0x0140  NdisWan - detected LockedFile.Multi.Generic ( 1 )
09:05:27.0355 0x0140  Detect skipped due to KSN trusted
09:05:27.0355 0x0140  NdisWan - ok
09:05:27.0417 0x0140  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
09:05:27.0417 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
09:05:27.0417 0x0140  NDProxy - detected LockedFile.Multi.Generic ( 1 )
09:05:30.0179 0x0140  Detect skipped due to KSN trusted
09:05:30.0179 0x0140  NDProxy - ok
09:05:30.0241 0x0140  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
09:05:30.0241 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
09:05:30.0241 0x0140  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
09:05:33.0002 0x0140  Detect skipped due to KSN trusted
09:05:33.0002 0x0140  NetBIOS - ok
09:05:33.0080 0x0140  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
09:05:33.0080 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
09:05:33.0080 0x0140  NetBT - detected LockedFile.Multi.Generic ( 1 )
09:05:35.0904 0x0140  Detect skipped due to KSN trusted
09:05:35.0904 0x0140  NetBT - ok
09:05:35.0966 0x0140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:05:35.0982 0x0140  Netlogon - ok
09:05:36.0029 0x0140  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:05:36.0044 0x0140  Netman - ok
09:05:36.0091 0x0140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:36.0138 0x0140  NetMsmqActivator - ok
09:05:36.0153 0x0140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:36.0169 0x0140  NetPipeActivator - ok
09:05:36.0200 0x0140  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:05:36.0216 0x0140  netprofm - ok
09:05:36.0216 0x0140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:36.0216 0x0140  NetTcpActivator - ok
09:05:36.0231 0x0140  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:36.0231 0x0140  NetTcpPortSharing - ok
09:05:36.0263 0x0140  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
09:05:36.0263 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
09:05:36.0263 0x0140  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
09:05:39.0008 0x0140  Detect skipped due to KSN trusted
09:05:39.0008 0x0140  nfrd960 - ok
09:05:39.0071 0x0140  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:05:39.0086 0x0140  NlaSvc - ok
09:05:39.0117 0x0140  NLNdisMP - ok
09:05:39.0149 0x0140  NLNdisPT - ok
09:05:39.0180 0x0140  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:05:39.0180 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
09:05:39.0180 0x0140  Npfs - detected LockedFile.Multi.Generic ( 1 )
09:05:42.0035 0x0140  Detect skipped due to KSN trusted
09:05:42.0035 0x0140  Npfs - ok
09:05:42.0097 0x0140  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\Windows\system32\nsisvc.dll
09:05:42.0113 0x0140  nsi - ok
09:05:42.0113 0x0140  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:05:42.0113 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
09:05:42.0113 0x0140  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
09:05:44.0952 0x0140  Detect skipped due to KSN trusted
09:05:44.0952 0x0140  nsiproxy - ok
09:05:45.0092 0x0140  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:05:45.0092 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 1A29A59A4C5BA6F8C85062A613B7E2B2, sha256: CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1
09:05:45.0092 0x0140  Ntfs - detected LockedFile.Multi.Generic ( 1 )
09:05:48.0259 0x0140  Detect skipped due to KSN trusted
09:05:48.0259 0x0140  Ntfs - ok
09:05:48.0384 0x0140  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
09:05:48.0399 0x0140  NTI IScheduleSvc - ok
09:05:48.0431 0x0140  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
09:05:48.0431 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NTIDrvr.sys. md5: EE3BA1024594D5D09E314F206B94069E, sha256: 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6
09:05:48.0431 0x0140  NTIDrvr - detected LockedFile.Multi.Generic ( 1 )
09:05:51.0176 0x0140  Detect skipped due to KSN trusted
09:05:51.0176 0x0140  NTIDrvr - ok
09:05:51.0239 0x0140  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:05:51.0239 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
09:05:51.0239 0x0140  Null - detected LockedFile.Multi.Generic ( 1 )
09:05:54.0093 0x0140  Detect skipped due to KSN trusted
09:05:54.0093 0x0140  Null - ok
09:05:54.0171 0x0140  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:05:54.0171 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
09:05:54.0171 0x0140  nvraid - detected LockedFile.Multi.Generic ( 1 )
09:05:56.0901 0x0140  Detect skipped due to KSN trusted
09:05:56.0901 0x0140  nvraid - ok
09:05:56.0948 0x0140  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:05:56.0948 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
09:05:56.0948 0x0140  nvstor - detected LockedFile.Multi.Generic ( 1 )
09:05:59.0756 0x0140  Detect skipped due to KSN trusted
09:05:59.0756 0x0140  nvstor - ok
09:05:59.0819 0x0140  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:05:59.0819 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
09:05:59.0819 0x0140  nv_agp - detected LockedFile.Multi.Generic ( 1 )
09:06:02.0611 0x0140  Detect skipped due to KSN trusted
09:06:02.0611 0x0140  nv_agp - ok
09:06:02.0751 0x0140  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:06:02.0783 0x0140  odserv - ok
09:06:02.0814 0x0140  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:06:02.0814 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
09:06:02.0814 0x0140  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
09:06:05.0669 0x0140  Detect skipped due to KSN trusted
09:06:05.0669 0x0140  ohci1394 - ok
09:06:05.0747 0x0140  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:06:05.0762 0x0140  ose - ok
09:06:05.0809 0x0140  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:06:05.0840 0x0140  p2pimsvc - ok
09:06:05.0871 0x0140  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:06:05.0887 0x0140  p2psvc - ok
09:06:05.0918 0x0140  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
09:06:05.0934 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
09:06:05.0934 0x0140  Parport - detected LockedFile.Multi.Generic ( 1 )
09:06:08.0757 0x0140  Detect skipped due to KSN trusted
09:06:08.0757 0x0140  Parport - ok
09:06:08.0820 0x0140  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
09:06:08.0820 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
09:06:08.0820 0x0140  partmgr - detected LockedFile.Multi.Generic ( 1 )
09:06:11.0643 0x0140  Detect skipped due to KSN trusted
09:06:11.0643 0x0140  partmgr - ok
09:06:11.0706 0x0140  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:06:11.0721 0x0140  PcaSvc - ok
09:06:11.0768 0x0140  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\Windows\system32\drivers\pci.sys
09:06:11.0768 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
09:06:11.0768 0x0140  pci - detected LockedFile.Multi.Generic ( 1 )
09:06:14.0607 0x0140  Detect skipped due to KSN trusted
09:06:14.0607 0x0140  pci - ok
09:06:14.0685 0x0140  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:06:14.0685 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
09:06:14.0685 0x0140  pciide - detected LockedFile.Multi.Generic ( 1 )
09:06:17.0525 0x0140  Detect skipped due to KSN trusted
09:06:17.0525 0x0140  pciide - ok
09:06:17.0540 0x0140  PCLEPCI - ok
09:06:17.0571 0x0140  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:06:17.0571 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
09:06:17.0571 0x0140  pcmcia - detected LockedFile.Multi.Generic ( 1 )
09:06:20.0333 0x0140  Detect skipped due to KSN trusted
09:06:20.0333 0x0140  pcmcia - ok
09:06:20.0379 0x0140  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
09:06:20.0379 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
09:06:20.0379 0x0140  pcw - detected LockedFile.Multi.Generic ( 1 )
09:06:23.0219 0x0140  Detect skipped due to KSN trusted
09:06:23.0219 0x0140  pcw - ok
09:06:23.0297 0x0140  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:06:23.0297 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
09:06:23.0297 0x0140  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
09:06:26.0136 0x0140  Detect skipped due to KSN trusted
09:06:26.0136 0x0140  PEAUTH - ok
09:06:26.0307 0x0140  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:06:26.0307 0x0140  PerfHost - ok
09:06:26.0401 0x0140  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\Windows\system32\pla.dll
09:06:26.0463 0x0140  pla - ok
09:06:26.0510 0x0140  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:06:26.0526 0x0140  PlugPlay - ok
09:06:26.0541 0x0140  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
09:06:26.0541 0x0140  PNRPAutoReg - ok
09:06:26.0573 0x0140  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
09:06:26.0573 0x0140  PNRPsvc - ok
09:06:26.0635 0x0140  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
09:06:26.0651 0x0140  PolicyAgent - ok
09:06:26.0697 0x0140  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\Windows\system32\umpo.dll
09:06:26.0697 0x0140  Power - ok
09:06:26.0744 0x0140  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:06:26.0744 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
09:06:26.0744 0x0140  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
09:06:29.0490 0x0140  Detect skipped due to KSN trusted
09:06:29.0490 0x0140  PptpMiniport - ok
09:06:29.0552 0x0140  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
09:06:29.0552 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
09:06:29.0552 0x0140  Processor - detected LockedFile.Multi.Generic ( 1 )
09:06:32.0298 0x0140  Detect skipped due to KSN trusted
09:06:32.0298 0x0140  Processor - ok
09:06:32.0376 0x0140  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc        C:\Windows\system32\profsvc.dll
09:06:32.0376 0x0140  ProfSvc - ok
09:06:32.0407 0x0140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:06:32.0407 0x0140  ProtectedStorage - ok
09:06:32.0469 0x0140  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:06:32.0469 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
09:06:32.0469 0x0140  Psched - detected LockedFile.Multi.Generic ( 1 )
09:06:35.0324 0x0140  Detect skipped due to KSN trusted
09:06:35.0324 0x0140  Psched - ok
09:06:35.0449 0x0140  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:06:35.0449 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
09:06:35.0449 0x0140  ql2300 - detected LockedFile.Multi.Generic ( 1 )
09:06:38.0226 0x0140  Detect skipped due to KSN trusted
09:06:38.0226 0x0140  ql2300 - ok
09:06:38.0304 0x0140  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:06:38.0304 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
09:06:38.0304 0x0140  ql40xx - detected LockedFile.Multi.Generic ( 1 )
09:06:41.0049 0x0140  Detect skipped due to KSN trusted
09:06:41.0049 0x0140  ql40xx - ok
09:06:41.0127 0x0140  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
09:06:41.0143 0x0140  QWAVE - ok
09:06:41.0159 0x0140  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:06:41.0159 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
09:06:41.0159 0x0140  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
09:06:43.0982 0x0140  Detect skipped due to KSN trusted
09:06:43.0982 0x0140  QWAVEdrv - ok
09:06:44.0029 0x0140  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:06:44.0029 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
09:06:44.0029 0x0140  RasAcd - detected LockedFile.Multi.Generic ( 1 )
09:06:46.0853 0x0140  Detect skipped due to KSN trusted
09:06:46.0853 0x0140  RasAcd - ok
09:06:46.0899 0x0140  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
09:06:46.0899 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
09:06:46.0899 0x0140  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
09:06:49.0645 0x0140  Detect skipped due to KSN trusted
09:06:49.0645 0x0140  RasAgileVpn - ok
09:06:49.0707 0x0140  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
09:06:49.0723 0x0140  RasAuto - ok
09:06:49.0770 0x0140  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
09:06:49.0770 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
09:06:49.0770 0x0140  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
09:06:52.0531 0x0140  Detect skipped due to KSN trusted
09:06:52.0531 0x0140  Rasl2tp - ok
09:06:52.0609 0x0140  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:06:52.0625 0x0140  RasMan - ok
09:06:52.0640 0x0140  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:06:52.0640 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
09:06:52.0640 0x0140  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
09:06:55.0464 0x0140  Detect skipped due to KSN trusted
09:06:55.0464 0x0140  RasPppoe - ok
09:06:55.0511 0x0140  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
09:06:55.0511 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
09:06:55.0511 0x0140  RasSstp - detected LockedFile.Multi.Generic ( 1 )
09:06:58.0272 0x0140  Detect skipped due to KSN trusted
09:06:58.0272 0x0140  RasSstp - ok
09:06:58.0365 0x0140  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
09:06:58.0365 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
09:06:58.0365 0x0140  rdbss - detected LockedFile.Multi.Generic ( 1 )
09:07:01.0189 0x0140  Detect skipped due to KSN trusted
09:07:01.0189 0x0140  rdbss - ok
09:07:01.0236 0x0140  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:07:01.0236 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
09:07:01.0236 0x0140  rdpbus - detected LockedFile.Multi.Generic ( 1 )
09:07:04.0044 0x0140  Detect skipped due to KSN trusted
09:07:04.0044 0x0140  rdpbus - ok
09:07:04.0106 0x0140  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:07:04.0106 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
09:07:04.0106 0x0140  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
09:07:06.0946 0x0140  Detect skipped due to KSN trusted
09:07:06.0946 0x0140  RDPCDD - ok
09:07:06.0992 0x0140  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:07:06.0992 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
09:07:06.0992 0x0140  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
09:07:09.0738 0x0140  Detect skipped due to KSN trusted
09:07:09.0738 0x0140  RDPENCDD - ok
09:07:09.0800 0x0140  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:07:09.0800 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
09:07:09.0800 0x0140  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
09:07:12.0546 0x0140  Detect skipped due to KSN trusted
09:07:12.0546 0x0140  RDPREFMP - ok
09:07:12.0640 0x0140  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:07:12.0640 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 313F68E1A3E6345A4F47A36B07062F34, sha256: B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F
09:07:12.0640 0x0140  RdpVideoMiniport - detected LockedFile.Multi.Generic ( 1 )
09:07:15.0479 0x0140  Detect skipped due to KSN trusted
09:07:15.0479 0x0140  RdpVideoMiniport - ok
09:07:15.0541 0x0140  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
09:07:15.0541 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
09:07:15.0541 0x0140  RDPWD - detected LockedFile.Multi.Generic ( 1 )
09:07:18.0287 0x0140  Detect skipped due to KSN trusted
09:07:18.0287 0x0140  RDPWD - ok
09:07:18.0380 0x0140  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:07:18.0380 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
09:07:18.0396 0x0140  rdyboost - detected LockedFile.Multi.Generic ( 1 )
09:07:21.0142 0x0140  Detect skipped due to KSN trusted
09:07:21.0142 0x0140  rdyboost - ok
09:07:21.0204 0x0140  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:07:21.0220 0x0140  RemoteAccess - ok
09:07:21.0251 0x0140  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:07:21.0251 0x0140  RemoteRegistry - ok
09:07:21.0298 0x0140  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:07:21.0298 0x0140  RpcEptMapper - ok
09:07:21.0329 0x0140  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:07:21.0329 0x0140  RpcLocator - ok
09:07:21.0391 0x0140  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\Windows\system32\rpcss.dll
09:07:21.0407 0x0140  RpcSs - ok
09:07:21.0454 0x0140  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:07:21.0454 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
09:07:21.0454 0x0140  rspndr - detected LockedFile.Multi.Generic ( 1 )
09:07:24.0199 0x0140  Detect skipped due to KSN trusted
09:07:24.0199 0x0140  rspndr - ok
09:07:24.0293 0x0140  [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
09:07:24.0293 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 763AE0C6D9DF4C24B7E2C26036A8188A, sha256: 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48
09:07:24.0293 0x0140  RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
09:07:27.0116 0x0140  Detect skipped due to KSN trusted
09:07:27.0116 0x0140  RSUSBSTOR - ok
09:07:27.0194 0x0140  [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
09:07:27.0194 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: D6D381B76056C668679723938F06F16C, sha256: A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341
09:07:27.0194 0x0140  RTHDMIAzAudService - detected LockedFile.Multi.Generic ( 1 )
09:07:29.0956 0x0140  Detect skipped due to KSN trusted
09:07:29.0956 0x0140  RTHDMIAzAudService - ok
09:07:30.0065 0x0140  [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
09:07:30.0065 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RTL8192su.sys. md5: B3F36B4B3F192EA87DDC119F3A0B3E45, sha256: DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7
09:07:30.0080 0x0140  RTL8192su - detected LockedFile.Multi.Generic ( 1 )
09:07:32.0873 0x0140  Detect skipped due to KSN trusted
09:07:32.0873 0x0140  RTL8192su - ok
09:07:32.0904 0x0140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs          C:\Windows\system32\lsass.exe
09:07:32.0904 0x0140  SamSs - ok
09:07:32.0951 0x0140  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:07:32.0951 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
09:07:32.0951 0x0140  sbp2port - detected LockedFile.Multi.Generic ( 1 )
09:07:35.0790 0x0140  Detect skipped due to KSN trusted
09:07:35.0790 0x0140  sbp2port - ok
09:07:35.0852 0x0140  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:07:35.0868 0x0140  SCardSvr - ok
09:07:35.0915 0x0140  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:07:35.0915 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
09:07:35.0915 0x0140  scfilter - detected LockedFile.Multi.Generic ( 1 )
09:07:38.0738 0x0140  Detect skipped due to KSN trusted
09:07:38.0738 0x0140  scfilter - ok
09:07:38.0832 0x0140  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:07:38.0863 0x0140  Schedule - ok
09:07:38.0894 0x0140  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\Windows\System32\certprop.dll
09:07:38.0894 0x0140  SCPolicySvc - ok
09:07:38.0941 0x0140  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:07:38.0941 0x0140  SDRSVC - ok
09:07:38.0988 0x0140  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:07:38.0988 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
09:07:38.0988 0x0140  secdrv - detected LockedFile.Multi.Generic ( 1 )
09:07:41.0734 0x0140  Detect skipped due to KSN trusted
09:07:41.0734 0x0140  secdrv - ok
09:07:41.0780 0x0140  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:07:41.0796 0x0140  seclogon - ok
09:07:41.0827 0x0140  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
09:07:41.0827 0x0140  SENS - ok
09:07:41.0843 0x0140  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:07:41.0843 0x0140  SensrSvc - ok
09:07:41.0890 0x0140  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
09:07:41.0890 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
09:07:41.0890 0x0140  Serenum - detected LockedFile.Multi.Generic ( 1 )
09:07:44.0729 0x0140  Detect skipped due to KSN trusted
09:07:44.0729 0x0140  Serenum - ok
09:07:44.0791 0x0140  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:07:44.0791 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
09:07:44.0791 0x0140  Serial - detected LockedFile.Multi.Generic ( 1 )
09:07:47.0615 0x0140  Detect skipped due to KSN trusted
09:07:47.0615 0x0140  Serial - ok
09:07:47.0693 0x0140  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:07:47.0693 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
09:07:47.0693 0x0140  sermouse - detected LockedFile.Multi.Generic ( 1 )
09:07:50.0516 0x0140  Detect skipped due to KSN trusted
09:07:50.0516 0x0140  sermouse - ok
09:07:50.0594 0x0140  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:07:50.0594 0x0140  SessionEnv - ok
09:07:50.0610 0x0140  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
09:07:50.0626 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
09:07:50.0626 0x0140  sffdisk - detected LockedFile.Multi.Generic ( 1 )
09:07:53.0387 0x0140  Detect skipped due to KSN trusted
09:07:53.0387 0x0140  sffdisk - ok
09:07:53.0434 0x0140  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:07:53.0434 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
09:07:53.0434 0x0140  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
09:07:56.0257 0x0140  Detect skipped due to KSN trusted
09:07:56.0257 0x0140  sffp_mmc - ok
09:07:56.0257 0x0140  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
09:07:56.0257 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
09:07:56.0257 0x0140  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
09:07:59.0018 0x0140  Detect skipped due to KSN trusted
09:07:59.0018 0x0140  sffp_sd - ok
09:07:59.0081 0x0140  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
09:07:59.0081 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
09:07:59.0081 0x0140  sfloppy - detected LockedFile.Multi.Generic ( 1 )
09:08:01.0904 0x0140  Detect skipped due to KSN trusted
09:08:01.0904 0x0140  sfloppy - ok
09:08:01.0998 0x0140  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:08:02.0014 0x0140  SharedAccess - ok
09:08:02.0060 0x0140  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:08:02.0076 0x0140  ShellHWDetection - ok
09:08:02.0107 0x0140  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:08:02.0107 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
09:08:02.0107 0x0140  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
09:08:05.0305 0x0140  Detect skipped due to KSN trusted
09:08:05.0305 0x0140  SiSRaid2 - ok
09:08:05.0352 0x0140  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:08:05.0352 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
09:08:05.0352 0x0140  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
09:08:08.0207 0x0140  Detect skipped due to KSN trusted
09:08:08.0207 0x0140  SiSRaid4 - ok
09:08:08.0300 0x0140  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
09:08:08.0300 0x0140  SkypeUpdate - ok
09:08:08.0332 0x0140  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
09:08:08.0332 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
09:08:08.0332 0x0140  Smb - detected LockedFile.Multi.Generic ( 1 )
09:08:11.0171 0x0140  Detect skipped due to KSN trusted
09:08:11.0171 0x0140  Smb - ok
09:08:11.0233 0x0140  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:08:11.0233 0x0140  SNMPTRAP - ok
09:08:11.0264 0x0140  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
09:08:11.0264 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
09:08:11.0264 0x0140  spldr - detected LockedFile.Multi.Generic ( 1 )
09:08:14.0104 0x0140  Detect skipped due to KSN trusted
09:08:14.0104 0x0140  spldr - ok
09:08:14.0197 0x0140  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\Windows\System32\spoolsv.exe
09:08:14.0197 0x0140  Spooler - ok
09:08:14.0369 0x0140  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:08:14.0431 0x0140  sppsvc - ok
09:08:14.0462 0x0140  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
09:08:14.0462 0x0140  sppuinotify - ok
09:08:14.0509 0x0140  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\Windows\system32\DRIVERS\srv.sys
09:08:14.0509 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
09:08:14.0509 0x0140  srv - detected LockedFile.Multi.Generic ( 1 )
09:08:17.0473 0x0140  Detect skipped due to KSN trusted
09:08:17.0473 0x0140  srv - ok
09:08:17.0536 0x0140  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:08:17.0536 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
09:08:17.0536 0x0140  srv2 - detected LockedFile.Multi.Generic ( 1 )
09:08:20.0312 0x0140  Detect skipped due to KSN trusted
09:08:20.0312 0x0140  srv2 - ok
09:08:20.0359 0x0140  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:08:20.0359 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
09:08:20.0359 0x0140  srvnet - detected LockedFile.Multi.Generic ( 1 )
09:08:23.0105 0x0140  Detect skipped due to KSN trusted
09:08:23.0105 0x0140  srvnet - ok
09:08:23.0167 0x0140  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
09:08:23.0167 0x0140  SSDPSRV - ok
09:08:23.0183 0x0140  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
09:08:23.0198 0x0140  SstpSvc - ok
09:08:23.0230 0x0140  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:08:23.0230 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
09:08:23.0230 0x0140  stexstor - detected LockedFile.Multi.Generic ( 1 )
09:08:26.0053 0x0140  Detect skipped due to KSN trusted
09:08:26.0053 0x0140  stexstor - ok
09:08:26.0147 0x0140  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:08:26.0162 0x0140  stisvc - ok
09:08:26.0194 0x0140  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:08:26.0194 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
09:08:26.0209 0x0140  swenum - detected LockedFile.Multi.Generic ( 1 )
09:08:28.0939 0x0140  Detect skipped due to KSN trusted
09:08:28.0939 0x0140  swenum - ok
09:08:29.0017 0x0140  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\Windows\System32\swprv.dll
09:08:29.0048 0x0140  swprv - ok
09:08:29.0158 0x0140  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\Windows\system32\sysmain.dll
09:08:29.0189 0x0140  SysMain - ok
09:08:29.0220 0x0140  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:08:29.0220 0x0140  TabletInputService - ok
09:08:29.0282 0x0140  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\Windows\System32\tapisrv.dll
09:08:29.0282 0x0140  TapiSrv - ok
09:08:29.0298 0x0140  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\Windows\System32\tbssvc.dll
09:08:29.0298 0x0140  TBS - ok
09:08:29.0423 0x0140  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
09:08:29.0423 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, sha256: F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611
09:08:29.0438 0x0140  Tcpip - detected LockedFile.Multi.Generic ( 1 )
09:08:32.0356 0x0140  Detect skipped due to KSN trusted
09:08:32.0356 0x0140  Tcpip - ok
09:08:32.0480 0x0140  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:08:32.0480 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, sha256: F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611
09:08:32.0496 0x0140  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
09:08:32.0496 0x0140  Detect skipped due to KSN trusted
09:08:32.0496 0x0140  TCPIP6 - ok
09:08:32.0527 0x0140  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:08:32.0527 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 1B16D0BD9841794A6E0CDE0CEF744ABC, sha256: 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C
09:08:32.0527 0x0140  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
09:08:35.0257 0x0140  Detect skipped due to KSN trusted
09:08:35.0257 0x0140  tcpipreg - ok
09:08:35.0320 0x0140  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:08:35.0320 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
09:08:35.0320 0x0140  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
09:08:38.0081 0x0140  Detect skipped due to KSN trusted
09:08:38.0081 0x0140  TDPIPE - ok
09:08:38.0128 0x0140  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
09:08:38.0128 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
09:08:38.0128 0x0140  TDTCP - detected LockedFile.Multi.Generic ( 1 )
09:08:40.0873 0x0140  Detect skipped due to KSN trusted
09:08:40.0873 0x0140  TDTCP - ok
09:08:40.0936 0x0140  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
09:08:40.0936 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
09:08:40.0936 0x0140  tdx - detected LockedFile.Multi.Generic ( 1 )
09:08:43.0775 0x0140  Detect skipped due to KSN trusted
09:08:43.0775 0x0140  tdx - ok
09:08:43.0853 0x0140  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:08:43.0853 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
09:08:43.0853 0x0140  TermDD - detected LockedFile.Multi.Generic ( 1 )
09:08:46.0614 0x0140  Detect skipped due to KSN trusted
09:08:46.0614 0x0140  TermDD - ok
09:08:46.0723 0x0140  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService    C:\Windows\System32\termsrv.dll
09:08:46.0754 0x0140  TermService - ok
09:08:46.0770 0x0140  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:08:46.0786 0x0140  Themes - ok
09:08:46.0801 0x0140  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
09:08:46.0801 0x0140  THREADORDER - ok
09:08:46.0817 0x0140  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:08:46.0817 0x0140  TrkWks - ok
09:08:46.0879 0x0140  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:08:46.0895 0x0140  TrustedInstaller - ok
09:08:46.0942 0x0140  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:08:46.0942 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300
09:08:46.0942 0x0140  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
09:08:49.0765 0x0140  Detect skipped due to KSN trusted
09:08:49.0765 0x0140  tssecsrv - ok
09:08:49.0828 0x0140  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:08:49.0828 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: 17C6B51CBCCDED95B3CC14E22791F85E, sha256: EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C
09:08:49.0828 0x0140  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
09:08:52.0604 0x0140  Detect skipped due to KSN trusted
09:08:52.0604 0x0140  TsUsbFlt - ok
09:08:52.0667 0x0140  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:08:52.0667 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
09:08:52.0667 0x0140  tunnel - detected LockedFile.Multi.Generic ( 1 )
09:08:55.0506 0x0140  Detect skipped due to KSN trusted
09:08:55.0506 0x0140  tunnel - ok
09:08:55.0568 0x0140  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:08:55.0568 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
09:08:55.0568 0x0140  uagp35 - detected LockedFile.Multi.Generic ( 1 )
09:08:58.0330 0x0140  Detect skipped due to KSN trusted
09:08:58.0330 0x0140  uagp35 - ok
09:08:58.0376 0x0140  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
09:08:58.0376 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\UBHelper.sys. md5: A17D5E1A6DF4EAB0A480F2C490DE4C9D, sha256: 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B
09:08:58.0376 0x0140  UBHelper - detected LockedFile.Multi.Generic ( 1 )
09:09:01.0122 0x0140  Detect skipped due to KSN trusted
09:09:01.0122 0x0140  UBHelper - ok
09:09:01.0169 0x0140  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:09:01.0169 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
09:09:01.0169 0x0140  udfs - detected LockedFile.Multi.Generic ( 1 )
09:09:03.0930 0x0140  Detect skipped due to KSN trusted
09:09:03.0930 0x0140  udfs - ok
09:09:03.0993 0x0140  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
09:09:04.0008 0x0140  UI0Detect - ok
09:09:04.0024 0x0140  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:09:04.0024 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
09:09:04.0024 0x0140  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
09:09:06.0801 0x0140  Detect skipped due to KSN trusted
09:09:06.0801 0x0140  uliagpkx - ok
09:09:06.0879 0x0140  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
09:09:06.0879 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
09:09:06.0879 0x0140  umbus - detected LockedFile.Multi.Generic ( 1 )
09:09:09.0624 0x0140  Detect skipped due to KSN trusted
09:09:09.0624 0x0140  umbus - ok
09:09:09.0687 0x0140  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:09:09.0687 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
09:09:09.0687 0x0140  UmPass - detected LockedFile.Multi.Generic ( 1 )
09:09:12.0541 0x0140  Detect skipped due to KSN trusted
09:09:12.0541 0x0140  UmPass - ok
09:09:12.0729 0x0140  [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:09:12.0775 0x0140  UNS - ok
09:09:12.0853 0x0140  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
09:09:12.0869 0x0140  Updater Service - ok
09:09:12.0916 0x0140  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:09:12.0916 0x0140  upnphost - ok
09:09:12.0978 0x0140  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:09:12.0978 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbaudio.sys. md5: B0435098C81D04CAFFF80DDB746CD3A2, sha256: A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A
09:09:12.0978 0x0140  usbaudio - detected LockedFile.Multi.Generic ( 1 )
09:09:15.0708 0x0140  Detect skipped due to KSN trusted
09:09:15.0708 0x0140  usbaudio - ok
09:09:15.0771 0x0140  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
09:09:15.0771 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
09:09:15.0771 0x0140  usbccgp - detected LockedFile.Multi.Generic ( 1 )
09:09:18.0610 0x0140  Detect skipped due to KSN trusted
09:09:18.0610 0x0140  usbccgp - ok
09:09:18.0672 0x0140  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:09:18.0672 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
09:09:18.0672 0x0140  usbcir - detected LockedFile.Multi.Generic ( 1 )
09:09:21.0418 0x0140  Detect skipped due to KSN trusted
09:09:21.0418 0x0140  usbcir - ok
09:09:21.0480 0x0140  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
09:09:21.0480 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
09:09:21.0480 0x0140  usbehci - detected LockedFile.Multi.Generic ( 1 )
09:09:24.0319 0x0140  Detect skipped due to KSN trusted
09:09:24.0319 0x0140  usbehci - ok
09:09:24.0413 0x0140  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:09:24.0413 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
09:09:24.0429 0x0140  usbhub - detected LockedFile.Multi.Generic ( 1 )
09:09:27.0190 0x0140  Detect skipped due to KSN trusted
09:09:27.0190 0x0140  usbhub - ok
09:09:27.0237 0x0140  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\Windows\system32\drivers\usbohci.sys
09:09:27.0237 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
09:09:27.0237 0x0140  usbohci - detected LockedFile.Multi.Generic ( 1 )
09:09:29.0998 0x0140  Detect skipped due to KSN trusted
09:09:29.0998 0x0140  usbohci - ok
09:09:30.0045 0x0140  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:09:30.0045 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
09:09:30.0045 0x0140  usbprint - detected LockedFile.Multi.Generic ( 1 )
09:09:32.0837 0x0140  Detect skipped due to KSN trusted
09:09:32.0837 0x0140  usbprint - ok
09:09:32.0899 0x0140  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:09:32.0899 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
09:09:32.0899 0x0140  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
09:09:35.0739 0x0140  Detect skipped due to KSN trusted
09:09:35.0739 0x0140  USBSTOR - ok
09:09:35.0801 0x0140  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
09:09:35.0801 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
09:09:35.0801 0x0140  usbuhci - detected LockedFile.Multi.Generic ( 1 )
09:09:38.0640 0x0140  Detect skipped due to KSN trusted
09:09:38.0640 0x0140  usbuhci - ok
09:09:38.0718 0x0140  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:09:38.0718 0x0140  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
09:09:38.0718 0x0140  usbvideo - detected LockedFile.Multi.Generic ( 1 )
09:09:41.0542 0x0140  Detect skipped due to KSN trusted
09:09:41.0542 0x0140  usbvideo - ok
09:09:41.0589 0x0140  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\Windows\System32\uxsms.dll
09:09:41.0589 0x0140  UxSms - ok
09:09:41.0620 0x0140  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:09:41.0635 0x0140  VaultSvc - ok
09:09:41.0698 0x0140  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:09:41.0698 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
09:09:41.0713 0x0140  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
09:09:44.0537 0x0140  Detect skipped due to KSN trusted
09:09:44.0537 0x0140  vdrvroot - ok
09:09:44.0615 0x0140  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\Windows\System32\vds.exe
09:09:44.0662 0x0140  vds - ok
09:09:44.0693 0x0140  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
09:09:44.0709 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
09:09:44.0709 0x0140  vga - detected LockedFile.Multi.Generic ( 1 )
09:09:47.0485 0x0140  Detect skipped due to KSN trusted
09:09:47.0485 0x0140  vga - ok
09:09:47.0532 0x0140  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
09:09:47.0532 0x0140  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
09:09:47.0532 0x0140  VgaSave - detected LockedFile.Multi.Generic ( 1 )
09:09:50.0278 0x0140  Detect skipped due to KSN trusted
09:09:50.0278 0x0140  VgaSave - ok
09:09:50.0340 0x0140  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
09:09:50.0340 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
09:09:50.0340 0x0140  vhdmp - detected LockedFile.Multi.Generic ( 1 )
09:09:53.0179 0x0140  Detect skipped due to KSN trusted
09:09:53.0179 0x0140  vhdmp - ok
09:09:53.0226 0x0140  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:09:53.0226 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
09:09:53.0242 0x0140  viaide - detected LockedFile.Multi.Generic ( 1 )
09:09:56.0315 0x0140  Detect skipped due to KSN trusted
09:09:56.0315 0x0140  viaide - ok
09:09:56.0377 0x0140  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:09:56.0377 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
09:09:56.0377 0x0140  volmgr - detected LockedFile.Multi.Generic ( 1 )
09:09:59.0123 0x0140  Detect skipped due to KSN trusted
09:09:59.0123 0x0140  volmgr - ok
09:09:59.0201 0x0140  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
09:09:59.0201 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
09:09:59.0201 0x0140  volmgrx - detected LockedFile.Multi.Generic ( 1 )
09:10:02.0040 0x0140  Detect skipped due to KSN trusted
09:10:02.0040 0x0140  volmgrx - ok
09:10:02.0103 0x0140  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\Windows\system32\drivers\volsnap.sys
09:10:02.0103 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
09:10:02.0103 0x0140  volsnap - detected LockedFile.Multi.Generic ( 1 )
09:10:04.0942 0x0140  Detect skipped due to KSN trusted
09:10:04.0942 0x0140  volsnap - ok
09:10:05.0067 0x0140  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
09:10:05.0067 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
09:10:05.0067 0x0140  vsmraid - detected LockedFile.Multi.Generic ( 1 )
09:10:07.0906 0x0140  Detect skipped due to KSN trusted
09:10:07.0906 0x0140  vsmraid - ok
09:10:08.0062 0x0140  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\Windows\system32\vssvc.exe
09:10:08.0109 0x0140  VSS - ok
09:10:08.0124 0x0140  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:10:08.0124 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
09:10:08.0124 0x0140  vwifibus - detected LockedFile.Multi.Generic ( 1 )
09:10:10.0870 0x0140  Detect skipped due to KSN trusted
09:10:10.0870 0x0140  vwifibus - ok
09:10:10.0917 0x0140  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:10:10.0917 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
09:10:10.0917 0x0140  vwififlt - detected LockedFile.Multi.Generic ( 1 )
09:10:13.0756 0x0140  Detect skipped due to KSN trusted
09:10:13.0756 0x0140  vwififlt - ok
09:10:13.0803 0x0140  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
09:10:13.0803 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
09:10:13.0803 0x0140  vwifimp - detected LockedFile.Multi.Generic ( 1 )
09:10:16.0642 0x0140  Detect skipped due to KSN trusted
09:10:16.0642 0x0140  vwifimp - ok
09:10:16.0735 0x0140  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\Windows\system32\w32time.dll
09:10:16.0751 0x0140  W32Time - ok
09:10:16.0798 0x0140  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:10:16.0798 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
09:10:16.0798 0x0140  WacomPen - detected LockedFile.Multi.Generic ( 1 )
09:10:19.0543 0x0140  Detect skipped due to KSN trusted
09:10:19.0543 0x0140  WacomPen - ok
09:10:19.0621 0x0140  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:10:19.0621 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
09:10:19.0621 0x0140  WANARP - detected LockedFile.Multi.Generic ( 1 )
09:10:22.0461 0x0140  Detect skipped due to KSN trusted
09:10:22.0461 0x0140  WANARP - ok
09:10:22.0507 0x0140  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:10:22.0507 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
09:10:22.0507 0x0140  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
09:10:22.0507 0x0140  Detect skipped due to KSN trusted
09:10:22.0507 0x0140  Wanarpv6 - ok
09:10:22.0601 0x0140  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:10:22.0663 0x0140  wbengine - ok
09:10:22.0695 0x0140  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:10:22.0710 0x0140  WbioSrvc - ok
09:10:22.0741 0x0140  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
09:10:22.0757 0x0140  wcncsvc - ok
09:10:22.0773 0x0140  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:10:22.0773 0x0140  WcsPlugInService - ok
09:10:22.0804 0x0140  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:10:22.0804 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
09:10:22.0804 0x0140  Wd - detected LockedFile.Multi.Generic ( 1 )
09:10:25.0612 0x0140  Detect skipped due to KSN trusted
09:10:25.0612 0x0140  Wd - ok
09:10:25.0721 0x0140  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:10:25.0721 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
09:10:25.0721 0x0140  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
09:10:28.0467 0x0140  Detect skipped due to KSN trusted
09:10:28.0467 0x0140  Wdf01000 - ok
09:10:28.0529 0x0140  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:10:28.0529 0x0140  WdiServiceHost - ok
09:10:28.0545 0x0140  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost  C:\Windows\system32\wdi.dll
09:10:28.0545 0x0140  WdiSystemHost - ok
09:10:28.0607 0x0140  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\Windows\System32\webclnt.dll
09:10:28.0607 0x0140  WebClient - ok
09:10:28.0638 0x0140  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:10:28.0638 0x0140  Wecsvc - ok
09:10:28.0654 0x0140  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
09:10:28.0654 0x0140  wercplsupport - ok
09:10:28.0685 0x0140  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:10:28.0685 0x0140  WerSvc - ok
09:10:28.0716 0x0140  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:10:28.0716 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
09:10:28.0732 0x0140  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
09:10:31.0540 0x0140  Detect skipped due to KSN trusted
09:10:31.0540 0x0140  WfpLwf - ok
09:10:31.0571 0x0140  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:10:31.0571 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
09:10:31.0571 0x0140  WIMMount - detected LockedFile.Multi.Generic ( 1 )
09:10:34.0348 0x0140  Detect skipped due to KSN trusted
09:10:34.0348 0x0140  WIMMount - ok
09:10:34.0410 0x0140  WinDefend - ok
09:10:34.0426 0x0140  WinHttpAutoProxySvc - ok
09:10:34.0473 0x0140  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
09:10:34.0488 0x0140  Winmgmt - ok
09:10:34.0613 0x0140  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM          C:\Windows\system32\WsmSvc.dll
09:10:34.0675 0x0140  WinRM - ok
09:10:34.0753 0x0140  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:10:34.0753 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
09:10:34.0769 0x0140  WinUsb - detected LockedFile.Multi.Generic ( 1 )
09:10:37.0624 0x0140  Detect skipped due to KSN trusted
09:10:37.0624 0x0140  WinUsb - ok
09:10:37.0733 0x0140  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\Windows\System32\wlansvc.dll
09:10:37.0749 0x0140  Wlansvc - ok
09:10:37.0889 0x0140  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:10:37.0936 0x0140  wlidsvc - ok
09:10:37.0983 0x0140  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
09:10:37.0983 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
09:10:37.0983 0x0140  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
09:10:40.0806 0x0140  Detect skipped due to KSN trusted
09:10:40.0806 0x0140  WmiAcpi - ok
09:10:40.0884 0x0140  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:10:40.0884 0x0140  wmiApSrv - ok
09:10:40.0947 0x0140  WMPNetworkSvc - ok
09:10:40.0993 0x0140  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:10:40.0993 0x0140  WPCSvc - ok
09:10:41.0040 0x0140  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:10:41.0040 0x0140  WPDBusEnum - ok
09:10:41.0087 0x0140  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
09:10:41.0087 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
09:10:41.0087 0x0140  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
09:10:43.0911 0x0140  Detect skipped due to KSN trusted
09:10:43.0911 0x0140  ws2ifsl - ok
09:10:43.0973 0x0140  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
09:10:43.0989 0x0140  wscsvc - ok
09:10:44.0035 0x0140  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
09:10:44.0035 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 8D918B1DB190A4D9B1753A66FA8C96E8, sha256: DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE
09:10:44.0035 0x0140  WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
09:10:46.0859 0x0140  Detect skipped due to KSN trusted
09:10:46.0859 0x0140  WSDPrintDevice - ok
09:10:46.0859 0x0140  WSearch - ok
09:10:46.0999 0x0140  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:10:47.0109 0x0140  wuauserv - ok
09:10:47.0140 0x0140  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:10:47.0140 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6
09:10:47.0140 0x0140  WudfPf - detected LockedFile.Multi.Generic ( 1 )
09:10:49.0885 0x0140  Detect skipped due to KSN trusted
09:10:49.0885 0x0140  WudfPf - ok
09:10:49.0963 0x0140  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:10:49.0963 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978
09:10:49.0963 0x0140  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
09:10:52.0787 0x0140  Detect skipped due to KSN trusted
09:10:52.0787 0x0140  WUDFRd - ok
09:10:52.0849 0x0140  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
09:10:52.0865 0x0140  wudfsvc - ok
09:10:52.0896 0x0140  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\Windows\System32\wwansvc.dll
09:10:52.0912 0x0140  WwanSvc - ok
09:10:52.0959 0x0140  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
09:10:52.0959 0x0140  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\xusb21.sys. md5: 9176C0822FAA649E45121875BE32F5D2, sha256: B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F
09:10:52.0959 0x0140  xusb21 - detected LockedFile.Multi.Generic ( 1 )
09:10:55.0720 0x0140  Detect skipped due to KSN trusted
09:10:55.0720 0x0140  xusb21 - ok
09:10:55.0829 0x0140  [ 6DB01688FDBF299F426EEB01DDEC684A, B183578E52662CAC6253E418B25BA1B9E4FF825485531C8749A130358D98A856 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
09:10:55.0845 0x0140  ZAtheros Wlan Agent - ok
09:10:55.0892 0x0140  ================ Scan global ===============================
09:10:55.0907 0x0140  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:10:55.0970 0x0140  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:10:56.0001 0x0140  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:10:56.0048 0x0140  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:10:56.0079 0x0140  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:10:56.0094 0x0140  [ Global ] - ok
09:10:56.0094 0x0140  ================ Scan MBR ==================================
09:10:56.0110 0x0140  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:10:56.0438 0x0140  \Device\Harddisk0\DR0 - ok
09:10:56.0453 0x0140  ================ Scan VBR ==================================
09:10:56.0453 0x0140  [ 0F52ECB401DEFCD7985FAE8A3CBE3646 ] \Device\Harddisk0\DR0\Partition1
09:10:56.0484 0x0140  \Device\Harddisk0\DR0\Partition1 - ok
09:10:56.0484 0x0140  [ 70EDB7B76CAB2518557095201DE0E05E ] \Device\Harddisk0\DR0\Partition2
09:10:56.0484 0x0140  \Device\Harddisk0\DR0\Partition2 - ok
09:10:56.0484 0x0140  ================ Scan generic autorun ======================
09:10:56.0874 0x0140  [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:10:57.0077 0x0140  RtHDVCpl - ok
09:10:57.0093 0x0140  ETDWare - ok
09:10:57.0202 0x0140  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
09:10:57.0218 0x0140  Acer ePower Management - ok
09:10:57.0249 0x0140  [ 9ECF375A6E4E74D056F4B54E76D58721, 29C89504C369CC40BC6BEDE965F52736CB01FA70644059392C912FFB35C4ED0A ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
09:10:57.0264 0x0140  IAStorIcon - ok
09:10:57.0342 0x0140  [ 5A5BF95C7410E96E04C57B06232E9965, 942CBC854CC7A729AAADE2C4E96CA20EF488701F4FA200D0FC8CEF3D35E90EF1 ] C:\Program Files (x86)\Launch Manager\LManager.exe
09:10:57.0358 0x0140  LManager - ok
09:10:57.0420 0x0140  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
09:10:57.0420 0x0140  Adobe Reader Speed Launcher - ok
09:10:57.0639 0x0140  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
09:10:57.0654 0x0140  avgnt - ok
09:10:57.0795 0x0140  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
09:10:57.0826 0x0140  Sidebar - ok
09:10:57.0826 0x0140  Waiting for KSN requests completion. In queue: 10
09:10:58.0840 0x0140  Waiting for KSN requests completion. In queue: 8
09:10:59.0854 0x0140  Waiting for KSN requests completion. In queue: 8
09:11:00.0868 0x0140  Waiting for KSN requests completion. In queue: 8
09:11:01.0976 0x0140  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x40000 ( disabled : updated )
09:11:01.0976 0x0140  Win FW state via NFP2: enabled
09:11:04.0737 0x0140  ============================================================
09:11:04.0737 0x0140  Scan finished
09:11:04.0737 0x0140  ============================================================
09:11:04.0737 0x0eec  Detected object count: 1
09:11:04.0737 0x0eec  Actual detected object count: 1
09:17:32.0950 0x0eec  C:\Windows\System32\Drivers\508286c0aae35d85.sys - copied to quarantine
09:17:32.0966 0x0eec  HKLM\SYSTEM\ControlSet001\services\508286c0aae35d85 - will be deleted on reboot
09:17:33.0013 0x0eec  HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85 - will be deleted on reboot
09:17:33.0200 0x0eec  C:\Windows\System32\Drivers\508286c0aae35d85.sys - will be deleted on reboot
09:17:33.0200 0x0eec  508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
09:17:33.0294 0x0eec  KLMD registered as C:\Windows\system32\drivers\07327111.sys
Nach einem erneuten Reboot und der Entfernung des Testmodus, der nach dem letzten Benutzen des TSSKillers entstanden ist, geht nun AntiVir, der Windows Defender und neue Windows Updates werden geladen...

Gibt es noch was zu checken, kann ich das System jetzt weiterhin benutzen? Was war den los?

Vielen Dank bis jetzt schon mal :)

schrauber 27.08.2014 09:58
Bitte nochmal nen frischen Scan mit FRST und TDSSKiller machen und beide Logs posten.

VChecker1992 27.08.2014 12:14
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01
Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 27-08-2014 12:43:18
Running from C:\Users\Acer Aspire 5742G\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]
CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]
CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 12:43 - 2014-08-27 12:45 - 00013092 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-26 09:56 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-26 09:56 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-26 09:56 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-26 09:56 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-26 09:56 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-26 09:56 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-26 09:56 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-26 09:56 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-26 09:51 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-26 09:51 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-26 09:51 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-26 09:51 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-26 09:51 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-26 09:51 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-26 09:51 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-26 09:51 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-26 09:51 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-26 09:51 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-26 09:51 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-26 09:51 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-26 09:51 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-26 09:51 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-26 09:51 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-26 09:51 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-26 09:51 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-26 09:51 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-26 09:51 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-26 09:51 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-26 09:51 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-26 09:51 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-26 09:51 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-26 09:51 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-26 09:51 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-26 09:51 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-26 09:51 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-26 09:51 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-26 09:51 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-26 09:51 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-26 09:51 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-26 09:51 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-26 09:51 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-26 09:51 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-26 09:51 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-26 09:51 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-26 09:51 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-26 09:51 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-26 09:51 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-26 09:51 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-26 09:51 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-26 09:51 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-26 09:51 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-26 09:51 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-26 09:51 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-26 09:51 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-26 09:50 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-26 09:50 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-26 09:50 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-26 09:50 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-26 09:50 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-26 09:50 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-26 09:50 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-26 09:50 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-26 09:50 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-26 09:50 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-26 09:50 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-26 09:50 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-26 09:50 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-26 09:50 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-26 09:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-26 09:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-26 09:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-26 09:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-26 09:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-26 09:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-26 09:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-26 09:48 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-26 09:48 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-26 09:48 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-26 09:17 - 2014-08-26 09:17 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-24 17:58 - 2014-08-24 17:58 - 00000000 ____D () C:\Users\Acer Aspire 5742G\Downloads\69045d1408895836-win7-antivirensoftware-aktiviert-antivir-windowsdefender-tdsskiller.3.0.0.40_24.08.2014_17.38.32_log
2014-08-24 17:56 - 2014-08-24 17:56 - 00057638 _____ () C:\TDSSKiller.3.0.0.40_24.08.2014_17.38.32_log.zip
2014-08-24 17:36 - 2014-08-24 17:36 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Acer Aspire 5742G\Desktop\tdsskiller.exe
2014-08-24 15:26 - 2014-08-24 15:26 - 00854417 _____ () C:\Users\Acer Aspire 5742G\Desktop\SecurityCheck.exe
2014-08-24 13:50 - 2014-08-24 13:50 - 02347384 _____ (ESET) C:\Users\Acer Aspire 5742G\Desktop\esetsmartinstaller_deu.exe
2014-08-24 13:34 - 2014-08-27 12:43 - 00000000 ____D () C:\FRST
2014-08-24 13:33 - 2014-08-24 13:34 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 13:19 - 2014-08-24 13:21 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe
2014-08-24 13:05 - 2014-08-24 13:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 13:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 13:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt
2014-08-24 09:00 - 2014-08-24 09:17 - 00000000 ____D () C:\Qoobox
2014-08-24 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-24 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-24 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-24 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-24 08:59 - 2014-08-24 09:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat
2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:02 - 2014-08-27 09:15 - 00231935 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 15:55 - 2014-08-27 12:41 - 00004256 _____ () C:\Windows\setupact.log
2014-08-01 15:55 - 2014-08-24 15:32 - 00454092 _____ () C:\Windows\PFRO.log
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 12:45 - 2014-08-27 12:43 - 00013092 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt
2014-08-27 12:45 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 12:43 - 2014-08-24 13:34 - 00000000 ____D () C:\FRST
2014-08-27 12:42 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-27 12:41 - 2014-08-01 15:55 - 00004256 _____ () C:\Windows\setupact.log
2014-08-27 12:41 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 12:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 09:15 - 2014-08-01 16:02 - 00231935 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 08:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 08:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 08:47 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 21:21 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job
2014-08-26 20:21 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job
2014-08-26 19:32 - 2013-10-05 14:15 - 00002427 _____ () C:\Users\Acer Aspire 5742G\Desktop\Google Chrome.lnk
2014-08-26 16:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-26 13:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-26 10:14 - 2011-08-22 20:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-26 10:06 - 2013-08-10 15:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-26 10:02 - 2011-08-22 16:44 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-26 09:17 - 2014-08-26 09:17 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-24 17:58 - 2014-08-24 17:58 - 00000000 ____D () C:\Users\Acer Aspire 5742G\Downloads\69045d1408895836-win7-antivirensoftware-aktiviert-antivir-windowsdefender-tdsskiller.3.0.0.40_24.08.2014_17.38.32_log
2014-08-24 17:56 - 2014-08-24 17:56 - 00057638 _____ () C:\TDSSKiller.3.0.0.40_24.08.2014_17.38.32_log.zip
2014-08-24 17:36 - 2014-08-24 17:36 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Acer Aspire 5742G\Desktop\tdsskiller.exe
2014-08-24 15:32 - 2014-08-01 15:55 - 00454092 _____ () C:\Windows\PFRO.log
2014-08-24 15:26 - 2014-08-24 15:26 - 00854417 _____ () C:\Users\Acer Aspire 5742G\Desktop\SecurityCheck.exe
2014-08-24 13:50 - 2014-08-24 13:50 - 02347384 _____ (ESET) C:\Users\Acer Aspire 5742G\Desktop\esetsmartinstaller_deu.exe
2014-08-24 13:38 - 2014-08-24 13:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:34 - 2014-08-24 13:33 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 13:21 - 2014-08-24 13:19 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe
2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt
2014-08-24 09:17 - 2014-08-24 09:00 - 00000000 ____D () C:\Qoobox
2014-08-24 09:12 - 2014-08-24 08:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-24 09:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-23 16:47 - 2013-05-01 15:29 - 00000971 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1  Fußball  Bundesliga  2. Bundesliga  Formel 1  US-Sport  Handball  Basketball  MotoGP.url
2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira
2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++
2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4}
2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect
2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-08-05 09:20 - 2011-08-24 17:15 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable
2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G
2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe
2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 01:41 - 2014-08-26 09:51 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-26 09:51 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe
C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-26 15:58

==================== End Of Log ============================
--- --- ---


Addition.txt Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 01
Ran by Acer Aspire 5742G at 2014-08-27 12:45:41
Running from C:\Users\Acer Aspire 5742G\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

05-08-2014 12:55:01 Installiert Qualcomm Atheros Fast Reconnect
05-08-2014 13:38:25 Removed Java SE Development Kit 7 Update 9 (64-bit)
05-08-2014 13:39:49 Removed Java 7 Update 9 (64-bit)
05-08-2014 13:41:03 Removed Java(TM) SE Development Kit 6 Update 37 (64-bit)
05-08-2014 13:42:26 Removed Java(TM) 6 Update 37 (64-bit)
05-08-2014 13:44:29 Windows Live Essentials
05-08-2014 13:45:25 WLSetup
05-08-2014 13:47:15 Removed Acrobat.com
24-08-2014 07:00:29 ComboFix created restore point
26-08-2014 07:55:32 Windows Update
26-08-2014 12:20:15 Windows-Sicherung
26-08-2014 12:21:36 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-24 09:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.)
Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {A8E31903-658C-49AD-90BD-F2B59EDF88AF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-08-26 14:15 - 2014-08-26 14:15 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00601247.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21229293.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31105553.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00601247.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21229293.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31105553.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: nlsvc => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: Virtual Router => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2014 07:11:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0xf04
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (08/26/2014 10:14:19 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (08/26/2014 09:16:26 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "Acer (C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Zugriff verweigert (0x80070005)

Error: (08/26/2014 09:02:45 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (08/24/2014 03:23:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/24/2014 01:51:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/24/2014 01:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/24/2014 01:50:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/27/2014 00:42:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCLEPCI

Error: (08/27/2014 00:40:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\pclepci.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/27/2014 08:43:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCLEPCI

Error: (08/27/2014 08:42:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\pclepci.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/27/2014 06:55:10 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/27/2014 06:55:10 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/27/2014 06:55:09 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/27/2014 06:44:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCLEPCI

Error: (08/27/2014 06:43:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\pclepci.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/26/2014 07:33:36 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-24 09:10:58.556
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 09:10:58.369
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-27 10:32:05.772
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\8809c2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-27 10:32:05.554
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\8809c2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 3958.71 MB
Available physical RAM: 2484.98 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6233.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:186.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

VChecker1992 27.08.2014 12:14
TDSSKILLER Logfile:
Code:
12:46:53.0555 0x0dc4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:46:56.0800 0x0dc4  ============================================================
12:46:56.0800 0x0dc4  Current date / time: 2014/08/27 12:46:56.0800
12:46:56.0800 0x0dc4  SystemInfo:
12:46:56.0800 0x0dc4 
12:46:56.0800 0x0dc4  OS Version: 6.1.7601 ServicePack: 1.0
12:46:56.0800 0x0dc4  Product type: Workstation
12:46:56.0800 0x0dc4  ComputerName: ACERASPIRE5742G
12:46:56.0800 0x0dc4  UserName: Acer Aspire 5742G
12:46:56.0800 0x0dc4  Windows directory: C:\Windows
12:46:56.0800 0x0dc4  System windows directory: C:\Windows
12:46:56.0800 0x0dc4  Running under WOW64
12:46:56.0800 0x0dc4  Processor architecture: Intel x64
12:46:56.0800 0x0dc4  Number of processors: 4
12:46:56.0800 0x0dc4  Page size: 0x1000
12:46:56.0800 0x0dc4  Boot type: Normal boot
12:46:56.0800 0x0dc4  ============================================================
12:46:59.0171 0x0dc4  KLMD registered as C:\Windows\system32\drivers\47008995.sys
12:46:59.0639 0x0dc4  System UUID: {BFAF0882-7AD8-0E87-6045-A8C288D53868}
12:47:00.0388 0x0dc4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:47:00.0419 0x0dc4  ============================================================
12:47:00.0419 0x0dc4  \Device\Harddisk0\DR0:
12:47:00.0419 0x0dc4  MBR partitions:
12:47:00.0419 0x0dc4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
12:47:00.0419 0x0dc4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
12:47:00.0419 0x0dc4  ============================================================
12:47:00.0466 0x0dc4  C: <-> \Device\Harddisk0\DR0\Partition2
12:47:00.0466 0x0dc4  ============================================================
12:47:00.0466 0x0dc4  Initialize success
12:47:00.0466 0x0dc4  ============================================================
12:47:08.0625 0x11fc  ============================================================
12:47:08.0640 0x11fc  Scan started
12:47:08.0640 0x11fc  Mode: Manual; SigCheck; TDLFS;
12:47:08.0640 0x11fc  ============================================================
12:47:08.0640 0x11fc  KSN ping started
12:47:11.0417 0x11fc  KSN ping finished: true
12:47:12.0587 0x11fc  ================ Scan system memory ========================
12:47:12.0587 0x11fc  System memory - ok
12:47:12.0587 0x11fc  ================ Scan services =============================
12:47:12.0946 0x11fc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:47:13.0055 0x11fc  1394ohci - ok
12:47:13.0149 0x11fc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:47:13.0180 0x11fc  ACPI - ok
12:47:13.0258 0x11fc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
12:47:13.0320 0x11fc  AcpiPmi - ok
12:47:13.0648 0x11fc  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:47:13.0679 0x11fc  AdobeFlashPlayerUpdateSvc - ok
12:47:13.0804 0x11fc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
12:47:13.0851 0x11fc  adp94xx - ok
12:47:13.0913 0x11fc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
12:47:13.0960 0x11fc  adpahci - ok
12:47:14.0007 0x11fc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
12:47:14.0022 0x11fc  adpu320 - ok
12:47:14.0053 0x11fc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
12:47:14.0116 0x11fc  AeLookupSvc - ok
12:47:14.0209 0x11fc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\Windows\system32\drivers\afd.sys
12:47:14.0256 0x11fc  AFD - ok
12:47:14.0303 0x11fc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:47:14.0334 0x11fc  agp440 - ok
12:47:14.0412 0x11fc  [ 44F360B65C37A42EB5B71C2E5179FDD5, A7E65515FEE1698C96F647111F5C7D009C5FAC9A1F62D027802861A699AF1F93 ] aksdf          C:\Windows\system32\drivers\aksdf.sys
12:47:14.0443 0x11fc  aksdf - ok
12:47:14.0506 0x11fc  [ 43415AF4F20E9867974623840A22FE98, 6AA2B5C000D984D21AC75A0BE48D359C24EDEB6343A9B507C299ECDA5DEAD367 ] aksfridge      C:\Windows\system32\drivers\aksfridge.sys
12:47:14.0537 0x11fc  aksfridge - ok
12:47:14.0584 0x11fc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
12:47:14.0615 0x11fc  ALG - ok
12:47:14.0693 0x11fc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:47:14.0724 0x11fc  aliide - ok
12:47:14.0787 0x11fc  [ F687D4976EFF550FB0BE45A5CB19F18F, 96AEFAB5B1960DFBFB9F1C74A1C2A03E765B7807985A75D6689E00EE6C23BE34 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:47:14.0849 0x11fc  AMD External Events Utility - ok
12:47:14.0911 0x11fc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:47:14.0927 0x11fc  amdide - ok
12:47:14.0974 0x11fc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
12:47:15.0005 0x11fc  AmdK8 - ok
12:47:15.0333 0x11fc  [ 74687C33C4AD25A975BBB1EA1E8B3884, 30A53DF35C013DFE28C6FC200E93ABCA47BDE9104215ABC9E14E435B9FDBE4E1 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:47:15.0551 0x11fc  amdkmdag - ok
12:47:15.0598 0x11fc  [ C7F56ED86327A78E7F8A5CC503A98BD6, 4DA79D45CCDC47380C67889F842454D18C5B140A71A7AF11A63206FF74C2E2B3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:47:15.0645 0x11fc  amdkmdap - ok
12:47:15.0707 0x11fc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:47:15.0738 0x11fc  AmdPPM - ok
12:47:15.0801 0x11fc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
12:47:15.0832 0x11fc  amdsata - ok
12:47:15.0910 0x11fc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:47:15.0941 0x11fc  amdsbs - ok
12:47:15.0988 0x11fc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
12:47:16.0003 0x11fc  amdxata - ok
12:47:16.0253 0x11fc  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:47:16.0269 0x11fc  AntiVirSchedulerService - ok
12:47:16.0347 0x11fc  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:47:16.0362 0x11fc  AntiVirService - ok
12:47:16.0549 0x11fc  [ 8275A6F8857CB98F72CBAF75770E9E10, B945A8937E95269A84C4B0EA0E202EE564B457E32DE239DCCDF9F14D9CC204C7 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:47:16.0612 0x11fc  AntiVirWebService - ok
12:47:16.0674 0x11fc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\Windows\system32\drivers\appid.sys
12:47:16.0861 0x11fc  AppID - ok
12:47:16.0893 0x11fc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:47:16.0955 0x11fc  AppIDSvc - ok
12:47:17.0017 0x11fc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
12:47:17.0049 0x11fc  Appinfo - ok
12:47:17.0095 0x11fc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\DRIVERS\arc.sys
12:47:17.0111 0x11fc  arc - ok
12:47:17.0142 0x11fc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:47:17.0173 0x11fc  arcsas - ok
12:47:17.0392 0x11fc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:47:17.0454 0x11fc  aspnet_state - ok
12:47:17.0517 0x11fc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:47:17.0548 0x11fc  AsyncMac - ok
12:47:17.0610 0x11fc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
12:47:17.0641 0x11fc  atapi - ok
12:47:17.0782 0x11fc  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:47:17.0844 0x11fc  athr - ok
12:47:17.0969 0x11fc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:47:18.0031 0x11fc  AudioEndpointBuilder - ok
12:47:18.0141 0x11fc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:47:18.0219 0x11fc  AudioSrv - ok
12:47:18.0343 0x11fc  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:47:18.0421 0x11fc  avgntflt - ok
12:47:18.0468 0x11fc  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:47:18.0499 0x11fc  avipbb - ok
12:47:18.0531 0x11fc  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:47:18.0546 0x11fc  avkmgr - ok
12:47:18.0609 0x11fc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:47:18.0655 0x11fc  AxInstSV - ok
12:47:18.0733 0x11fc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
12:47:18.0780 0x11fc  b06bdrv - ok
12:47:18.0921 0x11fc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:47:18.0967 0x11fc  b57nd60a - ok
12:47:19.0030 0x11fc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:47:19.0061 0x11fc  BDESVC - ok
12:47:19.0108 0x11fc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:47:19.0186 0x11fc  Beep - ok
12:47:19.0311 0x11fc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
12:47:19.0357 0x11fc  BFE - ok
12:47:19.0576 0x11fc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
12:47:19.0685 0x11fc  BITS - ok
12:47:19.0732 0x11fc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:47:19.0763 0x11fc  blbdrive - ok
12:47:19.0810 0x11fc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:47:19.0841 0x11fc  bowser - ok
12:47:19.0981 0x11fc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:47:20.0044 0x11fc  BrFiltLo - ok
12:47:20.0059 0x11fc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:47:20.0091 0x11fc  BrFiltUp - ok
12:47:20.0137 0x11fc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:47:20.0200 0x11fc  BridgeMP - ok
12:47:20.0278 0x11fc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
12:47:20.0325 0x11fc  Browser - ok
12:47:20.0418 0x11fc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
12:47:20.0465 0x11fc  Brserid - ok
12:47:20.0496 0x11fc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:47:20.0543 0x11fc  BrSerWdm - ok
12:47:20.0559 0x11fc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:47:20.0590 0x11fc  BrUsbMdm - ok
12:47:20.0590 0x11fc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:47:20.0605 0x11fc  BrUsbSer - ok
12:47:20.0621 0x11fc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:47:20.0637 0x11fc  BTHMODEM - ok
12:47:20.0715 0x11fc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
12:47:20.0793 0x11fc  bthserv - ok
12:47:20.0824 0x11fc  catchme - ok
12:47:20.0855 0x11fc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:47:20.0933 0x11fc  cdfs - ok
12:47:21.0042 0x11fc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
12:47:21.0073 0x11fc  cdrom - ok
12:47:21.0105 0x11fc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
12:47:21.0183 0x11fc  CertPropSvc - ok
12:47:21.0214 0x11fc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:47:21.0245 0x11fc  circlass - ok
12:47:21.0292 0x11fc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:47:21.0307 0x11fc  CLFS - ok
12:47:21.0479 0x11fc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:47:21.0526 0x11fc  clr_optimization_v2.0.50727_32 - ok
12:47:21.0573 0x11fc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:47:21.0604 0x11fc  clr_optimization_v2.0.50727_64 - ok
12:47:21.0822 0x11fc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:47:21.0994 0x11fc  clr_optimization_v4.0.30319_32 - ok
12:47:22.0056 0x11fc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:47:22.0134 0x11fc  clr_optimization_v4.0.30319_64 - ok
12:47:22.0165 0x11fc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:47:22.0197 0x11fc  CmBatt - ok
12:47:22.0243 0x11fc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:47:22.0259 0x11fc  cmdide - ok
12:47:22.0415 0x11fc  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG            C:\Windows\system32\Drivers\cng.sys
12:47:22.0446 0x11fc  CNG - ok
12:47:22.0493 0x11fc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:47:22.0524 0x11fc  Compbatt - ok
12:47:22.0587 0x11fc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:47:22.0618 0x11fc  CompositeBus - ok
12:47:22.0649 0x11fc  COMSysApp - ok
12:47:22.0696 0x11fc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
12:47:22.0711 0x11fc  crcdisk - ok
12:47:22.0805 0x11fc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:47:22.0836 0x11fc  CryptSvc - ok
12:47:22.0914 0x11fc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:47:23.0008 0x11fc  DcomLaunch - ok
12:47:23.0055 0x11fc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
12:47:23.0117 0x11fc  defragsvc - ok
12:47:23.0164 0x11fc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:47:23.0257 0x11fc  DfsC - ok
12:47:23.0320 0x11fc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:47:23.0367 0x11fc  Dhcp - ok
12:47:23.0413 0x11fc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:47:23.0507 0x11fc  discache - ok
12:47:23.0538 0x11fc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:47:23.0569 0x11fc  Disk - ok
12:47:23.0601 0x11fc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:47:23.0632 0x11fc  Dnscache - ok
12:47:23.0679 0x11fc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
12:47:23.0741 0x11fc  dot3svc - ok
12:47:23.0850 0x11fc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
12:47:23.0944 0x11fc  DPS - ok
12:47:23.0991 0x11fc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
12:47:24.0006 0x11fc  drmkaud - ok
12:47:24.0115 0x11fc  [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1, 3508547FCE3B6ACA34511BB2C50A375E3894EBFAC656B9D1C82EA8439EFD8846 ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:47:24.0147 0x11fc  DsiWMIService - ok
12:47:24.0209 0x11fc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
12:47:24.0256 0x11fc  DXGKrnl - ok
12:47:24.0303 0x11fc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
12:47:24.0396 0x11fc  EapHost - ok
12:47:24.0646 0x11fc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
12:47:24.0755 0x11fc  ebdrv - ok
12:47:24.0849 0x11fc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS            C:\Windows\System32\lsass.exe
12:47:24.0880 0x11fc  EFS - ok
12:47:25.0020 0x11fc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
12:47:25.0083 0x11fc  ehRecvr - ok
12:47:25.0114 0x11fc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
12:47:25.0129 0x11fc  ehSched - ok
12:47:25.0207 0x11fc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
12:47:25.0239 0x11fc  elxstor - ok
12:47:25.0410 0x11fc  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:47:25.0457 0x11fc  ePowerSvc - ok
12:47:25.0535 0x11fc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:47:25.0551 0x11fc  ErrDev - ok
12:47:25.0597 0x11fc  [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD            C:\Windows\system32\DRIVERS\ETD.sys
12:47:25.0629 0x11fc  ETD - ok
12:47:25.0831 0x11fc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
12:47:25.0925 0x11fc  EventSystem - ok
12:47:25.0972 0x11fc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
12:47:26.0019 0x11fc  exfat - ok
12:47:26.0034 0x11fc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
12:47:26.0081 0x11fc  fastfat - ok
12:47:26.0159 0x11fc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
12:47:26.0190 0x11fc  Fax - ok
12:47:26.0221 0x11fc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
12:47:26.0237 0x11fc  fdc - ok
12:47:26.0284 0x11fc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
12:47:26.0362 0x11fc  fdPHost - ok
12:47:26.0362 0x11fc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:47:26.0409 0x11fc  FDResPub - ok
12:47:26.0440 0x11fc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:47:26.0440 0x11fc  FileInfo - ok
12:47:26.0487 0x11fc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
12:47:26.0580 0x11fc  Filetrace - ok
12:47:26.0705 0x11fc  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:47:26.0736 0x11fc  FLEXnet Licensing Service - ok
12:47:26.0783 0x11fc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:26.0799 0x11fc  flpydisk - ok
12:47:26.0845 0x11fc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:47:26.0892 0x11fc  FltMgr - ok
12:47:27.0001 0x11fc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache      C:\Windows\system32\FntCache.dll
12:47:27.0048 0x11fc  FontCache - ok
12:47:27.0111 0x11fc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:47:27.0142 0x11fc  FontCache3.0.0.0 - ok
12:47:27.0220 0x11fc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
12:47:27.0251 0x11fc  FsDepends - ok
12:47:27.0360 0x11fc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:47:27.0391 0x11fc  Fs_Rec - ok
12:47:27.0454 0x11fc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:47:27.0485 0x11fc  fvevol - ok
12:47:27.0579 0x11fc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:47:27.0594 0x11fc  gagp30kx - ok
12:47:27.0703 0x11fc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
12:47:27.0781 0x11fc  gpsvc - ok
12:47:27.0875 0x11fc  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:47:27.0891 0x11fc  GREGService - ok
12:47:27.0969 0x11fc  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:47:27.0984 0x11fc  gupdate - ok
12:47:28.0031 0x11fc  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:47:28.0047 0x11fc  gupdatem - ok
12:47:28.0171 0x11fc  [ D619BA1712B83D14149850E758B835AD, AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
12:47:28.0203 0x11fc  hardlock - ok
12:47:28.0218 0x11fc  hasplms - ok
12:47:28.0265 0x11fc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:47:28.0281 0x11fc  hcw85cir - ok
12:47:28.0405 0x11fc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:47:28.0452 0x11fc  HdAudAddService - ok
12:47:28.0515 0x11fc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:47:28.0561 0x11fc  HDAudBus - ok
12:47:28.0593 0x11fc  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
12:47:28.0608 0x11fc  HECIx64 - ok
12:47:28.0639 0x11fc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
12:47:28.0671 0x11fc  HidBatt - ok
12:47:28.0702 0x11fc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:47:28.0733 0x11fc  HidBth - ok
12:47:28.0764 0x11fc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
12:47:28.0795 0x11fc  HidIr - ok
12:47:28.0842 0x11fc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\System32\hidserv.dll
12:47:28.0905 0x11fc  hidserv - ok
12:47:28.0967 0x11fc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:47:28.0998 0x11fc  HidUsb - ok
12:47:29.0045 0x11fc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:47:29.0107 0x11fc  hkmsvc - ok
12:47:29.0154 0x11fc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:47:29.0185 0x11fc  HomeGroupListener - ok
12:47:29.0248 0x11fc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:47:29.0279 0x11fc  HomeGroupProvider - ok
12:47:29.0310 0x11fc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:47:29.0341 0x11fc  HpSAMD - ok
12:47:29.0419 0x11fc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:47:29.0497 0x11fc  HTTP - ok
12:47:29.0560 0x11fc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:47:29.0575 0x11fc  hwpolicy - ok
12:47:29.0669 0x11fc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:47:29.0700 0x11fc  i8042prt - ok
12:47:29.0763 0x11fc  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:47:29.0778 0x11fc  iaStor - ok
12:47:29.0872 0x11fc  [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:47:29.0887 0x11fc  IAStorDataMgrSvc - ok
12:47:29.0965 0x11fc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
12:47:29.0997 0x11fc  iaStorV - ok
12:47:30.0059 0x11fc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:47:30.0090 0x11fc  idsvc - ok
12:47:30.0153 0x11fc  IEEtwCollectorService - ok
12:47:30.0168 0x11fc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
12:47:30.0199 0x11fc  iirsp - ok
12:47:30.0402 0x11fc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:47:30.0449 0x11fc  IKEEXT - ok
12:47:30.0667 0x11fc  [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:47:30.0745 0x11fc  IntcAzAudAddService - ok
12:47:30.0792 0x11fc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:47:30.0792 0x11fc  intelide - ok
12:47:30.0870 0x11fc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:47:30.0901 0x11fc  intelppm - ok
12:47:30.0995 0x11fc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
12:47:31.0057 0x11fc  IPBusEnum - ok
12:47:31.0120 0x11fc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:31.0213 0x11fc  IpFilterDriver - ok
12:47:31.0307 0x11fc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:47:31.0354 0x11fc  iphlpsvc - ok
12:47:31.0385 0x11fc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
12:47:31.0401 0x11fc  IPMIDRV - ok
12:47:31.0432 0x11fc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
12:47:31.0479 0x11fc  IPNAT - ok
12:47:31.0494 0x11fc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:47:31.0525 0x11fc  IRENUM - ok
12:47:31.0557 0x11fc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:47:31.0588 0x11fc  isapnp - ok
12:47:31.0728 0x11fc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:47:31.0759 0x11fc  iScsiPrt - ok
12:47:31.0837 0x11fc  [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
12:47:31.0853 0x11fc  k57nd60a - ok
12:47:31.0915 0x11fc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:47:31.0947 0x11fc  kbdclass - ok
12:47:32.0009 0x11fc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:47:32.0040 0x11fc  kbdhid - ok
12:47:32.0071 0x11fc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
12:47:32.0103 0x11fc  KeyIso - ok
12:47:32.0149 0x11fc  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:47:32.0165 0x11fc  KSecDD - ok
12:47:32.0196 0x11fc  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
12:47:32.0227 0x11fc  KSecPkg - ok
12:47:32.0274 0x11fc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
12:47:32.0337 0x11fc  ksthunk - ok
12:47:32.0399 0x11fc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
12:47:32.0461 0x11fc  KtmRm - ok
12:47:32.0539 0x11fc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:47:32.0633 0x11fc  LanmanServer - ok
12:47:32.0680 0x11fc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:47:32.0727 0x11fc  LanmanWorkstation - ok
12:47:32.0758 0x11fc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:47:32.0805 0x11fc  lltdio - ok
12:47:32.0836 0x11fc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
12:47:32.0914 0x11fc  lltdsvc - ok
12:47:32.0945 0x11fc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
12:47:32.0976 0x11fc  lmhosts - ok
12:47:33.0054 0x11fc  [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:47:33.0085 0x11fc  LMS - ok
12:47:33.0132 0x11fc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:47:33.0148 0x11fc  LSI_FC - ok
12:47:33.0163 0x11fc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
12:47:33.0195 0x11fc  LSI_SAS - ok
12:47:33.0210 0x11fc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:47:33.0226 0x11fc  LSI_SAS2 - ok
12:47:33.0241 0x11fc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:47:33.0257 0x11fc  LSI_SCSI - ok
12:47:33.0288 0x11fc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\Windows\system32\drivers\luafv.sys
12:47:33.0351 0x11fc  luafv - ok
12:47:33.0413 0x11fc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
12:47:33.0444 0x11fc  Mcx2Svc - ok
12:47:33.0475 0x11fc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
12:47:33.0491 0x11fc  megasas - ok
12:47:33.0569 0x11fc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:47:33.0616 0x11fc  MegaSR - ok
12:47:33.0694 0x11fc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
12:47:33.0772 0x11fc  MMCSS - ok
12:47:33.0819 0x11fc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\Windows\system32\drivers\modem.sys
12:47:33.0881 0x11fc  Modem - ok
12:47:33.0928 0x11fc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
12:47:33.0959 0x11fc  monitor - ok
12:47:34.0021 0x11fc  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
12:47:34.0053 0x11fc  MotioninJoyXFilter - ok
12:47:34.0099 0x11fc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:47:34.0131 0x11fc  mouclass - ok
12:47:34.0193 0x11fc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:47:34.0224 0x11fc  mouhid - ok
12:47:34.0271 0x11fc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:47:34.0302 0x11fc  mountmgr - ok
12:47:34.0349 0x11fc  [ 96AA8BA23142CC8E2B30F3CAE0C80254, C65380761373DAD16425211FBA0B4E15F260F79A1FF328B1314076D732EE6F0E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:47:34.0380 0x11fc  MozillaMaintenance - ok
12:47:34.0443 0x11fc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:47:34.0458 0x11fc  mpio - ok
12:47:34.0489 0x11fc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:47:34.0536 0x11fc  mpsdrv - ok
12:47:34.0630 0x11fc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:47:34.0723 0x11fc  MpsSvc - ok
12:47:34.0786 0x11fc  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:47:34.0817 0x11fc  MRxDAV - ok
12:47:34.0848 0x11fc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:34.0895 0x11fc  mrxsmb - ok
12:47:34.0926 0x11fc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:34.0957 0x11fc  mrxsmb10 - ok
12:47:35.0004 0x11fc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:35.0051 0x11fc  mrxsmb20 - ok
12:47:35.0082 0x11fc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:47:35.0098 0x11fc  msahci - ok
12:47:35.0176 0x11fc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
12:47:35.0223 0x11fc  msdsm - ok
12:47:35.0238 0x11fc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
12:47:35.0269 0x11fc  MSDTC - ok
12:47:35.0316 0x11fc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:47:35.0379 0x11fc  Msfs - ok
12:47:35.0394 0x11fc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
12:47:35.0441 0x11fc  mshidkmdf - ok
12:47:35.0472 0x11fc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:47:35.0488 0x11fc  msisadrv - ok
12:47:35.0535 0x11fc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
12:47:35.0613 0x11fc  MSiSCSI - ok
12:47:35.0628 0x11fc  msiserver - ok
12:47:35.0659 0x11fc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
12:47:35.0691 0x11fc  MSKSSRV - ok
12:47:35.0722 0x11fc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:35.0769 0x11fc  MSPCLOCK - ok
12:47:35.0784 0x11fc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
12:47:35.0831 0x11fc  MSPQM - ok
12:47:35.0862 0x11fc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
12:47:35.0909 0x11fc  MsRPC - ok
12:47:35.0971 0x11fc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:47:35.0987 0x11fc  mssmbios - ok
12:47:36.0034 0x11fc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
12:47:36.0081 0x11fc  MSTEE - ok
12:47:36.0096 0x11fc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:47:36.0112 0x11fc  MTConfig - ok
12:47:36.0143 0x11fc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\Windows\system32\Drivers\mup.sys
12:47:36.0159 0x11fc  Mup - ok
12:47:36.0252 0x11fc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:47:36.0346 0x11fc  napagent - ok
12:47:36.0424 0x11fc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
12:47:36.0471 0x11fc  NativeWifiP - ok
12:47:36.0549 0x11fc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:47:36.0595 0x11fc  NDIS - ok
12:47:36.0642 0x11fc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:36.0720 0x11fc  NdisCap - ok
12:47:36.0751 0x11fc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:36.0783 0x11fc  NdisTapi - ok
12:47:36.0814 0x11fc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:36.0861 0x11fc  Ndisuio - ok
12:47:36.0907 0x11fc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:36.0985 0x11fc  NdisWan - ok
12:47:37.0032 0x11fc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
12:47:37.0110 0x11fc  NDProxy - ok
12:47:37.0141 0x11fc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
12:47:37.0219 0x11fc  NetBIOS - ok
12:47:37.0282 0x11fc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
12:47:37.0360 0x11fc  NetBT - ok
12:47:37.0391 0x11fc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
12:47:37.0422 0x11fc  Netlogon - ok
12:47:37.0485 0x11fc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:47:37.0563 0x11fc  Netman - ok
12:47:37.0594 0x11fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:37.0672 0x11fc  NetMsmqActivator - ok
12:47:37.0703 0x11fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:37.0750 0x11fc  NetPipeActivator - ok
12:47:37.0797 0x11fc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:47:37.0859 0x11fc  netprofm - ok
12:47:37.0890 0x11fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:37.0921 0x11fc  NetTcpActivator - ok
12:47:37.0937 0x11fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:47:37.0953 0x11fc  NetTcpPortSharing - ok
12:47:37.0999 0x11fc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:38.0015 0x11fc  nfrd960 - ok
12:47:38.0031 0x11fc  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:47:38.0062 0x11fc  NlaSvc - ok
12:47:38.0093 0x11fc  NLNdisMP - ok
12:47:38.0109 0x11fc  NLNdisPT - ok
12:47:38.0140 0x11fc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:47:38.0218 0x11fc  Npfs - ok
12:47:38.0265 0x11fc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\Windows\system32\nsisvc.dll
12:47:38.0343 0x11fc  nsi - ok
12:47:38.0358 0x11fc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:47:38.0405 0x11fc  nsiproxy - ok
12:47:38.0577 0x11fc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:47:38.0701 0x11fc  Ntfs - ok
12:47:38.0779 0x11fc  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
12:47:38.0811 0x11fc  NTI IScheduleSvc - ok
12:47:38.0857 0x11fc  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
12:47:38.0873 0x11fc  NTIDrvr - ok
12:47:38.0904 0x11fc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:47:38.0967 0x11fc  Null - ok
12:47:39.0013 0x11fc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:47:39.0029 0x11fc  nvraid - ok
12:47:39.0060 0x11fc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:47:39.0076 0x11fc  nvstor - ok
12:47:39.0138 0x11fc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:47:39.0169 0x11fc  nv_agp - ok
12:47:39.0263 0x11fc  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:47:39.0310 0x11fc  odserv - ok
12:47:39.0341 0x11fc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:47:39.0372 0x11fc  ohci1394 - ok
12:47:39.0450 0x11fc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:39.0481 0x11fc  ose - ok
12:47:39.0544 0x11fc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:47:39.0575 0x11fc  p2pimsvc - ok
12:47:39.0669 0x11fc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:47:39.0731 0x11fc  p2psvc - ok
12:47:39.0778 0x11fc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
12:47:39.0825 0x11fc  Parport - ok
12:47:39.0856 0x11fc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
12:47:39.0887 0x11fc  partmgr - ok
12:47:39.0934 0x11fc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:47:39.0981 0x11fc  PcaSvc - ok
12:47:40.0027 0x11fc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\Windows\system32\drivers\pci.sys
12:47:40.0059 0x11fc  pci - ok
12:47:40.0137 0x11fc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:47:40.0168 0x11fc  pciide - ok
12:47:40.0199 0x11fc  PCLEPCI - ok
12:47:40.0246 0x11fc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:40.0277 0x11fc  pcmcia - ok
12:47:40.0293 0x11fc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
12:47:40.0308 0x11fc  pcw - ok
12:47:40.0355 0x11fc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:47:40.0433 0x11fc  PEAUTH - ok
12:47:40.0667 0x11fc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:47:40.0698 0x11fc  PerfHost - ok
12:47:40.0823 0x11fc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\Windows\system32\pla.dll
12:47:40.0917 0x11fc  pla - ok
12:47:40.0963 0x11fc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:47:40.0995 0x11fc  PlugPlay - ok
12:47:41.0026 0x11fc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
12:47:41.0041 0x11fc  PNRPAutoReg - ok
12:47:41.0057 0x11fc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
12:47:41.0073 0x11fc  PNRPsvc - ok
12:47:41.0135 0x11fc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
12:47:41.0213 0x11fc  PolicyAgent - ok
12:47:41.0244 0x11fc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\Windows\system32\umpo.dll
12:47:41.0322 0x11fc  Power - ok
12:47:41.0369 0x11fc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:47:41.0447 0x11fc  PptpMiniport - ok
12:47:41.0494 0x11fc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
12:47:41.0525 0x11fc  Processor - ok
12:47:41.0572 0x11fc  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc        C:\Windows\system32\profsvc.dll
12:47:41.0603 0x11fc  ProfSvc - ok
12:47:41.0619 0x11fc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:47:41.0650 0x11fc  ProtectedStorage - ok
12:47:41.0712 0x11fc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:47:41.0790 0x11fc  Psched - ok
12:47:41.0899 0x11fc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:47:41.0946 0x11fc  ql2300 - ok
12:47:41.0993 0x11fc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:42.0024 0x11fc  ql40xx - ok
12:47:42.0071 0x11fc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
12:47:42.0118 0x11fc  QWAVE - ok
12:47:42.0133 0x11fc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:47:42.0149 0x11fc  QWAVEdrv - ok
12:47:42.0196 0x11fc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:47:42.0243 0x11fc  RasAcd - ok
12:47:42.0289 0x11fc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:42.0336 0x11fc  RasAgileVpn - ok
12:47:42.0367 0x11fc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
12:47:42.0445 0x11fc  RasAuto - ok
12:47:42.0492 0x11fc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:42.0570 0x11fc  Rasl2tp - ok
12:47:42.0648 0x11fc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:47:42.0711 0x11fc  RasMan - ok
12:47:42.0757 0x11fc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:42.0820 0x11fc  RasPppoe - ok
12:47:42.0835 0x11fc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
12:47:42.0898 0x11fc  RasSstp - ok
12:47:42.0945 0x11fc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
12:47:43.0007 0x11fc  rdbss - ok
12:47:43.0038 0x11fc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:43.0054 0x11fc  rdpbus - ok
12:47:43.0085 0x11fc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:43.0132 0x11fc  RDPCDD - ok
12:47:43.0147 0x11fc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:47:43.0194 0x11fc  RDPENCDD - ok
12:47:43.0194 0x11fc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:47:43.0241 0x11fc  RDPREFMP - ok
12:47:43.0335 0x11fc  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:47:43.0350 0x11fc  RdpVideoMiniport - ok
12:47:43.0428 0x11fc  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
12:47:43.0475 0x11fc  RDPWD - ok
12:47:43.0600 0x11fc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:47:43.0631 0x11fc  rdyboost - ok
12:47:43.0678 0x11fc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:47:43.0740 0x11fc  RemoteAccess - ok
12:47:43.0818 0x11fc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:47:43.0896 0x11fc  RemoteRegistry - ok
12:47:43.0912 0x11fc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:47:43.0959 0x11fc  RpcEptMapper - ok
12:47:44.0005 0x11fc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:47:44.0037 0x11fc  RpcLocator - ok
12:47:44.0130 0x11fc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\Windows\system32\rpcss.dll
12:47:44.0208 0x11fc  RpcSs - ok
12:47:44.0255 0x11fc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:47:44.0333 0x11fc  rspndr - ok
12:47:44.0411 0x11fc  [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
12:47:44.0442 0x11fc  RSUSBSTOR - ok
12:47:44.0505 0x11fc  [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:47:44.0536 0x11fc  RTHDMIAzAudService - ok
12:47:44.0645 0x11fc  [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
12:47:44.0692 0x11fc  RTL8192su - ok
12:47:44.0723 0x11fc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs          C:\Windows\system32\lsass.exe
12:47:44.0754 0x11fc  SamSs - ok
12:47:44.0801 0x11fc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:47:44.0832 0x11fc  sbp2port - ok
12:47:44.0895 0x11fc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:47:44.0973 0x11fc  SCardSvr - ok
12:47:45.0004 0x11fc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:47:45.0035 0x11fc  scfilter - ok
12:47:45.0207 0x11fc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:47:45.0300 0x11fc  Schedule - ok
12:47:45.0331 0x11fc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\Windows\System32\certprop.dll
12:47:45.0363 0x11fc  SCPolicySvc - ok
12:47:45.0441 0x11fc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:47:45.0472 0x11fc  SDRSVC - ok
12:47:45.0519 0x11fc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:47:45.0581 0x11fc  secdrv - ok
12:47:45.0643 0x11fc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:47:45.0706 0x11fc  seclogon - ok
12:47:45.0753 0x11fc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
12:47:45.0831 0x11fc  SENS - ok
12:47:45.0846 0x11fc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:47:45.0877 0x11fc  SensrSvc - ok
12:47:45.0909 0x11fc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
12:47:45.0940 0x11fc  Serenum - ok
12:47:45.0955 0x11fc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:47:45.0987 0x11fc  Serial - ok
12:47:46.0033 0x11fc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:47:46.0065 0x11fc  sermouse - ok
12:47:46.0127 0x11fc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:47:46.0189 0x11fc  SessionEnv - ok
12:47:46.0252 0x11fc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
12:47:46.0267 0x11fc  sffdisk - ok
12:47:46.0283 0x11fc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:47:46.0314 0x11fc  sffp_mmc - ok
12:47:46.0330 0x11fc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
12:47:46.0345 0x11fc  sffp_sd - ok
12:47:46.0455 0x11fc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:46.0470 0x11fc  sfloppy - ok
12:47:46.0548 0x11fc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:47:46.0642 0x11fc  SharedAccess - ok
12:47:46.0751 0x11fc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:47:46.0845 0x11fc  ShellHWDetection - ok
12:47:46.0891 0x11fc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:46.0907 0x11fc  SiSRaid2 - ok
12:47:46.0938 0x11fc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:46.0969 0x11fc  SiSRaid4 - ok
12:47:47.0032 0x11fc  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
12:47:47.0063 0x11fc  SkypeUpdate - ok
12:47:47.0094 0x11fc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
12:47:47.0157 0x11fc  Smb - ok
12:47:47.0235 0x11fc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:47:47.0266 0x11fc  SNMPTRAP - ok
12:47:47.0297 0x11fc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
12:47:47.0313 0x11fc  spldr - ok
12:47:47.0406 0x11fc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\Windows\System32\spoolsv.exe
12:47:47.0453 0x11fc  Spooler - ok
12:47:47.0671 0x11fc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:47:47.0843 0x11fc  sppsvc - ok
12:47:47.0874 0x11fc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
12:47:47.0921 0x11fc  sppuinotify - ok
12:47:48.0077 0x11fc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\Windows\system32\DRIVERS\srv.sys
12:47:48.0124 0x11fc  srv - ok
12:47:48.0280 0x11fc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:47:48.0311 0x11fc  srv2 - ok
12:47:48.0420 0x11fc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:47:48.0451 0x11fc  srvnet - ok
12:47:48.0561 0x11fc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
12:47:48.0639 0x11fc  SSDPSRV - ok
12:47:48.0654 0x11fc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
12:47:48.0701 0x11fc  SstpSvc - ok
12:47:48.0763 0x11fc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:47:48.0795 0x11fc  stexstor - ok
12:47:48.0982 0x11fc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:47:49.0029 0x11fc  stisvc - ok
12:47:49.0091 0x11fc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:47:49.0122 0x11fc  swenum - ok
12:47:49.0309 0x11fc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\Windows\System32\swprv.dll
12:47:49.0387 0x11fc  swprv - ok
12:47:49.0637 0x11fc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\Windows\system32\sysmain.dll
12:47:49.0746 0x11fc  SysMain - ok
12:47:49.0824 0x11fc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:47:49.0871 0x11fc  TabletInputService - ok
12:47:49.0980 0x11fc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\Windows\System32\tapisrv.dll
12:47:50.0027 0x11fc  TapiSrv - ok
12:47:50.0089 0x11fc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\Windows\System32\tbssvc.dll
12:47:50.0152 0x11fc  TBS - ok
12:47:50.0620 0x11fc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
12:47:50.0682 0x11fc  Tcpip - ok
12:47:50.0807 0x11fc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:47:50.0869 0x11fc  TCPIP6 - ok
12:47:50.0916 0x11fc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:47:50.0947 0x11fc  tcpipreg - ok
12:47:50.0994 0x11fc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:47:51.0010 0x11fc  TDPIPE - ok
12:47:51.0088 0x11fc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
12:47:51.0119 0x11fc  TDTCP - ok
12:47:51.0166 0x11fc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
12:47:51.0244 0x11fc  tdx - ok
12:47:51.0291 0x11fc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:47:51.0322 0x11fc  TermDD - ok
12:47:51.0525 0x11fc  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService    C:\Windows\System32\termsrv.dll
12:47:51.0618 0x11fc  TermService - ok
12:47:51.0665 0x11fc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:47:51.0712 0x11fc  Themes - ok
12:47:51.0790 0x11fc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
12:47:51.0883 0x11fc  THREADORDER - ok
12:47:51.0946 0x11fc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:47:52.0008 0x11fc  TrkWks - ok
12:47:52.0133 0x11fc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:47:52.0211 0x11fc  TrustedInstaller - ok
12:47:52.0273 0x11fc  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:52.0289 0x11fc  tssecsrv - ok
12:47:52.0336 0x11fc  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:47:52.0351 0x11fc  TsUsbFlt - ok
12:47:52.0414 0x11fc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:47:52.0492 0x11fc  tunnel - ok
12:47:52.0523 0x11fc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:47:52.0539 0x11fc  uagp35 - ok
12:47:52.0554 0x11fc  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
12:47:52.0570 0x11fc  UBHelper - ok
12:47:52.0710 0x11fc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:47:52.0788 0x11fc  udfs - ok
12:47:52.0835 0x11fc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
12:47:52.0866 0x11fc  UI0Detect - ok
12:47:52.0913 0x11fc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:47:52.0944 0x11fc  uliagpkx - ok
12:47:53.0007 0x11fc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
12:47:53.0038 0x11fc  umbus - ok
12:47:53.0100 0x11fc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:47:53.0116 0x11fc  UmPass - ok
12:47:53.0287 0x11fc  [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:47:53.0365 0x11fc  UNS - ok
12:47:53.0490 0x11fc  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:47:53.0521 0x11fc  Updater Service - ok
12:47:53.0584 0x11fc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:47:53.0646 0x11fc  upnphost - ok
12:47:53.0724 0x11fc  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:47:53.0755 0x11fc  usbaudio - ok
12:47:53.0771 0x11fc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:53.0802 0x11fc  usbccgp - ok
12:47:53.0849 0x11fc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:47:53.0880 0x11fc  usbcir - ok
12:47:53.0911 0x11fc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
12:47:53.0943 0x11fc  usbehci - ok
12:47:54.0005 0x11fc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:47:54.0036 0x11fc  usbhub - ok
12:47:54.0099 0x11fc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\Windows\system32\drivers\usbohci.sys
12:47:54.0114 0x11fc  usbohci - ok
12:47:54.0145 0x11fc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:47:54.0192 0x11fc  usbprint - ok
12:47:54.0223 0x11fc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:54.0255 0x11fc  USBSTOR - ok
12:47:54.0286 0x11fc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
12:47:54.0301 0x11fc  usbuhci - ok
12:47:54.0364 0x11fc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:47:54.0411 0x11fc  usbvideo - ok
12:47:54.0442 0x11fc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\Windows\System32\uxsms.dll
12:47:54.0504 0x11fc  UxSms - ok
12:47:54.0520 0x11fc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
12:47:54.0535 0x11fc  VaultSvc - ok
12:47:54.0598 0x11fc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:47:54.0629 0x11fc  vdrvroot - ok
12:47:54.0691 0x11fc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\Windows\System32\vds.exe
12:47:54.0754 0x11fc  vds - ok
12:47:54.0785 0x11fc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:54.0801 0x11fc  vga - ok
12:47:54.0847 0x11fc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
12:47:54.0894 0x11fc  VgaSave - ok
12:47:54.0972 0x11fc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
12:47:55.0003 0x11fc  vhdmp - ok
12:47:55.0050 0x11fc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:47:55.0081 0x11fc  viaide - ok
12:47:55.0128 0x11fc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:47:55.0159 0x11fc  volmgr - ok
12:47:55.0237 0x11fc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
12:47:55.0269 0x11fc  volmgrx - ok
12:47:55.0331 0x11fc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\Windows\system32\drivers\volsnap.sys
12:47:55.0378 0x11fc  volsnap - ok
12:47:55.0503 0x11fc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:55.0534 0x11fc  vsmraid - ok
12:47:55.0659 0x11fc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\Windows\system32\vssvc.exe
12:47:55.0752 0x11fc  VSS - ok
12:47:55.0799 0x11fc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:47:55.0830 0x11fc  vwifibus - ok
12:47:55.0846 0x11fc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:47:55.0877 0x11fc  vwififlt - ok
12:47:55.0924 0x11fc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
12:47:55.0955 0x11fc  vwifimp - ok
12:47:56.0002 0x11fc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\Windows\system32\w32time.dll
12:47:56.0064 0x11fc  W32Time - ok
12:47:56.0111 0x11fc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:47:56.0111 0x11fc  WacomPen - ok
12:47:56.0173 0x11fc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:47:56.0220 0x11fc  WANARP - ok
12:47:56.0220 0x11fc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:47:56.0267 0x11fc  Wanarpv6 - ok
12:47:56.0470 0x11fc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:47:56.0532 0x11fc  wbengine - ok
12:47:56.0595 0x11fc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:47:56.0657 0x11fc  WbioSrvc - ok
12:47:56.0704 0x11fc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
12:47:56.0751 0x11fc  wcncsvc - ok
12:47:56.0782 0x11fc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:47:56.0797 0x11fc  WcsPlugInService - ok
12:47:56.0844 0x11fc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:47:56.0860 0x11fc  Wd - ok
12:47:56.0969 0x11fc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:47:57.0000 0x11fc  Wdf01000 - ok
12:47:57.0031 0x11fc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:47:57.0063 0x11fc  WdiServiceHost - ok
12:47:57.0063 0x11fc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost  C:\Windows\system32\wdi.dll
12:47:57.0094 0x11fc  WdiSystemHost - ok
12:47:57.0141 0x11fc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\Windows\System32\webclnt.dll
12:47:57.0187 0x11fc  WebClient - ok
12:47:57.0250 0x11fc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:47:57.0328 0x11fc  Wecsvc - ok
12:47:57.0359 0x11fc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
12:47:57.0406 0x11fc  wercplsupport - ok
12:47:57.0437 0x11fc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:47:57.0484 0x11fc  WerSvc - ok
12:47:57.0562 0x11fc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:57.0609 0x11fc  WfpLwf - ok
12:47:57.0640 0x11fc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:47:57.0640 0x11fc  WIMMount - ok
12:47:57.0687 0x11fc  WinDefend - ok
12:47:57.0718 0x11fc  WinHttpAutoProxySvc - ok
12:47:57.0811 0x11fc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
12:47:57.0905 0x11fc  Winmgmt - ok
12:47:58.0077 0x11fc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM          C:\Windows\system32\WsmSvc.dll
12:47:58.0170 0x11fc  WinRM - ok
12:47:58.0248 0x11fc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:47:58.0295 0x11fc  WinUsb - ok
12:47:58.0373 0x11fc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\Windows\System32\wlansvc.dll
12:47:58.0420 0x11fc  Wlansvc - ok
12:47:58.0591 0x11fc  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:47:58.0669 0x11fc  wlidsvc - ok
12:47:58.0716 0x11fc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
12:47:58.0747 0x11fc  WmiAcpi - ok
12:47:58.0825 0x11fc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:47:58.0857 0x11fc  wmiApSrv - ok
12:47:58.0966 0x11fc  WMPNetworkSvc - ok
12:47:58.0997 0x11fc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:47:59.0028 0x11fc  WPCSvc - ok
12:47:59.0059 0x11fc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:47:59.0075 0x11fc  WPDBusEnum - ok
12:47:59.0122 0x11fc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
12:47:59.0184 0x11fc  ws2ifsl - ok
12:47:59.0247 0x11fc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
12:47:59.0278 0x11fc  wscsvc - ok
12:47:59.0325 0x11fc  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:47:59.0356 0x11fc  WSDPrintDevice - ok
12:47:59.0356 0x11fc  WSearch - ok
12:47:59.0668 0x11fc  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:47:59.0730 0x11fc  wuauserv - ok
12:47:59.0777 0x11fc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:47:59.0808 0x11fc  WudfPf - ok
12:47:59.0933 0x11fc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:59.0964 0x11fc  WUDFRd - ok
12:48:00.0011 0x11fc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
12:48:00.0042 0x11fc  wudfsvc - ok
12:48:00.0105 0x11fc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\Windows\System32\wwansvc.dll
12:48:00.0151 0x11fc  WwanSvc - ok
12:48:00.0198 0x11fc  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
12:48:00.0229 0x11fc  xusb21 - ok
12:48:00.0307 0x11fc  [ 6DB01688FDBF299F426EEB01DDEC684A, B183578E52662CAC6253E418B25BA1B9E4FF825485531C8749A130358D98A856 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
12:48:00.0323 0x11fc  ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )
12:48:03.0162 0x11fc  Detect skipped due to KSN trusted
12:48:03.0162 0x11fc  ZAtheros Wlan Agent - ok
12:48:03.0193 0x11fc  ================ Scan global ===============================
12:48:03.0209 0x11fc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:48:03.0256 0x11fc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:48:03.0287 0x11fc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:48:03.0334 0x11fc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:48:03.0412 0x11fc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:48:03.0427 0x11fc  [ Global ] - ok
12:48:03.0427 0x11fc  ================ Scan MBR ==================================
12:48:03.0459 0x11fc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:48:04.0083 0x11fc  \Device\Harddisk0\DR0 - ok
12:48:04.0083 0x11fc  ================ Scan VBR ==================================
12:48:04.0098 0x11fc  [ 0F52ECB401DEFCD7985FAE8A3CBE3646 ] \Device\Harddisk0\DR0\Partition1
12:48:04.0114 0x11fc  \Device\Harddisk0\DR0\Partition1 - ok
12:48:04.0145 0x11fc  [ 70EDB7B76CAB2518557095201DE0E05E ] \Device\Harddisk0\DR0\Partition2
12:48:04.0145 0x11fc  \Device\Harddisk0\DR0\Partition2 - ok
12:48:04.0145 0x11fc  ================ Scan generic autorun ======================
12:48:04.0551 0x11fc  [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:48:04.0925 0x11fc  RtHDVCpl - ok
12:48:04.0941 0x11fc  ETDWare - ok
12:48:05.0019 0x11fc  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
12:48:05.0050 0x11fc  Acer ePower Management - ok
12:48:05.0097 0x11fc  [ 9ECF375A6E4E74D056F4B54E76D58721, 29C89504C369CC40BC6BEDE965F52736CB01FA70644059392C912FFB35C4ED0A ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
12:48:05.0128 0x11fc  IAStorIcon - ok
12:48:05.0268 0x11fc  [ 5A5BF95C7410E96E04C57B06232E9965, 942CBC854CC7A729AAADE2C4E96CA20EF488701F4FA200D0FC8CEF3D35E90EF1 ] C:\Program Files (x86)\Launch Manager\LManager.exe
12:48:05.0362 0x11fc  LManager - ok
12:48:05.0455 0x11fc  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
12:48:05.0471 0x11fc  Adobe Reader Speed Launcher - ok
12:48:05.0627 0x11fc  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
12:48:05.0658 0x11fc  avgnt - ok
12:48:05.0892 0x11fc  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
12:48:06.0033 0x11fc  Sidebar - ok
12:48:06.0033 0x11fc  Waiting for KSN requests completion. In queue: 82
12:48:07.0047 0x11fc  Waiting for KSN requests completion. In queue: 7
12:48:08.0061 0x11fc  Waiting for KSN requests completion. In queue: 7
12:48:09.0137 0x11fc  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x40000 ( disabled : updated )
12:48:09.0153 0x11fc  Win FW state via NFP2: enabled
12:48:11.0945 0x11fc  ============================================================
12:48:11.0945 0x11fc  Scan finished
12:48:11.0945 0x11fc  ============================================================
12:48:11.0945 0x0b98  Detected object count: 0
12:48:11.0945 0x0b98  Actual detected object count: 0

schrauber 28.08.2014 07:34
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

VChecker1992 28.08.2014 11:34
Vielen Dank :)

Es hat alles so geklappt...

Danke für die Hinweise... Du kannst es aus deinen Abos löschen...

schrauber 29.08.2014 07:58
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:09 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130