Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren

seeufirst · 25.03.2014, 16:26

Hallo Zusammen,
anbei sende ich die Log-files des betroffenen Rechners. Leider kann ich auch diesen Rechner nicht einfach platt machen.
Ich habe auf dem Rechner aktuell keine Möglichkeit einen Antivirenscanner zu installieren. Bereits drei Varianten sind gescheitert, meißt im Update Bereich oder beim Starten benötigter Dienste.
Getestet habe ich: Trend Micro OfficeScan, FortiClient und Microsoft Security Essentials

Welche Registry Einträge könnten dazwischen hauen oder welche Dienste müssen laufen damit ich einen Antivirenscanner wieder installieren kann? Bzw. welche Dienste müsste man wie reparieren?

Vielen Dan im Voraus für eure Hilfe.

Gruß
seeufirst

schrauber · 25.03.2014, 16:41

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

seeufirst · 26.03.2014, 08:04

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by USERNAME (administrator) on 53MPRM1 on 25-03-2014 15:12:55
Running from M:\Personen\USERNAME\TrendMicro
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
( ) C:\Windows\system32\DKabcoms.exe
(DeviceVM, Inc.) D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Dell Inc.) c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Logitech, Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(DeviceVM, Inc.) D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files\SetPoint\x86\SetPoint32.exe
(DATEV eG) C:\Program Files (x86)\DATEV-SiPa-compact\DVcServ.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [391024 2010-05-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-14] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5107712 2009-11-30] (Dell Inc.)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [USCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-14] (Broadcom Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16414824 2010-04-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [95336 2010-04-16] (NVIDIA Corporation)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [DellBtrEvent] - D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe [147456 2009-08-25] (DeviceVM, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [413827 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DVCServ] - C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2298576 2013-11-20] (Trend Micro Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-04] (Google Inc.)
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-117609710-651377827-682003330-1178\...\Policies\Explorer: [NoWelcomeScreen] 1
Lsa: [Authentication Packages] msv1_0 wvauth
HKLM\...\AppCertDlls: [dkaberpt] -> C:\Windows\system32\msdthone.dll
HKLM\...\AppCertDlls: [netbetsh] -> C:\Windows\system32\msdthone64.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {B093B549-5216-4125-905D-C418CFD6081E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNSN_deDE391
SearchScopes: HKCU - 6693714A29DE47698E55CCD7CB90FA57 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2B7DE831-E220-4771-8EBB-AE6659121CA3} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {B093B549-5216-4125-905D-C418CFD6081E} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNSN_deDE391
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll (DATEV eG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751} https://194.180.32.6:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/setup.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://194.180.32.6:4343/officescan/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://194.180.32.6:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: HKLM-x32 {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.180.32.186 194.180.32.187

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe [89600 2010-01-14] (Andrea Electronics Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [515872 2009-12-10] (Dell Inc.)
R2 dkab_device; C:\Windows\system32\DKabcoms.exe [1055040 2010-08-03] ( )
R2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [603456 2010-08-03] ( )
R2 DvmMDES; D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe [327680 2009-08-03] (DeviceVM, Inc.)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
S2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3426432 2013-12-10] (Trend Micro Inc.)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe [244736 2010-01-14] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3468360 2013-11-16] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917016 2013-07-01] (Trend Micro Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4521472 2009-11-30] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

U5 35e788ab90485f7f; C:\Windows\System32\Drivers\35e788ab90485f7f.sys [78784 2014-03-21] () <===== ATTENTION Necurs Rootkit?
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-28] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] ()
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] ()
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] ()
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] ()
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2010-11-20] ()
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] ()
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2010-11-20] ()
R3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [304760 2010-05-13] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] ()
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] ()
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] ()
S3 atapi; C:\Windows\system32\drivers\atapi.sys [24128 2009-07-14] ()
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] ()
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] ()
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [22520 2009-11-30] ()
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [2978296 2009-11-30] ()
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] ()
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] ()
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] ()
S3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [41984 2009-07-14] ()
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] ()
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] ()
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2011-04-28] ()
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2011-04-28] ()
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [321576 2010-01-11] ()
S3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102440 2010-01-11] ()
S3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [135720 2010-01-11] ()
S3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2010-01-11] ()
S3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2010-01-11] ()
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] ()
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] ()
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] ()
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] ()
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] ()
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] ()
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] ()
R1 CSC; C:\Windows\System32\drivers\csc.sys [514560 2010-11-20] ()
S3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [172704 2009-06-15] ()
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [38440 2009-10-30] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] ()
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] ()
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] ()
R1 DVMIO; D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys [17496 2009-07-21] (DeviceVM, Inc.)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [294064 2009-12-10] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] ()
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] ()
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] ()
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] ()
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] ()
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] ()
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] ()
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] ()
S3 HECIx64; C:\Windows\system32\DRIVERS\HECIx64.sys [56344 2009-09-17] ()
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] ()
S3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-14] ()
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] ()
R3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [30208 2010-11-20] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] ()
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] ()
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [540696 2010-03-04] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2010-11-20] ()
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] ()
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [151936 2009-10-26] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] ()
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-20] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [29720 2010-07-28] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] ()
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] ()
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2009-10-08] ()
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [104576 2009-10-08] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2013-09-25] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154560 2013-09-25] ()
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] ()
R3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [55312 2009-04-22] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] ()
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [58384 2009-04-22] ()
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] ()
S4 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] ()
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [40976 2009-04-22] ()
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] ()
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] ()
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] ()
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-20] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] ()
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] ()
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] ()
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-20] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] ()
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] ()
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] ()
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] ()
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] ()
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] ()
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] ()
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
R3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [86120 2010-01-28] ()
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11720552 2010-04-17] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2010-11-20] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2010-11-20] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] ()
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] ()
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [32240 2008-06-04] ()
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [25600 2008-08-28] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] ()
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] ()
R0 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [220752 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] ()
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55280 2009-07-09] ()
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] ()
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] ()
R3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-20] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] ()
R3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] ()
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] ()
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [61952 2010-02-22] ()
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe64.sys [81408 2010-02-22] ()
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe64.sys [55808 2010-02-22] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] ()
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-20] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] ()
R3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] ()
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] ()
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] ()
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] ()
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] ()
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] ()
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [21040 2010-01-18] ()
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] ()
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [505856 2010-01-14] ()
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-20] ()
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-20] ()
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1910208 2013-07-06] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1910208 2013-07-06] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] ()
R3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] ()
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] ()
S2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] ()
R3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] ()
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] ()
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] ()
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] ()
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] ()
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] ()
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] ()
S3 usbser; C:\Windows\system32\drivers\usbser.sys [33280 2013-08-29] ()
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2010-11-20] ()
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] ()
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] ()
R0 vmbus; C:\Windows\System32\drivers\vmbus.sys [199552 2010-11-20] ()
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [194944 2010-11-20] ()
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [59392 2010-11-20] ()
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2010-11-20] ()
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [360832 2010-11-20] ()
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] ()
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] ()
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] ()
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] ()
R3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] ()
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] ()
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] ()
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] ()
S1 A2DDA; \??\F:\EEK\RUN\a2ddax64.sys [X]
S3 cleanhlp; \??\F:\EEK\Run\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 15:12 - 2014-03-25 15:12 - 00000000 ____D () C:\FRST
2014-03-25 14:57 - 2014-03-25 14:57 - 00577701 _____ () C:\53MPRM1_2014.03.25-1454.41_52AEB628-00A9-00CE-00A2-00C97232013E_17907.zip
2014-03-25 14:12 - 2014-03-25 14:12 - 00000036 _____ () C:\Users\USERNAME\AppData\Local\housecall.guid.cache
2014-03-24 17:29 - 2014-03-24 17:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix 2014
2014-03-24 16:28 - 2014-03-24 17:08 - 00002120 _____ () C:\FixitRegBackup.reg
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\Malwarebytes
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 00:49 - 2014-03-22 00:49 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-22 00:44 - 2014-03-22 00:49 - 00016817 _____ () C:\Windows\IE11_main.log
2014-03-21 18:51 - 2014-03-21 18:51 - 00078784 _____ () C:\Windows\system32\Drivers\35e788ab90485f7f.sys
2014-03-14 20:58 - 2014-03-14 20:58 - 00017622 _____ () C:\Users\USERNAME\AppData\Local\recently-used.xbel
2014-03-13 21:32 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-13 21:32 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-13 21:30 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 21:30 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 21:30 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-13 21:30 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-13 21:29 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-13 21:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-13 21:29 - 2013-08-29 02:29 - 00033280 _____ () C:\Windows\system32\Drivers\usbser.sys
2014-03-13 21:28 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-13 21:28 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-13 21:28 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-13 21:28 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-13 21:27 - 2013-09-28 02:09 - 00497152 _____ () C:\Windows\system32\Drivers\afd.sys
2014-03-13 21:26 - 2014-02-07 02:23 - 03156480 _____ () C:\Windows\system32\win32k.sys
2014-03-13 21:26 - 2013-10-04 03:16 - 00116736 _____ () C:\Windows\system32\Drivers\drmk.sys
2014-03-13 21:26 - 2013-10-04 02:36 - 00230400 _____ () C:\Windows\system32\Drivers\portcls.sys
2014-03-13 21:25 - 2013-09-25 03:26 - 00154560 _____ () C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-13 21:25 - 2013-09-25 03:26 - 00095680 _____ () C:\Windows\system32\Drivers\ksecdd.sys
2014-03-13 21:25 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-13 21:25 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-13 21:25 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-13 21:25 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-13 21:25 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-13 21:25 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-13 21:25 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-13 21:25 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-13 21:25 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-13 21:25 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-13 21:25 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-13 21:25 - 2013-07-04 13:18 - 00458712 _____ () C:\Windows\system32\Drivers\cng.sys
2014-03-13 21:25 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-13 21:25 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-13 21:25 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-13 21:25 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-13 21:25 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-03-13 21:25 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-03-13 21:25 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-03-13 21:25 - 2013-06-06 04:30 - 00368128 _____ () C:\Windows\system32\atmfd.dll
2014-03-13 21:25 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-13 21:25 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-13 21:24 - 2013-11-27 02:41 - 00343040 _____ () C:\Windows\system32\Drivers\usbhub.sys
2014-03-13 21:24 - 2013-11-27 02:41 - 00325120 _____ () C:\Windows\system32\Drivers\usbport.sys
2014-03-13 21:24 - 2013-11-27 02:41 - 00099840 _____ () C:\Windows\system32\Drivers\usbccgp.sys
2014-03-13 21:24 - 2013-11-27 02:41 - 00053248 _____ () C:\Windows\system32\Drivers\usbehci.sys
2014-03-13 21:24 - 2013-11-27 02:41 - 00030720 _____ () C:\Windows\system32\Drivers\usbuhci.sys
2014-03-13 21:24 - 2013-11-27 02:41 - 00025600 _____ () C:\Windows\system32\Drivers\usbohci.sys
2014-03-13 21:24 - 2013-11-27 02:41 - 00007808 _____ () C:\Windows\system32\Drivers\usbd.sys
2014-03-13 21:23 - 2013-08-02 03:23 - 05550528 _____ () C:\Windows\system32\ntoskrnl.exe
2014-03-13 21:23 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-13 21:23 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-13 21:23 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-13 21:23 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-13 21:23 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-13 21:23 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-13 21:23 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-13 21:23 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00043520 _____ () C:\Windows\system32\csrsrv.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-13 21:23 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-13 21:23 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-13 21:23 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-13 21:23 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-13 21:23 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-13 21:23 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-13 21:23 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-13 21:23 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-13 21:23 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-13 21:23 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-13 21:23 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-13 21:23 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-13 21:23 - 2013-06-25 23:55 - 00785624 _____ () C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-13 21:23 - 2012-11-28 23:56 - 00054376 _____ () C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-13 21:23 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-13 21:23 - 2012-11-28 23:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-03-13 21:22 - 2013-07-12 11:41 - 00185344 _____ () C:\Windows\system32\Drivers\usbvideo.sys
2014-03-13 21:22 - 2013-07-12 11:41 - 00100864 _____ () C:\Windows\system32\Drivers\usbcir.sys
2014-03-13 21:21 - 2013-07-03 05:40 - 00042496 _____ () C:\Windows\system32\Drivers\usbscan.sys
2014-03-13 21:21 - 2013-07-03 05:05 - 00076800 _____ () C:\Windows\system32\Drivers\hidclass.sys
2014-03-13 21:21 - 2013-07-03 05:05 - 00032896 _____ () C:\Windows\system32\Drivers\hidparse.sys
2014-03-13 21:20 - 2013-12-21 10:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 21:20 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 21:16 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-13 21:16 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-13 21:16 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-13 21:16 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-13 21:15 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 21:15 - 2014-02-23 09:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 21:15 - 2014-02-23 07:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 21:15 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 21:15 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 21:15 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 21:14 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 21:14 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 21:14 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 21:14 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 21:14 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 21:14 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 21:14 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 21:14 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 21:14 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 21:14 - 2014-02-23 06:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-13 21:14 - 2014-02-23 06:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-13 21:11 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 21:11 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 21:11 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-13 21:11 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-13 21:08 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-13 21:08 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-13 21:06 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-13 21:06 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-13 21:06 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-13 21:06 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-13 21:06 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-13 21:06 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-13 21:06 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-13 21:06 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-13 21:06 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-13 21:06 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-13 21:06 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-13 21:06 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-13 21:06 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-13 21:06 - 2013-08-01 13:09 - 00983488 _____ () C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-12 12:50 - 2014-03-25 15:03 - 00000021 _____ () C:\tmuninst.ini
2014-03-12 12:49 - 2014-03-25 15:11 - 00165604 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-03-12 12:48 - 2013-09-02 15:58 - 00175528 _____ () C:\Windows\system32\Drivers\tmcomm.sys
2014-03-12 12:48 - 2013-08-29 17:30 - 00085376 _____ () C:\Windows\system32\Drivers\tmactmon.sys
2014-03-12 12:47 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 12:47 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-12 12:47 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 12:47 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-08 21:16 - 2014-03-24 17:13 - 00003360 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-08 21:16 - 2014-03-24 17:13 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-08 21:16 - 2014-03-20 16:30 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\CrashDumps
2014-03-08 11:35 - 2014-03-25 15:09 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-08 11:35 - 2014-03-25 15:09 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-05 14:26 - 2014-03-05 14:26 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\pcvisit Software AG
2014-03-05 14:26 - 2014-03-05 14:26 - 00000000 ____D () C:\ProgramData\pcvisit Software AG
2014-03-05 14:08 - 2014-03-05 14:08 - 00001311 _____ () C:\Users\USERNAME\Desktop\Parity Cockpit.lnk

==================== One Month Modified Files and Folders =======

2014-03-25 15:12 - 2014-03-25 15:12 - 00000000 ____D () C:\FRST
2014-03-25 15:11 - 2014-03-12 12:49 - 00165604 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-03-25 15:11 - 2010-07-06 08:07 - 00122634 _____ () C:\Windows\system32\TmInstall.log
2014-03-25 15:09 - 2014-03-08 11:35 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-25 15:09 - 2014-03-08 11:35 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-25 15:09 - 2010-08-04 01:17 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-25 15:09 - 2010-07-05 11:11 - 00000216 _____ () C:\Windows\system32\config\netlogon.ftl
2014-03-25 15:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-25 15:09 - 2009-07-14 05:51 - 00164189 _____ () C:\Windows\setupact.log
2014-03-25 15:07 - 2010-06-25 13:53 - 00143134 _____ () C:\Windows\PFRO.log
2014-03-25 15:04 - 2010-07-05 12:44 - 00142791 _____ () C:\WebInstall.log
2014-03-25 15:03 - 2014-03-12 12:50 - 00000021 _____ () C:\tmuninst.ini
2014-03-25 15:03 - 2012-02-25 19:53 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-25 14:57 - 2014-03-25 14:57 - 00577701 _____ () C:\53MPRM1_2014.03.25-1454.41_52AEB628-00A9-00CE-00A2-00C97232013E_17907.zip
2014-03-25 14:41 - 2012-06-19 10:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 14:41 - 2010-08-04 01:17 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-25 14:12 - 2014-03-25 14:12 - 00000036 _____ () C:\Users\USERNAME\AppData\Local\housecall.guid.cache
2014-03-25 14:11 - 2011-10-12 15:38 - 00000000 ____D () C:\Program Files (x86)\DATEV-SiPa-compact
2014-03-25 13:26 - 2011-12-10 18:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\.oit
2014-03-24 19:51 - 2009-07-14 18:58 - 00684804 _____ () C:\Windows\system32\perfh007.dat
2014-03-24 19:51 - 2009-07-14 18:58 - 00138868 _____ () C:\Windows\system32\perfc007.dat
2014-03-24 19:51 - 2009-07-14 06:13 - 00820916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 19:21 - 2010-07-05 12:27 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-24 17:53 - 2009-07-14 05:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 17:53 - 2009-07-14 05:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 17:50 - 2009-07-14 06:10 - 01377659 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 17:39 - 2014-03-24 17:29 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix 2014
2014-03-24 17:32 - 2010-07-14 14:27 - 00000000 ____D () C:\Program Files\SetPoint
2014-03-24 17:29 - 2010-08-02 16:30 - 00000000 ____D () C:\tmp
2014-03-24 17:20 - 2012-02-25 21:00 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{86D6011B-9BE5-46DC-AFC0-83B9CAF77E4D}
2014-03-24 17:13 - 2014-03-08 21:16 - 00003360 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-24 17:13 - 2014-03-08 21:16 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178
2014-03-24 17:08 - 2014-03-24 16:28 - 00002120 _____ () C:\FixitRegBackup.reg
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\Users\USERNAME\AppData\Roaming\Malwarebytes
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 14:20 - 2010-07-05 12:56 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-24 11:54 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 16:35 - 2010-07-14 14:32 - 00000000 ____D () C:\Users\USERNAME
2014-03-22 00:49 - 2014-03-22 00:49 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-22 00:49 - 2014-03-22 00:44 - 00016817 _____ () C:\Windows\IE11_main.log
2014-03-21 18:51 - 2014-03-21 18:51 - 00078784 _____ () C:\Windows\system32\Drivers\35e788ab90485f7f.sys
2014-03-21 18:26 - 2011-06-16 11:00 - 00004721 _____ () C:\Windows\TMFilter.log
2014-03-21 12:22 - 2010-07-05 12:56 - 00009056 _____ () C:\Windows\cfgall.ini
2014-03-20 16:30 - 2014-03-08 21:16 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\CrashDumps
2014-03-14 23:02 - 2013-08-01 12:43 - 00002000 ____H () C:\Users\USERNAME\Documents\Default.rdp
2014-03-14 22:46 - 2013-05-18 18:44 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\Paint.NET
2014-03-14 20:58 - 2014-03-14 20:58 - 00017622 _____ () C:\Users\USERNAME\AppData\Local\recently-used.xbel
2014-03-14 20:58 - 2012-07-31 12:22 - 00000000 ____D () C:\Users\USERNAME\.gimp-2.8
2014-03-14 13:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-14 12:40 - 2009-07-14 05:45 - 00562416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 12:38 - 2012-09-27 16:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 12:38 - 2012-09-27 16:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:32 - 2010-07-05 12:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 18:20 - 2010-07-14 14:33 - 00000000 ___RD () C:\Users\USERNAME\Virtual Machines
2014-03-12 18:20 - 2010-07-14 14:33 - 00000000 ___RD () C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-12 18:20 - 2010-07-14 14:33 - 00000000 ___RD () C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-12 14:11 - 2012-11-05 18:31 - 00000000 ____D () C:\ProgramData\04D6E31BEABFED84000004D6DE4FF870
2014-03-12 13:41 - 2012-06-19 10:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 13:41 - 2012-04-08 12:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:41 - 2011-05-17 10:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:37 - 2013-11-21 20:00 - 00000376 _____ () C:\Users\USERNAME\Desktop\Privatkunden - Sparkasse Bielefeld.url
2014-03-07 01:46 - 2013-03-21 17:39 - 00000000 ____D () C:\PRIVAT2
2014-03-05 14:26 - 2014-03-05 14:26 - 00000000 ____D () C:\Users\USERNAME\AppData\Local\pcvisit Software AG
2014-03-05 14:26 - 2014-03-05 14:26 - 00000000 ____D () C:\ProgramData\pcvisit Software AG
2014-03-05 14:22 - 2010-07-15 16:02 - 00000362 _____ () C:\Windows\ODBC.INI
2014-03-05 14:17 - 2010-07-05 13:27 - 00000618 _____ () C:\Windows\ODBCINST.INI
2014-03-05 14:08 - 2014-03-05 14:08 - 00001311 _____ () C:\Users\USERNAME\Desktop\Parity Cockpit.lnk
2014-02-28 21:04 - 2010-06-11 16:49 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-02-27 18:12 - 2011-02-15 11:57 - 00000000 _____ () C:\ctapi_out_gr.txt
2014-02-23 09:13 - 2014-03-13 21:14 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 09:13 - 2014-03-13 21:14 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 09:13 - 2014-03-13 21:14 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 09:12 - 2014-03-13 21:15 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 09:12 - 2014-03-13 21:14 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 09:12 - 2014-03-13 21:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 09:11 - 2014-03-13 21:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 09:11 - 2014-03-13 21:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 07:54 - 2014-03-13 21:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 07:54 - 2014-03-13 21:14 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 07:53 - 2014-03-13 21:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-23 07:53 - 2014-03-13 21:15 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 07:53 - 2014-03-13 21:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 07:35 - 2014-03-13 21:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 07:31 - 2014-03-13 21:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 06:39 - 2014-03-13 21:14 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-23 06:35 - 2014-03-13 21:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\Users\USERNAME\MM26_GER.exe
C:\Users\USERNAME\SUPERsetup.exe


Some content of TEMP:
====================
C:\Users\desys\AppData\Local\Temp\atl80.dll
C:\Users\desys\AppData\Local\Temp\mfc80.dll
C:\Users\desys\AppData\Local\Temp\mfc80u.dll
C:\Users\desys\AppData\Local\Temp\mfcm80.dll
C:\Users\desys\AppData\Local\Temp\mfcm80u.dll
C:\Users\desys\AppData\Local\Temp\msvcm80.dll
C:\Users\desys\AppData\Local\Temp\msvcp80.dll
C:\Users\desys\AppData\Local\Temp\msvcr80.dll
C:\Users\desys\AppData\Local\Temp\TmDbg32.dll
C:\Users\desys\AppData\Local\Temp\TmDbg64.dll
C:\Users\USERNAME\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\USERNAME\AppData\Local\Temp\libnspr4.dll
C:\Users\USERNAME\AppData\Local\Temp\NV_Meet_Participant.exe
C:\Users\USERNAME\AppData\Local\Temp\rnsetup0.exe
C:\Users\USERNAME\AppData\Local\Temp\SCC.dll
C:\Users\USERNAME\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-04-04 11:29] - [2010-11-20 04:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-03-20 18:26

==================== End Of Log ============================

--- --- ---

--- --- ---

seeufirst · 26.03.2014, 08:05

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by USERNAME at 2014-03-25 15:13:12
Running from M:\Personen\USERNAME\TrendMicro
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro OfficeScan Virenschutz (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
3DVIA player 5.0.0.20 (HKLM-x32\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.00.12 - STMicroelectronics)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Any Video Converter 3.4.1 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.20.0000 - DATEV eG)
DB++ ODBC Treiber (HKLM-x32\...\{D42ADBF5-C2B6-445C-A411-4F55F5F296C5}) (Version: 8.11.31 - Parity-Software)
DCP64MMWrapper (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Dell Control Point 64 (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.455.70 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{87EBE6AA-E4AA-4F3B-975C-72575C660BE7}) (Version: 1.4.00000 - Dell Inc.)
Dell ControlVault Host Components Installer 64Bit (Version: 1.7.450.290 - Broadcom Corporation) Hidden
Dell Druckersoftware-Deinstallation (HKLM\...\Dell_HostCD) (Version:  - Dell, Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 02.05.00.067 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.205 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.06 - Creative Technology Ltd)
DESYS s4:manage Client 2.10.5 (HKLM-x32\...\{05657E3A-532F-4037-BDDC-11FC0AC413DC}) (Version: 2.10.5 - DESYS GmbH)
Driver Whiz (HKLM-x32\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.44 - Dell Inc.)
EMBASSY Security Center Lite (Version: 04.01.00.032 - Ihr Firmenname) Hidden
EMBASSY Security Center Lite (x32 Version:  - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.032 - Ihr Firmenname) Hidden
EMBASSY Security Setup (x32 Version:  - ) Hidden
EPSON BX620FWD Series Handbuch (HKLM-x32\...\EPSON BX620FWD Series Manual) (Version:  - )
EPSON BX620FWD Series Netzwerk-Handbuch (HKLM-x32\...\EPSON BX620FWD Series Network Guide) (Version:  - )
EPSON BX620FWD Series Printer Uninstall (HKLM\...\EPSON BX620FWD Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
ESC Home Page Plugin (Version: 04.01.00.004 - Ihr Firmenname) Hidden
ESC Home Page Plugin (x32 Version:  - ) Hidden
Free Video Flip and Rotate version 2.0.8.706 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.0.8.706 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 3.0.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.0.1 - Ellora Assets Corporation)
Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (HKLM\...\{EC8A40B2-096A-4EA4-B11A-167F87F293A7}) (Version: 1.0.1.29 - Apple Inc.)
Intel(R) Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Dell)
Intel(R) Network Connections 14.8.43.0 (Version: 14.8.43.0 - Dell) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
kobdfu x64x86 driver installation (x32 Version: 1.00.0000 - KOBIL Systems) Hidden
Luminance HDR 2.3.0 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Matrox VFW Software Codecs, build 1.0.0.31  (HKLM\...\Matrox VFW Software Codecs) (Version:  - Matrox Electronic Systems)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook-Minianwendungen für Windows SideShow (HKLM-x32\...\{3DCF21FE-A8CB-41DE-AEA3-D5FBEF108CD5}) (Version: 1.0.7252.0 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM\...\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}) (Version: 5.1.6 - MySQL AB)
Nokia Connectivity Cable Driver (HKLM-x32\...\{4216D328-0FE8-48B8-85B8-BD300E6F080F}) (Version: 7.1.36.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.60.0 - Nokia) Hidden
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.60.38 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12152 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.1.0.0 - NVIDIA Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Parity Client Setup (HKLM-x32\...\{83950F95-D3F4-4292-B328-9E08F7DA307B}) (Version: 3.01.00 - Parity-Software)
PC Connectivity Solution (HKLM-x32\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Preboot Manager (Version: 03.01.00.039 - Wave Systems Corp.) Hidden
Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Reader 2.0 (HKLM-x32\...\Reader2.0) (Version: 2.0.1.1038 - Dell Inc.)
Reader 2.0 (x32 Version: 2.0.1.1038 - Dell Inc.) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
RTE-2.0.4 (HKLM-x32\...\{C3CA146D-1864-49D6-AB5C-90FBBAABEFDC}) (Version: 2.0.4 - DESYS GmbH)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
SO64MMWrapper (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 (HKLM-x32\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.48 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
Trend Micro OfficeScan Client (HKLM-x32\...\OfficeScanNT) (Version: 10.6.5193 - Trend Micro Inc.)
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.65.21.0015 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.033 - Ihr Firmenname) Hidden
Wave Support Software (x32 Version:  - ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.3102 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
XMedia Recode Version 3.1.1.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.1.8 - XMedia Recode)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4C5F1BDC-E03D-4E1E-9DD5-44E128ED6588} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5713F1EE-3137-4BDD-8774-A7DE8F378FDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {59DAAD69-7C1F-4C95-BA90-995892E08116} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6875E15A-A44A-4F55-8FC9-45336362B0E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {739E79E2-593C-45E3-8AE0-C6942A749FB6} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-117609710-651377827-682003330-1178 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8DEEB03B-9CA9-476C-8503-905E88460F40} - System32\Tasks\Games\UpdateCheck_S-1-5-21-840816886-1622054621-3653470952-1000
Task: {8EC2BF07-A2AE-4162-982D-C63C9A01EEAC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9A114F3F-424F-4C35-9A6A-F202680A60DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04] (Google Inc.)
Task: {C074B309-6A94-40BA-99E1-193410C15E45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04] (Google Inc.)
Task: {C6B77ACB-AA7D-43BE-8781-9592388F38FC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DD8A755F-E654-44FF-953D-A8F662700A6B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-651377827-682003330-1178 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FEAC624E-9D61-4B06-89EE-D19DF0F85121} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-651377827-682003330-1178 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-13 21:23 - 2013-08-02 03:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-06-25 21:02 - 2009-11-30 13:32 - 00033280 _____ () C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
2009-10-01 08:08 - 2009-10-01 08:08 - 00015360 _____ () C:\Windows\System32\KOAZCA_L.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2010-06-25 21:02 - 2010-01-10 18:01 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2009-12-08 06:14 - 2009-12-08 06:14 - 06810728 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-01-08 23:00 - 2010-01-08 23:00 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-13 14:32 - 2009-11-13 14:32 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 19:29 - 2008-11-12 19:29 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll
2006-12-08 21:42 - 2008-12-09 23:46 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-08 21:41 - 2008-12-09 23:46 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2010-07-14 14:27 - 2009-05-26 16:53 - 00018960 _____ () C:\Program Files\SetPoint\khalwrapper.dll
2010-07-14 14:27 - 2009-05-26 03:00 - 00077824 _____ () C:\Program Files\SetPoint\x86\SetPoint32.exe
2014-03-12 12:15 - 2014-03-12 12:15 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2011-04-01 13:16 - 2011-04-01 13:16 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2010-06-25 13:54 - 2010-04-14 23:21 - 00402024 _____ () C:\Windows\System32\nvshell.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-10 18:19 - 2009-07-08 14:23 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll
2011-12-10 18:19 - 2009-12-04 17:21 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll
2011-12-10 18:19 - 2009-11-20 13:20 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll
2011-12-10 18:19 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll
2011-12-10 18:19 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll
2011-12-10 18:19 - 2009-12-08 10:51 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll
2011-12-10 18:19 - 2009-09-02 09:25 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\CategoryManager.dll
2011-12-10 18:19 - 2009-11-27 17:50 - 00135168 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll
2011-12-10 18:19 - 2009-12-18 19:10 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll
2011-12-10 18:19 - 2009-10-16 15:04 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll
2011-12-10 18:19 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll
2011-12-10 18:19 - 2009-12-18 16:12 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll
2011-12-10 18:19 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll
2011-12-10 18:19 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll
2011-12-10 18:19 - 2007-12-20 14:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\DocCate.dll
2011-12-10 18:19 - 2009-12-07 13:55 - 00253952 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll
2011-12-10 18:19 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-06-25 21:02 - 2010-03-04 02:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: DKab1err => C:\Program Files\Dell\Printer Software\ErrorApp\DKab1err.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 375 Bluetooth Module with AMP
Description: Dell Wireless 375 Bluetooth Module with AMP
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Trend Micro PreFilter
Description: Trend Micro PreFilter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: TmPreFilter
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Integrated Webcam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2014 03:10:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/25/2014 03:10:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/25/2014 02:50:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: attk_ScanCleanOnline_gui_x64.exe , Version: 1.61.0.1081, Zeitstempel: 0x4cc3574b
Name des fehlerhaften Moduls: VSAPI64.dll, Version: 9.750.0.1005, Zeitstempel: 0x51ee24a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002b557
ID des fehlerhaften Prozesses: 0x1704
Startzeit der fehlerhaften Anwendung: 0xattk_ScanCleanOnline_gui_x64.exe 0
Pfad der fehlerhaften Anwendung: attk_ScanCleanOnline_gui_x64.exe 1
Pfad des fehlerhaften Moduls: attk_ScanCleanOnline_gui_x64.exe 2
Berichtskennung: attk_ScanCleanOnline_gui_x64.exe 3

Error: (03/25/2014 01:27:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514

Error: (03/24/2014 07:50:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/24/2014 06:25:59 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{a71cbcd6-8058-11df-8342-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (03/24/2014 06:20:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/24/2014 06:19:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/24/2014 05:45:58 PM) (Source: Microsoft Security Client Setup) (User: DESYS)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (03/24/2014 05:15:21 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0xD0000022
6.1.7601.17514


System errors:
=============
Error: (03/25/2014 03:11:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro PreFilter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/25/2014 03:10:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro PreFilter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/25/2014 03:09:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro PreFilter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/25/2014 03:09:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro PreFilter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/25/2014 03:09:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/25/2014 03:09:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro PreFilter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/25/2014 03:07:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro PreFilter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (03/25/2014 03:07:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro TDI Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%5

Error: (03/25/2014 03:07:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro TDI Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%5

Error: (03/25/2014 03:07:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Trend Micro PreFilter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (02/25/2014 09:22:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5604 seconds with 3060 seconds of active time.  This session ended with a crash.

Error: (02/06/2014 06:49:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5013 seconds with 3060 seconds of active time.  This session ended with a crash.

Error: (01/24/2014 05:49:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 341 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/24/2014 05:40:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1010 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (01/24/2014 05:19:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11356 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (01/07/2014 07:51:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10464 seconds with 2100 seconds of active time.  This session ended with a crash.

Error: (01/05/2014 06:23:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3224 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (01/05/2014 05:25:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1751 seconds with 1140 seconds of active time.  This session ended with a crash.

Error: (01/03/2014 07:24:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3353 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (01/03/2014 06:28:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3427 seconds with 1980 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-21 18:50:48.926
  Description: N/A

  Date: 2014-03-21 18:50:48.832
  Description: N/A


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 8181.84 MB
Available physical RAM: 6643.21 MB
Total Pagefile: 16361.86 MB
Available Pagefile: 14596.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:102.55 GB) (Free:26.87 GB) NTFS
Drive d: (READER) (Fixed) (Total:1.99 GB) (Free:1.9 GB) FAT32
Drive k: (Volume) (Network) (Total:55.24 GB) (Free:5.39 GB) NTFS
Drive l: (iscsi_Volume) (Network) (Total:2048 GB) (Free:1015.54 GB) NTFS
Drive m: (iscsi_Volume) (Network) (Total:2048 GB) (Free:1015.54 GB) NTFS
Drive n: (iscsi_Volume) (Network) (Total:2048 GB) (Free:1015.54 GB) NTFS
Drive p: (Volume) (Network) (Total:55.24 GB) (Free:5.39 GB) NTFS
Drive w: (UNTERNEHMEN) (Fixed) (Total:29.71 GB) (Free:3.57 GB) NTFS
Drive y: () (Network) (Total:100 GB) (Free:50.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: C25DDB64)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: 574DADD7)
Partition 1: (Not Active) - (Size=30 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 27.03.2014, 08:40

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

seeufirst · 28.03.2014, 15:12

Hi,
der TDSSKiller konnte ein Rootkit entdecken. Hier der gewünschte Report:
Teil 1:

14:43:32.0624 0x0e18 TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
14:43:36.0617 0x0e18 ============================================================
14:43:36.0617 0x0e18 Current date / time: 2014/03/28 14:43:36.0617
14:43:36.0617 0x0e18 SystemInfo:
14:43:36.0617 0x0e18
14:43:36.0617 0x0e18 OS Version: 6.1.7601 ServicePack: 1.0
14:43:36.0617 0x0e18 Product type: Workstation
14:43:36.0617 0x0e18 ComputerName: 53MPRM1
14:43:36.0617 0x0e18 UserName: USERNAME
14:43:36.0617 0x0e18 Windows directory: C:\Windows
14:43:36.0617 0x0e18 System windows directory: C:\Windows
14:43:36.0617 0x0e18 Running under WOW64
14:43:36.0617 0x0e18 Processor architecture: Intel x64
14:43:36.0617 0x0e18 Number of processors: 4
14:43:36.0617 0x0e18 Page size: 0x1000
14:43:36.0617 0x0e18 Boot type: Normal boot
14:43:36.0617 0x0e18 ============================================================
14:43:36.0711 0x0e18 KLMD registered as C:\Windows\system32\drivers\20521599.sys
14:43:45.0682 0x0e18 System UUID: {842690FA-9028-204A-2AB9-2B4C64A8E7F8}
14:43:45.0962 0x0e18 !crdlk
14:43:45.0962 0x0e18 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:43:45.0978 0x0e18 Drive \Device\Harddisk1\DR1 - Size: 0x76D8B0000 (29.71 Gb), SectorSize: 0x200, Cylinders: 0xF26, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:43:45.0978 0x0e18 ============================================================
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0:
14:43:45.0978 0x0e18 MBR partitions:
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0xCD1BAB0
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0xEA7C800, BlocksNum 0x3FF000
14:43:45.0978 0x0e18 \Device\Harddisk1\DR1:
14:43:45.0978 0x0e18 MBR partitions:
14:43:45.0978 0x0e18 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3B69F67
14:43:45.0978 0x0e18 ============================================================
14:43:45.0978 0x0e18 C: <-> \Device\Harddisk0\DR0\Partition2
14:43:45.0978 0x0e18 D: <-> \Device\Harddisk0\DR0\Partition3
14:43:45.0994 0x0e18 W: <-> \Device\Harddisk1\DR1\Partition1
14:43:45.0994 0x0e18 ============================================================
14:43:45.0994 0x0e18 Initialize success
14:43:45.0994 0x0e18 ============================================================
14:44:14.0058 0x1410 ============================================================
14:44:14.0058 0x1410 Scan started
14:44:14.0058 0x1410 Mode: Manual; SigCheck; TDLFS;
14:44:14.0058 0x1410 ============================================================
14:44:14.0058 0x1410 KSN ping started
14:44:16.0741 0x1410 KSN ping finished: true
14:44:16.0819 0x1410 ================ Scan system memory ========================
14:44:16.0819 0x1410 System memory - ok
14:44:16.0819 0x1410 ================ Scan services =============================
14:44:16.0990 0x1410 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:44:17.0178 0x1410 1394ohci - ok
14:44:17.0193 0x1410 Suspicious service (NoAccess): 35e788ab90485f7f
14:44:17.0209 0x1410 [ B78C57637978C08E45DD946F908594F5, 90DBE63BB845F4A01314DC1EC284E163B39E112BA6A3929D6F7588276E0EFA68 ] 35e788ab90485f7f C:\Windows\System32\Drivers\35e788ab90485f7f.sys
14:44:17.0209 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\35e788ab90485f7f.sys. md5: B78C57637978C08E45DD946F908594F5, sha256: 90DBE63BB845F4A01314DC1EC284E163B39E112BA6A3929D6F7588276E0EFA68
14:44:17.0240 0x1410 35e788ab90485f7f - detected Rootkit.Win32.Necurs.gen ( 0 )
14:44:19.0689 0x1410 35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - infected
14:44:19.0689 0x1410 Force sending object to P2P due to detect: C:\Windows\System32\Drivers\35e788ab90485f7f.sys
14:44:30.0094 0x1410 Object send P2P result: true
14:44:32.0575 0x1410 A2DDA - ok
14:44:32.0606 0x1410 [ 627371B2D48F64CECC4D019114FB140D, B91698550BD899C208CC57F1ABE00D530D9FDC4559E3E1C0A04A27E7D4C7CE9D ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
14:44:32.0606 0x1410 Acceler - ok
14:44:32.0637 0x1410 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:44:32.0653 0x1410 ACPI - ok
14:44:32.0668 0x1410 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:44:32.0699 0x1410 AcpiPmi - ok
14:44:32.0731 0x1410 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:44:32.0746 0x1410 AdobeARMservice - ok
14:44:32.0809 0x1410 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:32.0824 0x1410 AdobeFlashPlayerUpdateSvc - ok
14:44:32.0855 0x1410 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:32.0871 0x1410 adp94xx - ok
14:44:32.0902 0x1410 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:44:32.0902 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adpahci.sys. md5: 597F78224EE9224EA1A13D6350CED962, sha256: DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC
14:44:32.0918 0x1410 adpahci - detected LockedFile.Multi.Generic ( 1 )
14:44:35.0289 0x1410 Detect skipped due to KSN trusted
14:44:35.0289 0x1410 adpahci - ok
14:44:35.0320 0x1410 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:44:35.0336 0x1410 adpu320 - ok
14:44:35.0383 0x1410 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:44:35.0461 0x1410 AeLookupSvc - ok
14:44:35.0507 0x1410 [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
14:44:35.0554 0x1410 AESTFilters - ok
14:44:35.0585 0x1410 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
14:44:35.0601 0x1410 AFD - ok
14:44:35.0617 0x1410 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
14:44:35.0617 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\agp440.sys. md5: 608C14DBA7299D8CB6ED035A68A15799, sha256: 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A
14:44:35.0632 0x1410 agp440 - detected LockedFile.Multi.Generic ( 1 )
14:44:38.0066 0x1410 Detect skipped due to KSN trusted
14:44:38.0066 0x1410 agp440 - ok
14:44:38.0097 0x1410 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
14:44:38.0128 0x1410 ALG - ok
14:44:38.0144 0x1410 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
14:44:38.0159 0x1410 aliide - ok
14:44:38.0190 0x1410 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
14:44:38.0190 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdide.sys. md5: 1FF8B4431C353CE385C875F194924C0C, sha256: 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720
14:44:38.0190 0x1410 amdide - detected LockedFile.Multi.Generic ( 1 )
14:44:40.0640 0x1410 Detect skipped due to KSN trusted
14:44:40.0640 0x1410 amdide - ok
14:44:40.0671 0x1410 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:44:40.0671 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdk8.sys. md5: 7024F087CFF1833A806193EF9D22CDA9, sha256: E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529
14:44:40.0671 0x1410 AmdK8 - detected LockedFile.Multi.Generic ( 1 )
14:44:43.0058 0x1410 Detect skipped due to KSN trusted
14:44:43.0058 0x1410 AmdK8 - ok
14:44:43.0089 0x1410 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:44:43.0089 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdppm.sys. md5: 1E56388B3FE0D031C44144EB8C4D6217, sha256: E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487
14:44:43.0089 0x1410 AmdPPM - detected LockedFile.Multi.Generic ( 1 )
14:44:45.0538 0x1410 Detect skipped due to KSN trusted
14:44:45.0538 0x1410 AmdPPM - ok
14:44:45.0569 0x1410 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:44:45.0569 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdsata.sys. md5: 6EC6D772EAE38DC17C14AED9B178D24B, sha256: B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6
14:44:45.0585 0x1410 amdsata - detected LockedFile.Multi.Generic ( 1 )
14:44:47.0972 0x1410 Detect skipped due to KSN trusted
14:44:47.0972 0x1410 amdsata - ok
14:44:48.0003 0x1410 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:48.0003 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdsbs.sys. md5: F67F933E79241ED32FF46A4F29B5120B, sha256: D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8
14:44:48.0018 0x1410 amdsbs - detected LockedFile.Multi.Generic ( 1 )
14:44:50.0452 0x1410 Detect skipped due to KSN trusted
14:44:50.0452 0x1410 amdsbs - ok
14:44:50.0468 0x1410 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:44:50.0468 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdxata.sys. md5: 1142A21DB581A84EA5597B03A26EBAA0, sha256: F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343
14:44:50.0483 0x1410 amdxata - detected LockedFile.Multi.Generic ( 1 )
14:44:52.0870 0x1410 Detect skipped due to KSN trusted
14:44:52.0870 0x1410 amdxata - ok
14:44:52.0917 0x1410 [ 4B92F0063C633BD4FDBD7D76977F65B3, DC18AB4FFA2893D664D464B3862E587A920C3A92A5D02E9E46710FB6F28CE0DE ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
14:44:52.0917 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Apfiltr.sys. md5: 4B92F0063C633BD4FDBD7D76977F65B3, sha256: DC18AB4FFA2893D664D464B3862E587A920C3A92A5D02E9E46710FB6F28CE0DE
14:44:52.0917 0x1410 ApfiltrService - detected LockedFile.Multi.Generic ( 1 )
14:44:55.0366 0x1410 Detect skipped due to KSN trusted
14:44:55.0366 0x1410 ApfiltrService - ok
14:44:55.0397 0x1410 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
14:44:55.0397 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\appid.sys. md5: 89A69C3F2F319B43379399547526D952, sha256: 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A
14:44:55.0413 0x1410 AppID - detected LockedFile.Multi.Generic ( 1 )
14:44:57.0846 0x1410 Detect skipped due to KSN trusted
14:44:57.0846 0x1410 AppID - ok
14:44:57.0877 0x1410 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:44:57.0924 0x1410 AppIDSvc - ok
14:44:57.0940 0x1410 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
14:44:57.0955 0x1410 Appinfo - ok
14:44:57.0987 0x1410 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:44:57.0987 0x1410 Apple Mobile Device - ok
14:44:58.0018 0x1410 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
14:44:58.0033 0x1410 AppMgmt - ok
14:44:58.0049 0x1410 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:44:58.0049 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arc.sys. md5: C484F8CEB1717C540242531DB7845C4E, sha256: C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6
14:44:58.0065 0x1410 arc - detected LockedFile.Multi.Generic ( 1 )
14:45:00.0420 0x1410 Detect skipped due to KSN trusted
14:45:00.0420 0x1410 arc - ok
14:45:00.0451 0x1410 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:45:00.0451 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019AF6924AEFE7839F61C830227FE79C, sha256: 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A
14:45:00.0467 0x1410 arcsas - detected LockedFile.Multi.Generic ( 1 )
14:45:02.0823 0x1410 Detect skipped due to KSN trusted
14:45:02.0823 0x1410 arcsas - ok
14:45:02.0854 0x1410 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:02.0854 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242, sha256: 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26
14:45:02.0854 0x1410 AsyncMac - detected LockedFile.Multi.Generic ( 1 )
14:45:08.0236 0x1410 Detect skipped due to KSN trusted
14:45:08.0236 0x1410 AsyncMac - ok
14:45:08.0267 0x1410 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
14:45:08.0267 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
14:45:08.0267 0x1410 atapi - detected LockedFile.Multi.Generic ( 1 )
14:45:10.0716 0x1410 Detect skipped due to KSN trusted
14:45:10.0716 0x1410 atapi - ok
14:45:10.0778 0x1410 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:45:10.0934 0x1410 AudioEndpointBuilder - ok
14:45:10.0997 0x1410 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:45:11.0044 0x1410 AudioSrv - ok
14:45:11.0075 0x1410 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:45:11.0122 0x1410 AxInstSV - ok
14:45:11.0153 0x1410 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:45:11.0153 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842, sha256: DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580
14:45:11.0168 0x1410 b06bdrv - detected LockedFile.Multi.Generic ( 1 )
14:45:13.0555 0x1410 Detect skipped due to KSN trusted
14:45:13.0555 0x1410 b06bdrv - ok
14:45:13.0586 0x1410 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:45:13.0586 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2, sha256: 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA
14:45:13.0602 0x1410 b57nd60a - detected LockedFile.Multi.Generic ( 1 )
14:45:16.0051 0x1410 Detect skipped due to KSN trusted
14:45:16.0051 0x1410 b57nd60a - ok
14:45:16.0082 0x1410 [ 50D45E314B13F70BF328D783868E6EA6, E22F30E7602D4EC0BEAA1E0DE7FF518B7B49556536C1F9E6C6308327CDEA4CA6 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
14:45:16.0082 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BCM42RLY.sys. md5: 50D45E314B13F70BF328D783868E6EA6, sha256: E22F30E7602D4EC0BEAA1E0DE7FF518B7B49556536C1F9E6C6308327CDEA4CA6
14:45:16.0098 0x1410 BCM42RLY - detected LockedFile.Multi.Generic ( 1 )
14:45:18.0500 0x1410 Detect skipped due to KSN trusted
14:45:18.0500 0x1410 BCM42RLY - ok
14:45:18.0594 0x1410 [ D84B17B03376ACBB7717928071429707, D7A0CD7E3F1A1BD5A0B27FA937004DEF8F02CBC7526D380A19630B7424025BF4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:45:18.0594 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bcmwl664.sys. md5: D84B17B03376ACBB7717928071429707, sha256: D7A0CD7E3F1A1BD5A0B27FA937004DEF8F02CBC7526D380A19630B7424025BF4
14:45:18.0610 0x1410 BCM43XX - detected LockedFile.Multi.Generic ( 1 )
14:45:20.0981 0x1410 Detect skipped due to KSN trusted
14:45:20.0981 0x1410 BCM43XX - ok
14:45:21.0043 0x1410 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
14:45:21.0059 0x1410 BDESVC - ok
14:45:21.0090 0x1410 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
14:45:21.0090 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746, sha256: 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024
14:45:21.0090 0x1410 Beep - detected LockedFile.Multi.Generic ( 1 )
14:45:23.0539 0x1410 Detect skipped due to KSN trusted
14:45:23.0539 0x1410 Beep - ok
14:45:23.0617 0x1410 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
14:45:23.0648 0x1410 BFE - ok
14:45:23.0711 0x1410 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
14:45:23.0773 0x1410 BITS - ok
14:45:23.0789 0x1410 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:45:23.0789 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3, sha256: 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811
14:45:23.0804 0x1410 blbdrive - detected LockedFile.Multi.Generic ( 1 )
14:45:26.0238 0x1410 Detect skipped due to KSN trusted
14:45:26.0238 0x1410 blbdrive - ok
14:45:26.0285 0x1410 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:45:26.0300 0x1410 Bonjour Service - ok
14:45:26.0331 0x1410 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:45:26.0331 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5, sha256: AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28
14:45:26.0347 0x1410 bowser - detected LockedFile.Multi.Generic ( 1 )
14:45:28.0734 0x1410 Detect skipped due to KSN trusted
14:45:28.0734 0x1410 bowser - ok
14:45:28.0749 0x1410 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:45:28.0749 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8, sha256: 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3
14:45:28.0765 0x1410 BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
14:45:31.0214 0x1410 Detect skipped due to KSN trusted
14:45:31.0214 0x1410 BrFiltLo - ok
14:45:31.0230 0x1410 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:45:31.0230 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6, sha256: 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C
14:45:31.0245 0x1410 BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
14:45:33.0632 0x1410 Detect skipped due to KSN trusted
14:45:33.0632 0x1410 BrFiltUp - ok
14:45:33.0663 0x1410 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
14:45:33.0695 0x1410 Browser - ok
14:45:33.0726 0x1410 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:45:33.0726 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD, sha256: 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272
14:45:33.0726 0x1410 Brserid - detected LockedFile.Multi.Generic ( 1 )
14:45:36.0097 0x1410 Detect skipped due to KSN trusted
14:45:36.0097 0x1410 Brserid - ok
14:45:36.0128 0x1410 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:45:36.0128 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
14:45:36.0128 0x1410 BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
14:45:38.0577 0x1410 Detect skipped due to KSN trusted
14:45:38.0577 0x1410 BrSerWdm - ok
14:45:38.0609 0x1410 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:45:38.0609 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
14:45:38.0609 0x1410 BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
14:45:41.0042 0x1410 Detect skipped due to KSN trusted
14:45:41.0042 0x1410 BrUsbMdm - ok
14:45:41.0058 0x1410 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:45:41.0058 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
14:45:41.0073 0x1410 BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
14:45:43.0444 0x1410 Detect skipped due to KSN trusted
14:45:43.0444 0x1410 BrUsbSer - ok
14:45:43.0476 0x1410 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:45:43.0476 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BthEnum.sys. md5: CF98190A94F62E405C8CB255018B2315, sha256: E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781
14:45:43.0476 0x1410 BthEnum - detected LockedFile.Multi.Generic ( 1 )
14:45:45.0925 0x1410 Detect skipped due to KSN trusted
14:45:45.0925 0x1410 BthEnum - ok
14:45:45.0956 0x1410 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:45:45.0956 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
14:45:45.0956 0x1410 BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
14:45:48.0405 0x1410 Detect skipped due to KSN trusted
14:45:48.0405 0x1410 BTHMODEM - ok
14:45:48.0436 0x1410 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:45:48.0436 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthpan.sys. md5: 02DD601B708DD0667E1331FA8518E9FF, sha256: 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1
14:45:48.0452 0x1410 BthPan - detected LockedFile.Multi.Generic ( 1 )
14:45:50.0839 0x1410 Detect skipped due to KSN trusted
14:45:50.0839 0x1410 BthPan - ok
14:45:50.0886 0x1410 [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:45:50.0886 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHport.sys. md5: 64C198198501F7560EE41D8D1EFA7952, sha256: 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0
14:45:50.0901 0x1410 BTHPORT - detected LockedFile.Multi.Generic ( 1 )
14:45:53.0288 0x1410 Detect skipped due to KSN trusted
14:45:53.0288 0x1410 BTHPORT - ok
14:45:53.0319 0x1410 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
14:45:53.0382 0x1410 bthserv - ok
14:45:53.0397 0x1410 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:45:53.0397 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHUSB.sys. md5: F188B7394D81010767B6DF3178519A37, sha256: 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B
14:45:53.0413 0x1410 BTHUSB - detected LockedFile.Multi.Generic ( 1 )
14:45:55.0847 0x1410 Detect skipped due to KSN trusted
14:45:55.0847 0x1410 BTHUSB - ok
14:45:55.0878 0x1410 [ 2D19C44A9D0E175BC93D23C562A0AA01, 0298E3D57472F1848E217FFE9B7B67792CD9643B2BE879723067F987ED98C31F ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
14:45:55.0878 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwampfl.sys. md5: 2D19C44A9D0E175BC93D23C562A0AA01, sha256: 0298E3D57472F1848E217FFE9B7B67792CD9643B2BE879723067F987ED98C31F
14:45:55.0894 0x1410 btwampfl - detected LockedFile.Multi.Generic ( 1 )
14:45:58.0250 0x1410 Detect skipped due to KSN trusted
14:45:58.0250 0x1410 btwampfl - ok
14:45:58.0281 0x1410 [ AD4B38BF35896778236B40CF453F58AA, 1CE0007090AD07F852C0FE25DB17054D9942D487A11F9DF38A96C0B51ED817D6 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:45:58.0281 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: AD4B38BF35896778236B40CF453F58AA, sha256: 1CE0007090AD07F852C0FE25DB17054D9942D487A11F9DF38A96C0B51ED817D6
14:45:58.0281 0x1410 btwaudio - detected LockedFile.Multi.Generic ( 1 )
14:46:00.0652 0x1410 Detect skipped due to KSN trusted
14:46:00.0652 0x1410 btwaudio - ok
14:46:00.0683 0x1410 [ C2A11549E72841EF9FC5AF14C7F29233, FBF280AA92F74EAF73BCB3D8DF864C05D3BFF5E67A2B1756180664FC5D8349FA ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:46:00.0683 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwavdt.sys. md5: C2A11549E72841EF9FC5AF14C7F29233, sha256: FBF280AA92F74EAF73BCB3D8DF864C05D3BFF5E67A2B1756180664FC5D8349FA
14:46:00.0683 0x1410 btwavdt - detected LockedFile.Multi.Generic ( 1 )
14:46:03.0132 0x1410 Detect skipped due to KSN trusted
14:46:03.0132 0x1410 btwavdt - ok
14:46:03.0179 0x1410 [ 3D13849A1F9E7C61096294B955EFCDF2, BEF5CC432611367708EEDC1C3CB9D43AB4B9DA53A1E81D3B8DC54CE12BE1E805 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:46:03.0210 0x1410 btwdins - ok
14:46:03.0226 0x1410 [ 06E96CF5C046F7CAB4AA131DF6E2B9BC, D3957A55E5BB614203E187460232F8701CF54599EEC9A0D2146952D75405A44F ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:46:03.0226 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwl2cap.sys. md5: 06E96CF5C046F7CAB4AA131DF6E2B9BC, sha256: D3957A55E5BB614203E187460232F8701CF54599EEC9A0D2146952D75405A44F
14:46:03.0242 0x1410 btwl2cap - detected LockedFile.Multi.Generic ( 1 )
14:46:05.0691 0x1410 Detect skipped due to KSN trusted
14:46:05.0691 0x1410 btwl2cap - ok
14:46:05.0722 0x1410 [ D8270F1D59DD10743C8E62D806AF85E2, EF6F74747C56CBFE56E64C375EE51944E21F3DF882F99677CB016BC73CC57F05 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:46:05.0722 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwrchid.sys. md5: D8270F1D59DD10743C8E62D806AF85E2, sha256: EF6F74747C56CBFE56E64C375EE51944E21F3DF882F99677CB016BC73CC57F05
14:46:05.0722 0x1410 btwrchid - detected LockedFile.Multi.Generic ( 1 )
14:46:08.0109 0x1410 Detect skipped due to KSN trusted
14:46:08.0109 0x1410 btwrchid - ok
14:46:08.0156 0x1410 [ F9A6DEAC2776A85F23B55E044CD4BC10, BF98EE87E50A6682E5FB1A7F43A2F2ED312C3DE7B1EA112808777E519706C32A ] buttonsvc64 c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
14:46:08.0171 0x1410 buttonsvc64 - ok
14:46:08.0187 0x1410 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:46:08.0187 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
14:46:08.0202 0x1410 cdfs - detected LockedFile.Multi.Generic ( 1 )
14:46:10.0651 0x1410 Detect skipped due to KSN trusted
14:46:10.0651 0x1410 cdfs - ok
14:46:10.0683 0x1410 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:46:10.0683 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
14:46:10.0698 0x1410 cdrom - detected LockedFile.Multi.Generic ( 1 )
14:46:13.0194 0x1410 Detect skipped due to KSN trusted
14:46:13.0194 0x1410 cdrom - ok
14:46:13.0225 0x1410 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
14:46:13.0272 0x1410 CertPropSvc - ok
14:46:13.0288 0x1410 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:46:13.0288 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
14:46:13.0303 0x1410 circlass - detected LockedFile.Multi.Generic ( 1 )
14:46:15.0690 0x1410 Detect skipped due to KSN trusted
14:46:15.0690 0x1410 circlass - ok
14:46:15.0706 0x1410 cleanhlp - ok
14:46:15.0753 0x1410 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
14:46:15.0753 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
14:46:15.0753 0x1410 CLFS - detected LockedFile.Multi.Generic ( 1 )
14:46:18.0202 0x1410 Detect skipped due to KSN trusted
14:46:18.0202 0x1410 CLFS - ok
14:46:18.0249 0x1410 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:18.0264 0x1410 clr_optimization_v2.0.50727_32 - ok
14:46:18.0295 0x1410 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:46:18.0295 0x1410 clr_optimization_v2.0.50727_64 - ok
14:46:18.0342 0x1410 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:18.0358 0x1410 clr_optimization_v4.0.30319_32 - ok
14:46:18.0389 0x1410 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:46:18.0405 0x1410 clr_optimization_v4.0.30319_64 - ok
14:46:18.0420 0x1410 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:46:18.0420 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
14:46:18.0420 0x1410 CmBatt - detected LockedFile.Multi.Generic ( 1 )
14:46:20.0807 0x1410 Detect skipped due to KSN trusted
14:46:20.0807 0x1410 CmBatt - ok
14:46:20.0838 0x1410 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:46:20.0838 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
14:46:20.0854 0x1410 cmdide - detected LockedFile.Multi.Generic ( 1 )
14:46:23.0241 0x1410 Detect skipped due to KSN trusted
14:46:23.0241 0x1410 cmdide - ok
14:46:23.0287 0x1410 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
14:46:23.0287 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: EBF28856F69CF094A902F884CF989706, sha256: AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F
14:46:23.0287 0x1410 CNG - detected LockedFile.Multi.Generic ( 1 )
14:46:25.0674 0x1410 Detect skipped due to KSN trusted
14:46:25.0674 0x1410 CNG - ok
14:46:25.0690 0x1410 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:46:25.0690 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
14:46:25.0705 0x1410 Compbatt - detected LockedFile.Multi.Generic ( 1 )
14:46:28.0154 0x1410 Detect skipped due to KSN trusted
14:46:28.0154 0x1410 Compbatt - ok
14:46:28.0186 0x1410 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:46:28.0186 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
14:46:28.0201 0x1410 CompositeBus - detected LockedFile.Multi.Generic ( 1 )
14:46:30.0572 0x1410 Detect skipped due to KSN trusted
14:46:30.0572 0x1410 CompositeBus - ok
14:46:30.0604 0x1410 COMSysApp - ok
14:46:30.0619 0x1410 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:46:30.0619 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
14:46:30.0635 0x1410 crcdisk - detected LockedFile.Multi.Generic ( 1 )
14:46:33.0068 0x1410 Detect skipped due to KSN trusted
14:46:33.0068 0x1410 crcdisk - ok
14:46:33.0115 0x1410 [ 55A9081A7A6D0977A0B470AC88F37E6F, F5DB2480D6FE6AFC9226CD554AD9E7E637E7556C3BDBA7FB1B46BDF81A20460C ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
14:46:33.0146 0x1410 Credential Vault Host Control Service - ok
14:46:33.0178 0x1410 [ 53371039D4027E1BB4DDCC83007D3A04, 2C3EC24763FF441F536159B61E412F6D911175F2E117248F017D042231EDB614 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
14:46:33.0178 0x1410 Credential Vault Host Storage - ok
14:46:33.0224 0x1410 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:46:33.0256 0x1410 CryptSvc - ok
14:46:33.0287 0x1410 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
14:46:33.0287 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\csc.sys. md5: 54DA3DFD29ED9F1619B6F53F3CE55E49, sha256: 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E
14:46:33.0302 0x1410 CSC - detected LockedFile.Multi.Generic ( 1 )
14:46:35.0752 0x1410 Detect skipped due to KSN trusted
14:46:35.0752 0x1410 CSC - ok
14:46:35.0814 0x1410 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
14:46:35.0845 0x1410 CscService - ok
14:46:35.0876 0x1410 [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:46:35.0876 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CtClsFlt.sys. md5: ED5CF92396A62F4C15110DCDB5E854D9, sha256: CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2
14:46:35.0876 0x1410 CtClsFlt - detected LockedFile.Multi.Generic ( 1 )
14:46:38.0263 0x1410 Detect skipped due to KSN trusted
14:46:38.0263 0x1410 CtClsFlt - ok
14:46:38.0279 0x1410 [ A84CAAE89B487931200B969D94018AFA, 6984F3CF4E78B20350E5C09F16DE412D0232E202BD8DF86B9623F25CD154ED95 ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
14:46:38.0279 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cvusbdrv.sys. md5: A84CAAE89B487931200B969D94018AFA, sha256: 6984F3CF4E78B20350E5C09F16DE412D0232E202BD8DF86B9623F25CD154ED95
14:46:38.0294 0x1410 cvusbdrv - detected LockedFile.Multi.Generic ( 1 )
14:46:40.0728 0x1410 Detect skipped due to KSN trusted
14:46:40.0728 0x1410 cvusbdrv - ok
14:46:40.0790 0x1410 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:46:40.0853 0x1410 DcomLaunch - ok
14:46:40.0884 0x1410 [ C0AADE6FC97F718B1E1B0D4452F2ADA5, 96B88D09F14563D8F87A82824BBE70751BF665813CA1E21EE6C9F9CA7EADE448 ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
14:46:40.0900 0x1410 dcpsysmgrsvc - ok
14:46:40.0931 0x1410 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
14:46:40.0962 0x1410 defragsvc - ok
14:46:40.0993 0x1410 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:46:40.0993 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F
14:46:41.0009 0x1410 DfsC - detected LockedFile.Multi.Generic ( 1 )
14:46:43.0442 0x1410 Detect skipped due to KSN trusted
14:46:43.0442 0x1410 DfsC - ok
14:46:43.0489 0x1410 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:46:43.0520 0x1410 Dhcp - ok
14:46:43.0551 0x1410 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
14:46:43.0551 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
14:46:43.0567 0x1410 discache - detected LockedFile.Multi.Generic ( 1 )
14:46:46.0110 0x1410 Detect skipped due to KSN trusted
14:46:46.0110 0x1410 discache - ok
14:46:46.0141 0x1410 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:46:46.0141 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
14:46:46.0157 0x1410 Disk - detected LockedFile.Multi.Generic ( 1 )
14:46:48.0606 0x1410 Detect skipped due to KSN trusted
14:46:48.0606 0x1410 Disk - ok
14:46:48.0637 0x1410 dkab_device - ok
14:46:48.0668 0x1410 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:46:48.0715 0x1410 Dnscache - ok
14:46:48.0746 0x1410 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
14:46:48.0793 0x1410 dot3svc - ok
14:46:48.0824 0x1410 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
14:46:48.0871 0x1410 DPS - ok
14:46:48.0887 0x1410 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:46:48.0887 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
14:46:48.0887 0x1410 drmkaud - detected LockedFile.Multi.Generic ( 1 )
14:46:51.0258 0x1410 Detect skipped due to KSN trusted
14:46:51.0258 0x1410 drmkaud - ok
14:46:51.0273 0x1410 [ 37BA0259E9A79D610FD302C8A3770A2C, 5D7FB757E7E33CCC23919B7A2CC5495C1740E39FA53BD30B73F4142A23E9A413 ] DVMIO D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys
14:46:51.0289 0x1410 DVMIO - ok
14:46:51.0351 0x1410 [ 6F0952F5A3C8D9E90DF1F88B84541145, 55818BCE974D7BCDBD9DE03CE214477C15C085876BBE2AA3B984805F8E61A564 ] DvmMDES D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe
14:46:51.0351 0x1410 DvmMDES - detected UnsignedFile.Multi.Generic ( 1 )
14:46:53.0723 0x1410 Detect skipped due to KSN trusted
14:46:53.0723 0x1410 DvmMDES - ok
14:46:53.0769 0x1410 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:46:53.0769 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 88612F1CE3BF42256913BF6E61C70D52, sha256: 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7
14:46:53.0769 0x1410 DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
14:46:56.0125 0x1410 Detect skipped due to KSN trusted
14:46:56.0125 0x1410 DXGKrnl - ok
14:46:56.0156 0x1410 [ F369E83F6CDAB987CA2DD764278659A6, 64F7CF085EA19A37D6A23D91B63BCF36EAC4FEE936DDD7E71F665C4FD0EA6DC2 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
14:46:56.0156 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\e1k62x64.sys. md5: F369E83F6CDAB987CA2DD764278659A6, sha256: 64F7CF085EA19A37D6A23D91B63BCF36EAC4FEE936DDD7E71F665C4FD0EA6DC2
14:46:56.0156 0x1410 e1kexpress - detected LockedFile.Multi.Generic ( 1 )
14:46:58.0574 0x1410 Detect skipped due to KSN trusted
14:46:58.0574 0x1410 e1kexpress - ok
14:46:58.0761 0x1410 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
14:46:58.0792 0x1410 EapHost - ok
14:46:58.0886 0x1410 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:46:58.0886 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
14:46:58.0902 0x1410 ebdrv - detected LockedFile.Multi.Generic ( 1 )
14:47:01.0273 0x1410 Detect skipped due to KSN trusted
14:47:01.0273 0x1410 ebdrv - ok
14:47:01.0304 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
14:47:01.0320 0x1410 EFS - ok
14:47:01.0366 0x1410 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:47:01.0413 0x1410 ehRecvr - ok
14:47:01.0429 0x1410 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
14:47:01.0476 0x1410 ehSched - ok
14:47:01.0507 0x1410 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:47:01.0507 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
14:47:01.0522 0x1410 elxstor - detected LockedFile.Multi.Generic ( 1 )
14:47:03.0956 0x1410 Detect skipped due to KSN trusted
14:47:03.0956 0x1410 elxstor - ok
14:47:03.0987 0x1410 [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
14:47:04.0003 0x1410 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
14:47:06.0390 0x1410 Detect skipped due to KSN trusted
14:47:06.0390 0x1410 EpsonBidirectionalService - ok
14:47:06.0405 0x1410 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:47:06.0405 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
14:47:06.0421 0x1410 ErrDev - detected LockedFile.Multi.Generic ( 1 )
14:47:08.0979 0x1410 Detect skipped due to KSN trusted
14:47:08.0979 0x1410 ErrDev - ok
14:47:09.0073 0x1410 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
14:47:09.0120 0x1410 EventSystem - ok
14:47:09.0151 0x1410 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
14:47:09.0151 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
14:47:09.0166 0x1410 exfat - detected LockedFile.Multi.Generic ( 1 )
14:47:11.0616 0x1410 Detect skipped due to KSN trusted
14:47:11.0616 0x1410 exfat - ok
14:47:11.0647 0x1410 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:47:11.0647 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
14:47:11.0662 0x1410 fastfat - detected LockedFile.Multi.Generic ( 1 )
14:47:14.0018 0x1410 Detect skipped due to KSN trusted
14:47:14.0018 0x1410 fastfat - ok
14:47:14.0065 0x1410 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
14:47:14.0096 0x1410 Fax - ok
14:47:14.0127 0x1410 FA_Scheduler - ok
14:47:14.0143 0x1410 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:47:14.0143 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
14:47:14.0143 0x1410 fdc - detected LockedFile.Multi.Generic ( 1 )
14:47:16.0529 0x1410 Detect skipped due to KSN trusted
14:47:16.0529 0x1410 fdc - ok
14:47:16.0561 0x1410 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
14:47:16.0592 0x1410 fdPHost - ok
14:47:16.0623 0x1410 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
14:47:16.0654 0x1410 FDResPub - ok
14:47:16.0685 0x1410 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:47:16.0685 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
14:47:16.0701 0x1410 FileInfo - detected LockedFile.Multi.Generic ( 1 )
14:47:19.0135 0x1410 Detect skipped due to KSN trusted
14:47:19.0135 0x1410 FileInfo - ok
14:47:19.0166 0x1410 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:47:19.0166 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
14:47:19.0166 0x1410 Filetrace - detected LockedFile.Multi.Generic ( 1 )
14:47:21.0615 0x1410 Detect skipped due to KSN trusted
14:47:21.0615 0x1410 Filetrace - ok
14:47:21.0662 0x1410 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:47:21.0709 0x1410 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
14:47:24.0080 0x1410 Detect skipped due to KSN trusted
14:47:24.0080 0x1410 FLEXnet Licensing Service - ok
14:47:24.0095 0x1410 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:24.0095 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
14:47:24.0111 0x1410 flpydisk - detected LockedFile.Multi.Generic ( 1 )
14:47:26.0591 0x1410 Detect skipped due to KSN trusted
14:47:26.0591 0x1410 flpydisk - ok
14:47:26.0638 0x1410 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:47:26.0638 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
14:47:26.0638 0x1410 FltMgr - detected LockedFile.Multi.Generic ( 1 )
14:47:29.0009 0x1410 Detect skipped due to KSN trusted
14:47:29.0009 0x1410 FltMgr - ok
14:47:29.0072 0x1410 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
14:47:29.0228 0x1410 FontCache - ok
14:47:29.0259 0x1410 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:47:29.0259 0x1410 FontCache3.0.0.0 - ok
14:47:29.0290 0x1410 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:47:29.0290 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
14:47:29.0306 0x1410 FsDepends - detected LockedFile.Multi.Generic ( 1 )
14:47:31.0755 0x1410 Detect skipped due to KSN trusted
14:47:31.0755 0x1410 FsDepends - ok
14:47:31.0786 0x1410 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:47:31.0786 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
14:47:31.0786 0x1410 Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
14:47:34.0173 0x1410 Detect skipped due to KSN trusted
14:47:34.0173 0x1410 Fs_Rec - ok
14:47:34.0204 0x1410 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:47:34.0204 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED, sha256: 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5
14:47:34.0220 0x1410 fvevol - detected LockedFile.Multi.Generic ( 1 )
14:47:36.0669 0x1410 Detect skipped due to KSN trusted
14:47:36.0669 0x1410 fvevol - ok
14:47:36.0700 0x1410 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:47:36.0700 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
14:47:36.0700 0x1410 gagp30kx - detected LockedFile.Multi.Generic ( 1 )
14:47:39.0071 0x1410 Detect skipped due to KSN trusted
14:47:39.0071 0x1410 gagp30kx - ok
14:47:39.0087 0x1410 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:39.0087 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
14:47:39.0102 0x1410 GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
14:47:41.0489 0x1410 Detect skipped due to KSN trusted
14:47:41.0489 0x1410 GEARAspiWDM - ok
14:47:41.0552 0x1410 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
14:47:41.0598 0x1410 gpsvc - ok
14:47:41.0630 0x1410 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:41.0645 0x1410 gupdate - ok
14:47:41.0676 0x1410 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:41.0676 0x1410 gupdatem - ok
14:47:41.0708 0x1410 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:47:41.0723 0x1410 gusvc - ok
14:47:41.0754 0x1410 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:47:41.0754 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
14:47:41.0770 0x1410 hcw85cir - detected LockedFile.Multi.Generic ( 1 )
14:47:44.0203 0x1410 Detect skipped due to KSN trusted
14:47:44.0203 0x1410 hcw85cir - ok
14:47:44.0250 0x1410 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:47:44.0250 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
14:47:44.0266 0x1410 HDAudBus - detected LockedFile.Multi.Generic ( 1 )
14:47:46.0699 0x1410 Detect skipped due to KSN trusted
14:47:46.0699 0x1410 HDAudBus - ok
14:47:46.0731 0x1410 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:47:46.0731 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
14:47:46.0746 0x1410 HECIx64 - detected LockedFile.Multi.Generic ( 1 )
14:47:49.0102 0x1410 Detect skipped due to KSN trusted
14:47:49.0102 0x1410 HECIx64 - ok
14:47:49.0117 0x1410 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:49.0117 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
14:47:49.0133 0x1410 HidBatt - detected LockedFile.Multi.Generic ( 1 )
14:47:51.0567 0x1410 Detect skipped due to KSN trusted
14:47:51.0567 0x1410 HidBatt - ok
14:47:51.0582 0x1410 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:47:51.0582 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
14:47:51.0598 0x1410 HidBth - detected LockedFile.Multi.Generic ( 1 )
14:47:54.0016 0x1410 Detect skipped due to KSN trusted
14:47:54.0016 0x1410 HidBth - ok
14:47:54.0031 0x1410 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:47:54.0047 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
14:47:54.0047 0x1410 HidIr - detected LockedFile.Multi.Generic ( 1 )
14:47:56.0434 0x1410 Detect skipped due to KSN trusted
14:47:56.0434 0x1410 HidIr - ok
14:47:56.0465 0x1410 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
14:47:56.0496 0x1410 hidserv - ok
14:47:56.0512 0x1410 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:47:56.0512 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
14:47:56.0527 0x1410 HidUsb - detected LockedFile.Multi.Generic ( 1 )
14:47:58.0883 0x1410 Detect skipped due to KSN trusted
14:47:58.0883 0x1410 HidUsb - ok
14:47:58.0914 0x1410 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:47:58.0961 0x1410 hkmsvc - ok
14:47:58.0992 0x1410 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:47:59.0023 0x1410 HomeGroupListener - ok
14:47:59.0055 0x1410 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:47:59.0086 0x1410 HomeGroupProvider - ok
14:47:59.0101 0x1410 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:47:59.0101 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
14:47:59.0117 0x1410 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
14:48:01.0550 0x1410 Detect skipped due to KSN trusted
14:48:01.0550 0x1410 HpSAMD - ok
14:48:01.0613 0x1410 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:48:01.0613 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
14:48:01.0628 0x1410 HTTP - detected LockedFile.Multi.Generic ( 1 )
14:48:04.0000 0x1410 Detect skipped due to KSN trusted
14:48:04.0000 0x1410 HTTP - ok
14:48:04.0031 0x1410 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:48:04.0031 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
14:48:04.0046 0x1410 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
14:48:06.0418 0x1410 Detect skipped due to KSN trusted
14:48:06.0418 0x1410 hwpolicy - ok
14:48:06.0449 0x1410 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:48:06.0449 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
14:48:06.0449 0x1410 i8042prt - detected LockedFile.Multi.Generic ( 1 )
14:48:08.0898 0x1410 Detect skipped due to KSN trusted
14:48:08.0898 0x1410 i8042prt - ok
14:48:08.0945 0x1410 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:48:08.0945 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: ABBF174CB394F5C437410A788B7E404A, sha256: 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8
14:48:08.0960 0x1410 iaStor - detected LockedFile.Multi.Generic ( 1 )
14:48:11.0394 0x1410 Detect skipped due to KSN trusted
14:48:11.0394 0x1410 iaStor - ok
14:48:11.0410 0x1410 [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:48:11.0425 0x1410 IAStorDataMgrSvc - ok
14:48:11.0456 0x1410 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:48:11.0456 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 3DF4395A7CF8B7A72A5F4606366B8C2D, sha256: 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80
14:48:11.0472 0x1410 iaStorV - detected LockedFile.Multi.Generic ( 1 )
14:48:13.0843 0x1410 Detect skipped due to KSN trusted
14:48:13.0843 0x1410 iaStorV - ok
14:48:13.0859 0x1410 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:48:13.0874 0x1410 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:48:16.0261 0x1410 Detect skipped due to KSN trusted
14:48:16.0261 0x1410 IDriverT - ok
14:48:16.0323 0x1410 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:48:16.0370 0x1410 idsvc - ok
14:48:16.0401 0x1410 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:48:16.0401 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
14:48:16.0417 0x1410 iirsp - detected LockedFile.Multi.Generic ( 1 )
14:48:18.0773 0x1410 Detect skipped due to KSN trusted
14:48:18.0773 0x1410 iirsp - ok
14:48:18.0835 0x1410 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
14:48:18.0867 0x1410 IKEEXT - ok
14:48:18.0898 0x1410 [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
14:48:18.0898 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Impcd.sys. md5: 36FDF367A1DABFF903E2214023D71368, sha256: 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68
14:48:18.0913 0x1410 Impcd - detected LockedFile.Multi.Generic ( 1 )
14:48:21.0348 0x1410 Detect skipped due to KSN trusted
14:48:21.0348 0x1410 Impcd - ok
14:48:21.0379 0x1410 [ A4A87C2F228DD2AC93DAE94E103792D3, 22F75A82DA293B9ED6B9EB564A06FFFFDAA9E1FB0B60AC4A479B17E1BD77F1F8 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
14:48:21.0395 0x1410 InstallFilterService - detected UnsignedFile.Multi.Generic ( 1 )
14:48:23.0782 0x1410 Detect skipped due to KSN trusted
14:48:23.0782 0x1410 InstallFilterService - ok
14:48:23.0814 0x1410 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
14:48:23.0814 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
14:48:23.0814 0x1410 intelide - detected LockedFile.Multi.Generic ( 1 )
14:48:26.0248 0x1410 Detect skipped due to KSN trusted
14:48:26.0248 0x1410 intelide - ok
14:48:26.0279 0x1410 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:48:26.0279 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
14:48:26.0295 0x1410 intelppm - detected LockedFile.Multi.Generic ( 1 )
14:48:28.0652 0x1410 Detect skipped due to KSN trusted
14:48:28.0652 0x1410 intelppm - ok
14:48:28.0683 0x1410 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:48:28.0730 0x1410 IPBusEnum - ok
14:48:28.0761 0x1410 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:28.0761 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
14:48:28.0761 0x1410 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
14:48:31.0149 0x1410 Detect skipped due to KSN trusted
14:48:31.0149 0x1410 IpFilterDriver - ok
14:48:31.0195 0x1410 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:48:31.0273 0x1410 iphlpsvc - ok
14:48:31.0305 0x1410 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:48:31.0305 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
14:48:31.0305 0x1410 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
14:48:33.0755 0x1410 Detect skipped due to KSN trusted
14:48:33.0755 0x1410 IPMIDRV - ok
14:48:33.0786 0x1410 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:48:33.0786 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
14:48:33.0786 0x1410 IPNAT - detected LockedFile.Multi.Generic ( 1 )
14:48:36.0174 0x1410 Detect skipped due to KSN trusted
14:48:36.0174 0x1410 IPNAT - ok
14:48:36.0236 0x1410 [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:48:36.0252 0x1410 iPod Service - ok
14:48:36.0283 0x1410 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:48:36.0283 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
14:48:36.0283 0x1410 IRENUM - detected LockedFile.Multi.Generic ( 1 )
14:48:38.0655 0x1410 Detect skipped due to KSN trusted
14:48:38.0655 0x1410 IRENUM - ok
14:48:38.0671 0x1410 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:48:38.0671 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
14:48:38.0686 0x1410 isapnp - detected LockedFile.Multi.Generic ( 1 )
14:48:41.0136 0x1410 Detect skipped due to KSN trusted
14:48:41.0136 0x1410 isapnp - ok
14:48:41.0168 0x1410 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:48:41.0168 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
14:48:41.0183 0x1410 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0555 0x1410 Detect skipped due to KSN trusted
14:48:43.0555 0x1410 iScsiPrt - ok
14:48:43.0587 0x1410 [ BD5BF20EC242E003A2F570B8754A56D1, B4B3492222E98BF8E6EC453E727187FF4AA50A508D1E88A0CBBD5C46355AE492 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
14:48:43.0587 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ivusb.sys. md5: BD5BF20EC242E003A2F570B8754A56D1, sha256: B4B3492222E98BF8E6EC453E727187FF4AA50A508D1E88A0CBBD5C46355AE492
14:48:43.0587 0x1410 ivusb - detected LockedFile.Multi.Generic ( 1 )
14:48:45.0974 0x1410 Detect skipped due to KSN trusted
14:48:45.0974 0x1410 ivusb - ok
14:48:46.0006 0x1410 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:46.0006 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
14:48:46.0006 0x1410 kbdclass - detected LockedFile.Multi.Generic ( 1 )
14:48:48.0440 0x1410 Detect skipped due to KSN trusted
14:48:48.0440 0x1410 kbdclass - ok
14:48:48.0471 0x1410 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:48:48.0471 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
14:48:48.0487 0x1410 kbdhid - detected LockedFile.Multi.Generic ( 1 )
14:48:50.0859 0x1410 Detect skipped due to KSN trusted
14:48:50.0859 0x1410 kbdhid - ok
14:48:50.0875 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
14:48:50.0906 0x1410 KeyIso - ok
14:48:50.0922 0x1410 [ 322CD7A01A961D94C6EAB640D6427504, 17979EB65FEE44E329F3E8097194AE20422818EC6859DAA0206EB2CC3EEFA8D7 ] KOBCCEX C:\Windows\system32\drivers\KOBCCEX.sys
14:48:50.0922 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\KOBCCEX.sys. md5: 322CD7A01A961D94C6EAB640D6427504, sha256: 17979EB65FEE44E329F3E8097194AE20422818EC6859DAA0206EB2CC3EEFA8D7
14:48:50.0937 0x1410 KOBCCEX - detected LockedFile.Multi.Generic ( 1 )
14:48:53.0372 0x1410 Detect skipped due to KSN trusted
14:48:53.0372 0x1410 KOBCCEX - ok
14:48:53.0403 0x1410 [ 000200AD75DE8363546EECAFF77980FE, BE05EF748DC9640DC24DE2E2AC0B8FDCE3A79CCECD63B1E993D53979A1504477 ] KOBCCID C:\Windows\system32\drivers\KOBCCID.sys
14:48:53.0403 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\KOBCCID.sys. md5: 000200AD75DE8363546EECAFF77980FE, sha256: BE05EF748DC9640DC24DE2E2AC0B8FDCE3A79CCECD63B1E993D53979A1504477
14:48:53.0418 0x1410 KOBCCID - detected LockedFile.Multi.Generic ( 1 )
14:48:55.0791 0x1410 Detect skipped due to KSN trusted
14:48:55.0791 0x1410 KOBCCID - ok
14:48:55.0822 0x1410 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:48:55.0822 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A
14:48:55.0837 0x1410 KSecDD - detected LockedFile.Multi.Generic ( 1 )
14:48:58.0319 0x1410 Detect skipped due to KSN trusted
14:48:58.0319 0x1410 KSecDD - ok
14:48:58.0350 0x1410 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:48:58.0366 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD
14:48:58.0366 0x1410 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
14:49:00.0816 0x1410 Detect skipped due to KSN trusted
14:49:00.0816 0x1410 KSecPkg - ok
14:49:00.0847 0x1410 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:49:00.0847 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
14:49:00.0847 0x1410 ksthunk - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0219 0x1410 Detect skipped due to KSN trusted
14:49:03.0219 0x1410 ksthunk - ok
14:49:03.0266 0x1410 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
14:49:03.0328 0x1410 KtmRm - ok
14:49:03.0360 0x1410 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:49:03.0422 0x1410 LanmanServer - ok
14:49:03.0453 0x1410 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:49:03.0500 0x1410 LanmanWorkstation - ok
14:49:03.0531 0x1410 [ 1B669AF5811AE2F69024F34203BAD2A2, 2DE460F3F9318E89849E489C844FA848D69665A87B5B21444738CE77E4672209 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:49:03.0531 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\LHidFilt.Sys. md5: 1B669AF5811AE2F69024F34203BAD2A2, sha256: 2DE460F3F9318E89849E489C844FA848D69665A87B5B21444738CE77E4672209
14:49:03.0547 0x1410 LHidFilt - detected LockedFile.Multi.Generic ( 1 )
14:49:05.0950 0x1410 Detect skipped due to KSN trusted
14:49:05.0950 0x1410 LHidFilt - ok
14:49:05.0981 0x1410 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:49:05.0981 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
14:49:05.0997 0x1410 lltdio - detected LockedFile.Multi.Generic ( 1 )
14:49:08.0432 0x1410 Detect skipped due to KSN trusted
14:49:08.0432 0x1410 lltdio - ok
14:49:08.0463 0x1410 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:49:08.0510 0x1410 lltdsvc - ok
14:49:08.0541 0x1410 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:49:08.0572 0x1410 lmhosts - ok
14:49:08.0588 0x1410 [ 79F3696E25B289A6B2B7EA931C7BEC00, 3320874B2ADE48F9A2AF9429C5AA4258922D4745D80E58FFF8DF341BC85A2881 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:49:08.0588 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\LMouFilt.Sys. md5: 79F3696E25B289A6B2B7EA931C7BEC00, sha256: 3320874B2ADE48F9A2AF9429C5AA4258922D4745D80E58FFF8DF341BC85A2881
14:49:08.0603 0x1410 LMouFilt - detected LockedFile.Multi.Generic ( 1 )
14:49:11.0022 0x1410 Detect skipped due to KSN trusted
14:49:11.0022 0x1410 LMouFilt - ok
14:49:11.0053 0x1410 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:49:11.0053 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
14:49:11.0069 0x1410 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
14:49:13.0457 0x1410 Detect skipped due to KSN trusted
14:49:13.0457 0x1410 LSI_FC - ok
14:49:13.0488 0x1410 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:49:13.0488 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
14:49:13.0504 0x1410 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
14:49:15.0938 0x1410 Detect skipped due to KSN trusted
14:49:15.0938 0x1410 LSI_SAS - ok
14:49:15.0969 0x1410 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:49:15.0969 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
14:49:15.0985 0x1410 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
14:49:18.0357 0x1410 Detect skipped due to KSN trusted
14:49:18.0357 0x1410 LSI_SAS2 - ok
14:49:18.0388 0x1410 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:49:18.0388 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
14:49:18.0404 0x1410 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
14:49:20.0760 0x1410 Detect skipped due to KSN trusted
14:49:20.0760 0x1410 LSI_SCSI - ok
14:49:20.0792 0x1410 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
14:49:20.0792 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
14:49:20.0807 0x1410 luafv - detected LockedFile.Multi.Generic ( 1 )
14:49:23.0257 0x1410 Detect skipped due to KSN trusted
14:49:23.0257 0x1410 luafv - ok
14:49:23.0289 0x1410 [ AF69FEC6F299BD07742127C4CC0FE6A6, F0DDF555FCD85845F241C3AC91A26832E4F5F753665490E01A0E15325E480D2F ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
14:49:23.0289 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\LUsbFilt.Sys. md5: AF69FEC6F299BD07742127C4CC0FE6A6, sha256: F0DDF555FCD85845F241C3AC91A26832E4F5F753665490E01A0E15325E480D2F
14:49:23.0304 0x1410 LUsbFilt - detected LockedFile.Multi.Generic ( 1 )
14:49:25.0708 0x1410 Detect skipped due to KSN trusted
14:49:25.0708 0x1410 LUsbFilt - ok
14:49:25.0739 0x1410 [ 024DA28053D57E9E32BEE52600576BBB, 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
14:49:25.0739 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MarvinBus64.sys. md5: 024DA28053D57E9E32BEE52600576BBB, sha256: 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E
14:49:25.0754 0x1410 MarvinBus - detected LockedFile.Multi.Generic ( 1 )
14:49:28.0204 0x1410 Detect skipped due to KSN trusted
14:49:28.0204 0x1410 MarvinBus - ok
14:49:28.0236 0x1410 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:49:28.0251 0x1410 Mcx2Svc - ok
14:49:28.0407 0x1410 [ 6C7F3086968E530D5EA326C8F5E41C29, 197C61A081224F878B1B3BC9B9141A25F7BF7362A747753CB689F468D407BCF9 ] mdareDriver_43 C:\Users\USERNAME\AppData\Local\Temp\FCPreScan\mdare64_43.sys
14:49:28.0439 0x1410 mdareDriver_43 - ok
14:49:28.0517 0x1410 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:49:28.0517 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
14:49:28.0532 0x1410 megasas - detected LockedFile.Multi.Generic ( 1 )
14:49:30.0920 0x1410 Detect skipped due to KSN trusted
14:49:30.0920 0x1410 megasas - ok
14:49:30.0951 0x1410 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:49:30.0951 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
14:49:30.0967 0x1410 MegaSR - detected LockedFile.Multi.Generic ( 1 )
14:49:33.0401 0x1410 Detect skipped due to KSN trusted
14:49:33.0401 0x1410 MegaSR - ok
14:49:33.0433 0x1410 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
14:49:33.0495 0x1410 MMCSS - ok
14:49:33.0511 0x1410 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
14:49:33.0511 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
14:49:33.0526 0x1410 Modem - detected LockedFile.Multi.Generic ( 1 )
14:49:35.0914 0x1410 Detect skipped due to KSN trusted
14:49:35.0914 0x1410 Modem - ok
14:49:35.0945 0x1410 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:49:35.0945 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
14:49:35.0945 0x1410 monitor - detected LockedFile.Multi.Generic ( 1 )
14:49:38.0333 0x1410 Detect skipped due to KSN trusted
14:49:38.0333 0x1410 monitor - ok
14:49:38.0364 0x1410 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:49:38.0364 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
14:49:38.0364 0x1410 mouclass - detected LockedFile.Multi.Generic ( 1 )
14:49:40.0752 0x1410 Detect skipped due to KSN trusted
14:49:40.0752 0x1410 mouclass - ok
14:49:40.0783 0x1410 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:49:40.0783 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
14:49:40.0799 0x1410 mouhid - detected LockedFile.Multi.Generic ( 1 )
14:49:43.0249 0x1410 Detect skipped due to KSN trusted
14:49:43.0249 0x1410 mouhid - ok
14:49:43.0280 0x1410 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:49:43.0280 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
14:49:43.0296 0x1410 mountmgr - detected LockedFile.Multi.Generic ( 1 )
14:49:45.0668 0x1410 Detect skipped due to KSN trusted
14:49:45.0668 0x1410 mountmgr - ok
14:49:45.0699 0x1410 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
14:49:45.0699 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
14:49:45.0699 0x1410 mpio - detected LockedFile.Multi.Generic ( 1 )
14:49:48.0149 0x1410 Detect skipped due to KSN trusted
14:49:48.0149 0x1410 mpio - ok
14:49:48.0180 0x1410 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:49:48.0180 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
14:49:48.0196 0x1410 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
14:49:50.0630 0x1410 Detect skipped due to KSN trusted
14:49:50.0630 0x1410 mpsdrv - ok
14:49:50.0677 0x1410 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:49:50.0724 0x1410 MpsSvc - ok
14:49:50.0755 0x1410 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:49:50.0755 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
14:49:50.0771 0x1410 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
14:49:53.0143 0x1410 Detect skipped due to KSN trusted
14:49:53.0143 0x1410 MRxDAV - ok
14:49:53.0174 0x1410 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:49:53.0174 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
14:49:53.0190 0x1410 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
14:49:55.0640 0x1410 Detect skipped due to KSN trusted
14:49:55.0640 0x1410 mrxsmb - ok
14:49:55.0687 0x1410 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:49:55.0687 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
14:49:55.0687 0x1410 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
14:49:58.0075 0x1410 Detect skipped due to KSN trusted
14:49:58.0075 0x1410 mrxsmb10 - ok
14:49:58.0106 0x1410 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:49:58.0106 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
14:49:58.0121 0x1410 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
14:50:00.0572 0x1410 Detect skipped due to KSN trusted
14:50:00.0572 0x1410 mrxsmb20 - ok
14:50:00.0603 0x1410 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
14:50:00.0603 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
14:50:00.0603 0x1410 msahci - detected LockedFile.Multi.Generic ( 1 )
14:50:02.0990 0x1410 Detect skipped due to KSN trusted
14:50:02.0990 0x1410 msahci - ok
14:50:03.0022 0x1410 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:50:03.0022 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
14:50:03.0037 0x1410 msdsm - detected LockedFile.Multi.Generic ( 1 )
14:50:05.0456 0x1410 Detect skipped due to KSN trusted
14:50:05.0456 0x1410 msdsm - ok
14:50:05.0487 0x1410 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
14:50:05.0519 0x1410 MSDTC - ok
14:50:05.0565 0x1410 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:50:05.0565 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
14:50:05.0581 0x1410 Msfs - detected LockedFile.Multi.Generic ( 1 )
14:50:08.0016 0x1410 Detect skipped due to KSN trusted
14:50:08.0016 0x1410 Msfs - ok
14:50:08.0047 0x1410 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:50:08.0047 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
14:50:08.0062 0x1410 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
14:50:10.0419 0x1410 Detect skipped due to KSN trusted
14:50:10.0419 0x1410 mshidkmdf - ok
14:50:10.0450 0x1410 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:50:10.0450 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
14:50:10.0450 0x1410 msisadrv - detected LockedFile.Multi.Generic ( 1 )
14:50:12.0900 0x1410 Detect skipped due to KSN trusted
14:50:12.0900 0x1410 msisadrv - ok
14:50:12.0947 0x1410 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:50:12.0978 0x1410 MSiSCSI - ok
14:50:13.0010 0x1410 msiserver - ok
14:50:13.0025 0x1410 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:50:13.0041 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
14:50:13.0041 0x1410 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
14:50:15.0429 0x1410 Detect skipped due to KSN trusted
14:50:15.0429 0x1410 MSKSSRV - ok
14:50:15.0460 0x1410 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:15.0460 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
14:50:15.0460 0x1410 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
14:50:17.0910 0x1410 Detect skipped due to KSN trusted
14:50:17.0910 0x1410 MSPCLOCK - ok
14:50:17.0941 0x1410 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:50:17.0941 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
14:50:17.0941 0x1410 MSPQM - detected LockedFile.Multi.Generic ( 1 )
14:50:20.0376 0x1410 Detect skipped due to KSN trusted
14:50:20.0376 0x1410 MSPQM - ok
14:50:20.0407 0x1410 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:50:20.0407 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
14:50:20.0407 0x1410 MsRPC - detected LockedFile.Multi.Generic ( 1 )
14:50:22.0857 0x1410 Detect skipped due to KSN trusted
14:50:22.0857 0x1410 MsRPC - ok
14:50:22.0888 0x1410 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:50:22.0904 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
14:50:22.0904 0x1410 mssmbios - detected LockedFile.Multi.Generic ( 1 )
14:50:25.0276 0x1410 Detect skipped due to KSN trusted
14:50:25.0276 0x1410 mssmbios - ok
14:50:25.0307 0x1410 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:50:25.0307 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
14:50:25.0307 0x1410 MSTEE - detected LockedFile.Multi.Generic ( 1 )
14:50:27.0679 0x1410 Detect skipped due to KSN trusted
14:50:27.0679 0x1410 MSTEE - ok
14:50:27.0695 0x1410 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:50:27.0695 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
14:50:27.0711 0x1410 MTConfig - detected LockedFile.Multi.Generic ( 1 )
14:50:30.0161 0x1410 Detect skipped due to KSN trusted
14:50:30.0161 0x1410 MTConfig - ok
14:50:30.0192 0x1410 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
14:50:30.0192 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
14:50:30.0192 0x1410 Mup - detected LockedFile.Multi.Generic ( 1 )
14:50:32.0580 0x1410 Detect skipped due to KSN trusted
14:50:32.0580 0x1410 Mup - ok
14:50:32.0642 0x1410 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
14:50:32.0689 0x1410 napagent - ok
14:50:32.0720 0x1410 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:50:32.0720 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
14:50:32.0736 0x1410 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
14:50:35.0170 0x1410 Detect skipped due to KSN trusted
14:50:35.0170 0x1410 NativeWifiP - ok
14:50:35.0233 0x1410 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
14:50:35.0233 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C, sha256: 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D
14:50:35.0248 0x1410 NDIS - detected LockedFile.Multi.Generic ( 1 )
14:50:37.0698 0x1410 Detect skipped due to KSN trusted

seeufirst · 28.03.2014, 15:13

Teil 2:

14:50:37.0698 0x1410 NDIS - ok
14:50:37.0730 0x1410 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:37.0730 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
14:50:37.0745 0x1410 NdisCap - detected LockedFile.Multi.Generic ( 1 )
14:50:40.0195 0x1410 Detect skipped due to KSN trusted
14:50:40.0195 0x1410 NdisCap - ok
14:50:40.0227 0x1410 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:40.0227 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
14:50:40.0227 0x1410 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
14:50:42.0614 0x1410 Detect skipped due to KSN trusted
14:50:42.0614 0x1410 NdisTapi - ok
14:50:42.0646 0x1410 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:42.0646 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
14:50:42.0661 0x1410 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
14:50:45.0033 0x1410 Detect skipped due to KSN trusted
14:50:45.0033 0x1410 Ndisuio - ok
14:50:45.0065 0x1410 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:45.0065 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
14:50:45.0080 0x1410 NdisWan - detected LockedFile.Multi.Generic ( 1 )
14:50:47.0515 0x1410 Detect skipped due to KSN trusted
14:50:47.0515 0x1410 NdisWan - ok
14:50:47.0546 0x1410 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:50:47.0546 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
14:50:47.0546 0x1410 NDProxy - detected LockedFile.Multi.Generic ( 1 )
14:50:49.0934 0x1410 Detect skipped due to KSN trusted
14:50:49.0934 0x1410 NDProxy - ok
14:50:49.0965 0x1410 [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
14:50:49.0965 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netaapl64.sys. md5: 6F4607E2333FE21E9E3FF8133A88B35B, sha256: F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6
14:50:49.0980 0x1410 Netaapl - detected LockedFile.Multi.Generic ( 1 )
14:50:52.0415 0x1410 Detect skipped due to KSN trusted
14:50:52.0415 0x1410 Netaapl - ok
14:50:52.0446 0x1410 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:50:52.0446 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
14:50:52.0462 0x1410 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
14:50:54.0850 0x1410 Detect skipped due to KSN trusted
14:50:54.0850 0x1410 NetBIOS - ok
14:50:54.0896 0x1410 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:50:54.0896 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
14:50:54.0912 0x1410 NetBT - detected LockedFile.Multi.Generic ( 1 )
14:50:57.0362 0x1410 Detect skipped due to KSN trusted
14:50:57.0362 0x1410 NetBT - ok
14:50:57.0393 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
14:50:57.0425 0x1410 Netlogon - ok
14:50:57.0471 0x1410 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
14:50:57.0518 0x1410 Netman - ok
14:50:57.0581 0x1410 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
14:50:57.0627 0x1410 netprofm - ok
14:50:57.0643 0x1410 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:57.0659 0x1410 NetTcpPortSharing - ok
14:50:57.0690 0x1410 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:50:57.0690 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
14:50:57.0705 0x1410 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
14:51:00.0124 0x1410 Detect skipped due to KSN trusted
14:51:00.0124 0x1410 nfrd960 - ok
14:51:00.0171 0x1410 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:51:00.0249 0x1410 NlaSvc - ok
14:51:00.0265 0x1410 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2, 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
14:51:00.0265 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ccdcmbx64.sys. md5: 907B5E1E4A592E5EDC5E4CCBDE4863C2, sha256: 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074
14:51:00.0280 0x1410 nmwcd - detected LockedFile.Multi.Generic ( 1 )
14:51:02.0668 0x1410 Detect skipped due to KSN trusted
14:51:02.0668 0x1410 nmwcd - ok
14:51:02.0699 0x1410 [ 41C1AC1F3613435EB32D67BCB80A5FA5, 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
14:51:02.0699 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ccdcmbox64.sys. md5: 41C1AC1F3613435EB32D67BCB80A5FA5, sha256: 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23
14:51:02.0715 0x1410 nmwcdc - detected LockedFile.Multi.Generic ( 1 )
14:51:05.0103 0x1410 Detect skipped due to KSN trusted
14:51:05.0103 0x1410 nmwcdc - ok
14:51:05.0134 0x1410 [ 9573223E205907247AE6D948E3453770, 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
14:51:05.0134 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nmwcdnsux64.sys. md5: 9573223E205907247AE6D948E3453770, sha256: 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B
14:51:05.0150 0x1410 nmwcdnsux64 - detected LockedFile.Multi.Generic ( 1 )
14:51:07.0537 0x1410 Detect skipped due to KSN trusted
14:51:07.0537 0x1410 nmwcdnsux64 - ok
14:51:07.0569 0x1410 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:51:07.0569 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
14:51:07.0584 0x1410 Npfs - detected LockedFile.Multi.Generic ( 1 )
14:51:10.0034 0x1410 Detect skipped due to KSN trusted
14:51:10.0034 0x1410 Npfs - ok
14:51:10.0065 0x1410 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
14:51:10.0112 0x1410 nsi - ok
14:51:10.0144 0x1410 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:51:10.0144 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
14:51:10.0159 0x1410 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
14:51:12.0531 0x1410 Detect skipped due to KSN trusted
14:51:12.0531 0x1410 nsiproxy - ok
14:51:12.0609 0x1410 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:51:12.0609 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E
14:51:12.0625 0x1410 Ntfs - detected LockedFile.Multi.Generic ( 1 )
14:51:15.0075 0x1410 Detect skipped due to KSN trusted
14:51:15.0075 0x1410 Ntfs - ok
14:51:15.0106 0x1410 ntrtscan - ok
14:51:15.0122 0x1410 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
14:51:15.0122 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
14:51:15.0137 0x1410 Null - detected LockedFile.Multi.Generic ( 1 )
14:51:17.0525 0x1410 Detect skipped due to KSN trusted
14:51:17.0525 0x1410 Null - ok
14:51:17.0556 0x1410 [ CDDD4478757288DF4BB1494BFD084259, 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:51:17.0556 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvhda64v.sys. md5: CDDD4478757288DF4BB1494BFD084259, sha256: 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0
14:51:17.0556 0x1410 NVHDA - detected LockedFile.Multi.Generic ( 1 )
14:51:19.0944 0x1410 Detect skipped due to KSN trusted
14:51:19.0944 0x1410 NVHDA - ok
14:51:20.0100 0x1410 [ 53A7E1DEA2E7FA22FD4F0C28C078F5A0, B35549BBB36F38AC152B7C932E7FA40899A40A99D8DAFC343749905CEBD08051 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
14:51:20.0287 0x1410 NVIDIA Performance Driver Service - ok
14:51:20.0568 0x1410 [ 53D3DD6A066DE2EC13B954B500970D14, C94E2D0840F64D7EA7EAA2429F72F4132757B0D57B1BB6CA6D34231501B79CB3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:51:20.0568 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: 53D3DD6A066DE2EC13B954B500970D14, sha256: C94E2D0840F64D7EA7EAA2429F72F4132757B0D57B1BB6CA6D34231501B79CB3
14:51:20.0600 0x1410 nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
14:51:23.0034 0x1410 Detect skipped due to KSN trusted
14:51:23.0034 0x1410 nvlddmkm - ok
14:51:23.0081 0x1410 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:51:23.0081 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 5D9FD91F3D38DC9DA01E3CB5FA89CD48, sha256: 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737
14:51:23.0081 0x1410 nvraid - detected LockedFile.Multi.Generic ( 1 )
14:51:25.0469 0x1410 Detect skipped due to KSN trusted
14:51:25.0469 0x1410 nvraid - ok
14:51:25.0500 0x1410 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:51:25.0500 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: F7CD50FE7139F07E77DA8AC8033D1832, sha256: DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC
14:51:25.0516 0x1410 nvstor - detected LockedFile.Multi.Generic ( 1 )
14:51:27.0903 0x1410 Detect skipped due to KSN trusted
14:51:27.0903 0x1410 nvstor - ok
14:51:27.0966 0x1410 [ 253842C6F1CB130AA6578BB0840427C1, 5ED4DA8665EC4BED3B86C1806F6AD308BAC14891E19C25C05C114471BB4A5D42 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:51:27.0997 0x1410 nvsvc - ok
14:51:28.0013 0x1410 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:51:28.0013 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
14:51:28.0028 0x1410 nv_agp - detected LockedFile.Multi.Generic ( 1 )
14:51:30.0478 0x1410 Detect skipped due to KSN trusted
14:51:30.0478 0x1410 nv_agp - ok
14:51:30.0541 0x1410 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:51:30.0556 0x1410 odserv - ok
14:51:30.0588 0x1410 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:51:30.0588 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
14:51:30.0588 0x1410 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
14:51:33.0022 0x1410 Detect skipped due to KSN trusted
14:51:33.0022 0x1410 ohci1394 - ok
14:51:33.0053 0x1410 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:51:33.0084 0x1410 ose - ok
14:51:33.0131 0x1410 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:51:33.0163 0x1410 p2pimsvc - ok
14:51:33.0209 0x1410 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
14:51:33.0241 0x1410 p2psvc - ok
14:51:33.0256 0x1410 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:51:33.0256 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
14:51:33.0272 0x1410 Parport - detected LockedFile.Multi.Generic ( 1 )
14:51:35.0644 0x1410 Detect skipped due to KSN trusted
14:51:35.0644 0x1410 Parport - ok
14:51:35.0675 0x1410 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:51:35.0675 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
14:51:35.0691 0x1410 partmgr - detected LockedFile.Multi.Generic ( 1 )
14:51:38.0141 0x1410 Detect skipped due to KSN trusted
14:51:38.0141 0x1410 partmgr - ok
14:51:38.0172 0x1410 [ 363B3F857ABEE85767E01E3044C539CD, F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
14:51:38.0172 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\PBADRV.sys. md5: 363B3F857ABEE85767E01E3044C539CD, sha256: F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C
14:51:38.0188 0x1410 PBADRV - detected LockedFile.Multi.Generic ( 1 )
14:51:40.0575 0x1410 Detect skipped due to KSN trusted
14:51:40.0575 0x1410 PBADRV - ok
14:51:40.0622 0x1410 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
14:51:40.0653 0x1410 PcaSvc - ok
14:51:40.0669 0x1410 [ BC0018C2D29F655188A0ED3FA94FDB24, BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
14:51:40.0685 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pccsmcfdx64.sys. md5: BC0018C2D29F655188A0ED3FA94FDB24, sha256: BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A
14:51:40.0685 0x1410 pccsmcfd - detected LockedFile.Multi.Generic ( 1 )
14:51:43.0135 0x1410 Detect skipped due to KSN trusted
14:51:43.0135 0x1410 pccsmcfd - ok
14:51:43.0166 0x1410 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
14:51:43.0166 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
14:51:43.0166 0x1410 pci - detected LockedFile.Multi.Generic ( 1 )
14:51:45.0554 0x1410 Detect skipped due to KSN trusted
14:51:45.0554 0x1410 pci - ok
14:51:45.0585 0x1410 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
14:51:45.0585 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
14:51:45.0585 0x1410 pciide - detected LockedFile.Multi.Generic ( 1 )
14:51:48.0020 0x1410 Detect skipped due to KSN trusted
14:51:48.0020 0x1410 pciide - ok
14:51:48.0051 0x1410 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:51:48.0051 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
14:51:48.0066 0x1410 pcmcia - detected LockedFile.Multi.Generic ( 1 )
14:51:50.0454 0x1410 Detect skipped due to KSN trusted
14:51:50.0454 0x1410 pcmcia - ok
14:51:50.0485 0x1410 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
14:51:50.0485 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
14:51:50.0501 0x1410 pcw - detected LockedFile.Multi.Generic ( 1 )
14:51:52.0889 0x1410 Detect skipped due to KSN trusted
14:51:52.0889 0x1410 pcw - ok
14:51:52.0951 0x1410 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:51:52.0951 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
14:51:52.0967 0x1410 PEAUTH - detected LockedFile.Multi.Generic ( 1 )
14:51:55.0417 0x1410 Detect skipped due to KSN trusted
14:51:55.0417 0x1410 PEAUTH - ok
14:51:55.0510 0x1410 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:51:55.0573 0x1410 PeerDistSvc - ok
14:51:55.0651 0x1410 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:51:55.0682 0x1410 PerfHost - ok
14:51:55.0791 0x1410 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
14:51:55.0869 0x1410 pla - ok
14:51:55.0901 0x1410 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:51:55.0916 0x1410 PlugPlay - ok
14:51:55.0947 0x1410 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:51:55.0979 0x1410 PNRPAutoReg - ok
14:51:56.0010 0x1410 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:51:56.0025 0x1410 PNRPsvc - ok
14:51:56.0072 0x1410 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:51:56.0135 0x1410 PolicyAgent - ok
14:51:56.0197 0x1410 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
14:51:56.0228 0x1410 Power - ok
14:51:56.0260 0x1410 [ B0E7D5D2CFAA6ED5F20EB8B84A35E593, 257A2DFB538E9849F50F3AD7B75FB093E6CCF49DB8BD840A769BE77DD7953AD0 ] pppop C:\Windows\system32\DRIVERS\pppop64.sys
14:51:56.0260 0x1410 pppop - ok
14:51:56.0291 0x1410 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:51:56.0291 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
14:51:56.0306 0x1410 PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
14:51:58.0678 0x1410 Detect skipped due to KSN trusted
14:51:58.0678 0x1410 PptpMiniport - ok
14:51:58.0710 0x1410 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:51:58.0710 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
14:51:58.0710 0x1410 Processor - detected LockedFile.Multi.Generic ( 1 )
14:52:01.0160 0x1410 Detect skipped due to KSN trusted
14:52:01.0160 0x1410 Processor - ok
14:52:01.0191 0x1410 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
14:52:01.0238 0x1410 ProfSvc - ok
14:52:01.0269 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:01.0269 0x1410 ProtectedStorage - ok
14:52:01.0300 0x1410 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:52:01.0300 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
14:52:01.0316 0x1410 Psched - detected LockedFile.Multi.Generic ( 1 )
14:52:03.0766 0x1410 Detect skipped due to KSN trusted
14:52:03.0766 0x1410 Psched - ok
14:52:03.0797 0x1410 [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:52:03.0797 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: 4712CC14E720ECCCC0AA16949D18AAF1, sha256: AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262
14:52:03.0797 0x1410 PxHlpa64 - detected LockedFile.Multi.Generic ( 1 )
14:52:06.0169 0x1410 Detect skipped due to KSN trusted
14:52:06.0169 0x1410 PxHlpa64 - ok
14:52:06.0232 0x1410 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:52:06.0232 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
14:52:06.0247 0x1410 ql2300 - detected LockedFile.Multi.Generic ( 1 )
14:52:08.0620 0x1410 Detect skipped due to KSN trusted
14:52:08.0620 0x1410 ql2300 - ok
14:52:08.0651 0x1410 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:52:08.0651 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
14:52:08.0666 0x1410 ql40xx - detected LockedFile.Multi.Generic ( 1 )
14:52:11.0101 0x1410 Detect skipped due to KSN trusted
14:52:11.0101 0x1410 ql40xx - ok
14:52:11.0148 0x1410 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
14:52:11.0163 0x1410 QWAVE - ok
14:52:11.0195 0x1410 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:52:11.0195 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
14:52:11.0210 0x1410 QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
14:52:13.0598 0x1410 Detect skipped due to KSN trusted
14:52:13.0598 0x1410 QWAVEdrv - ok
14:52:13.0629 0x1410 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:52:13.0629 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
14:52:13.0645 0x1410 RasAcd - detected LockedFile.Multi.Generic ( 1 )
14:52:16.0079 0x1410 Detect skipped due to KSN trusted
14:52:16.0079 0x1410 RasAcd - ok
14:52:16.0111 0x1410 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:16.0111 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
14:52:16.0111 0x1410 RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
14:52:18.0561 0x1410 Detect skipped due to KSN trusted
14:52:18.0561 0x1410 RasAgileVpn - ok
14:52:18.0592 0x1410 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
14:52:18.0639 0x1410 RasAuto - ok
14:52:18.0654 0x1410 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:18.0654 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
14:52:18.0670 0x1410 Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
14:52:21.0089 0x1410 Detect skipped due to KSN trusted
14:52:21.0089 0x1410 Rasl2tp - ok
14:52:21.0120 0x1410 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
14:52:21.0167 0x1410 RasMan - ok
14:52:21.0182 0x1410 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:21.0182 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
14:52:21.0182 0x1410 RasPppoe - detected LockedFile.Multi.Generic ( 1 )
14:52:23.0539 0x1410 Detect skipped due to KSN trusted
14:52:23.0539 0x1410 RasPppoe - ok
14:52:23.0555 0x1410 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:52:23.0555 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
14:52:23.0570 0x1410 RasSstp - detected LockedFile.Multi.Generic ( 1 )
14:52:25.0927 0x1410 Detect skipped due to KSN trusted
14:52:25.0927 0x1410 RasSstp - ok
14:52:25.0974 0x1410 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:52:25.0974 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
14:52:25.0974 0x1410 rdbss - detected LockedFile.Multi.Generic ( 1 )
14:52:28.0346 0x1410 Detect skipped due to KSN trusted
14:52:28.0346 0x1410 rdbss - ok
14:52:28.0377 0x1410 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:52:28.0377 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
14:52:28.0377 0x1410 rdpbus - detected LockedFile.Multi.Generic ( 1 )
14:52:30.0827 0x1410 Detect skipped due to KSN trusted
14:52:30.0827 0x1410 rdpbus - ok
14:52:30.0858 0x1410 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:30.0858 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
14:52:30.0874 0x1410 RDPCDD - detected LockedFile.Multi.Generic ( 1 )
14:52:33.0262 0x1410 Detect skipped due to KSN trusted
14:52:33.0262 0x1410 RDPCDD - ok
14:52:33.0308 0x1410 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:52:33.0308 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683, sha256: 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE
14:52:33.0324 0x1410 RDPDR - detected LockedFile.Multi.Generic ( 1 )
14:52:39.0145 0x1410 Detect skipped due to KSN trusted
14:52:39.0145 0x1410 RDPDR - ok
14:52:39.0161 0x1410 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:52:39.0161 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
14:52:39.0176 0x1410 RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
14:52:41.0705 0x1410 Detect skipped due to KSN trusted
14:52:41.0705 0x1410 RDPENCDD - ok
14:52:41.0736 0x1410 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:52:41.0736 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
14:52:41.0751 0x1410 RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
14:52:44.0123 0x1410 Detect skipped due to KSN trusted
14:52:44.0123 0x1410 RDPREFMP - ok
14:52:44.0155 0x1410 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:52:44.0155 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
14:52:44.0170 0x1410 RDPWD - detected LockedFile.Multi.Generic ( 1 )
14:52:46.0620 0x1410 Detect skipped due to KSN trusted
14:52:46.0620 0x1410 RDPWD - ok
14:52:46.0652 0x1410 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:52:46.0652 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
14:52:46.0683 0x1410 rdyboost - detected LockedFile.Multi.Generic ( 1 )
14:52:49.0055 0x1410 Detect skipped due to KSN trusted
14:52:49.0055 0x1410 rdyboost - ok
14:52:49.0086 0x1410 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
14:52:49.0117 0x1410 RealNetworks Downloader Resolver Service - ok
14:52:49.0273 0x1410 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:52:49.0320 0x1410 RemoteAccess - ok
14:52:49.0352 0x1410 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:52:49.0398 0x1410 RemoteRegistry - ok
14:52:49.0430 0x1410 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:52:49.0430 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932, sha256: 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D
14:52:49.0445 0x1410 RFCOMM - detected LockedFile.Multi.Generic ( 1 )
14:52:51.0880 0x1410 Detect skipped due to KSN trusted
14:52:51.0880 0x1410 RFCOMM - ok
14:52:51.0911 0x1410 [ 3DCA561AAF776AA2E356FB5B142AA5F8, E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
14:52:51.0911 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rimspe64.sys. md5: 3DCA561AAF776AA2E356FB5B142AA5F8, sha256: E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677
14:52:51.0927 0x1410 rimspci - detected LockedFile.Multi.Generic ( 1 )
14:52:54.0299 0x1410 Detect skipped due to KSN trusted
14:52:54.0299 0x1410 rimspci - ok
14:52:54.0330 0x1410 [ 380E98DB92B37A5792C962EC15BFB44C, 276F0BB59068F654BF915FB62A15E3369D40F3E0C740664BBD8DB52C6BAF9D3B ] risdpcie C:\Windows\system32\DRIVERS\risdpe64.sys
14:52:54.0330 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\risdpe64.sys. md5: 380E98DB92B37A5792C962EC15BFB44C, sha256: 276F0BB59068F654BF915FB62A15E3369D40F3E0C740664BBD8DB52C6BAF9D3B
14:52:54.0345 0x1410 risdpcie - detected LockedFile.Multi.Generic ( 1 )
14:52:56.0780 0x1410 Detect skipped due to KSN trusted
14:52:56.0780 0x1410 risdpcie - ok
14:52:56.0811 0x1410 [ A4579105A3C5B6290701EAD0C153E07A, C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
14:52:56.0811 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rixdpe64.sys. md5: A4579105A3C5B6290701EAD0C153E07A, sha256: C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC
14:52:56.0827 0x1410 rixdpcie - detected LockedFile.Multi.Generic ( 1 )
14:52:59.0183 0x1410 Detect skipped due to KSN trusted
14:52:59.0183 0x1410 rixdpcie - ok
14:52:59.0215 0x1410 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:52:59.0261 0x1410 RpcEptMapper - ok
14:52:59.0293 0x1410 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
14:52:59.0308 0x1410 RpcLocator - ok
14:52:59.0355 0x1410 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
14:52:59.0402 0x1410 RpcSs - ok
14:52:59.0433 0x1410 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:52:59.0433 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
14:52:59.0433 0x1410 rspndr - detected LockedFile.Multi.Generic ( 1 )
14:53:01.0805 0x1410 Detect skipped due to KSN trusted
14:53:01.0805 0x1410 rspndr - ok
14:53:01.0821 0x1410 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:53:01.0821 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581, sha256: E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D
14:53:01.0836 0x1410 s3cap - detected LockedFile.Multi.Generic ( 1 )
14:53:04.0271 0x1410 Detect skipped due to KSN trusted
14:53:04.0271 0x1410 s3cap - ok
14:53:04.0302 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
14:53:04.0318 0x1410 SamSs - ok
14:53:04.0349 0x1410 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:53:04.0349 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
14:53:04.0349 0x1410 sbp2port - detected LockedFile.Multi.Generic ( 1 )
14:53:06.0799 0x1410 Detect skipped due to KSN trusted
14:53:06.0799 0x1410 sbp2port - ok
14:53:06.0846 0x1410 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:53:06.0908 0x1410 SCardSvr - ok
14:53:06.0940 0x1410 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:53:06.0940 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
14:53:06.0955 0x1410 scfilter - detected LockedFile.Multi.Generic ( 1 )
14:53:09.0343 0x1410 Detect skipped due to KSN trusted
14:53:09.0343 0x1410 scfilter - ok
14:53:09.0437 0x1410 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
14:53:09.0499 0x1410 Schedule - ok
14:53:09.0530 0x1410 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:53:09.0577 0x1410 SCPolicySvc - ok
14:53:09.0608 0x1410 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:53:09.0624 0x1410 SDRSVC - ok
14:53:09.0655 0x1410 [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:53:09.0671 0x1410 SeaPort - ok
14:53:09.0702 0x1410 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:53:09.0702 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
14:53:09.0717 0x1410 secdrv - detected LockedFile.Multi.Generic ( 1 )
14:53:12.0152 0x1410 Detect skipped due to KSN trusted
14:53:12.0152 0x1410 secdrv - ok
14:53:12.0183 0x1410 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
14:53:12.0230 0x1410 seclogon - ok
14:53:12.0292 0x1410 [ 9C8580D9A5F3C08556D6ECA31848DC89, BF056CB404BC6C13D0640503C7C7214696C7BA0ABCDD3590010811A5429D0AF9 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
14:53:12.0370 0x1410 SecureStorageService - detected UnsignedFile.Multi.Generic ( 1 )
14:53:14.0758 0x1410 Detect skipped due to KSN trusted
14:53:14.0758 0x1410 SecureStorageService - ok
14:53:14.0805 0x1410 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
14:53:14.0852 0x1410 SENS - ok
14:53:14.0883 0x1410 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:53:14.0899 0x1410 SensrSvc - ok
14:53:14.0930 0x1410 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:53:14.0930 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
14:53:14.0946 0x1410 Serenum - detected LockedFile.Multi.Generic ( 1 )
14:53:17.0302 0x1410 Detect skipped due to KSN trusted
14:53:17.0302 0x1410 Serenum - ok
14:53:17.0333 0x1410 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:53:17.0333 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
14:53:17.0333 0x1410 Serial - detected LockedFile.Multi.Generic ( 1 )
14:53:19.0784 0x1410 Detect skipped due to KSN trusted
14:53:19.0784 0x1410 Serial - ok
14:53:19.0815 0x1410 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:53:19.0815 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
14:53:19.0830 0x1410 sermouse - detected LockedFile.Multi.Generic ( 1 )
14:53:22.0281 0x1410 Detect skipped due to KSN trusted
14:53:22.0281 0x1410 sermouse - ok
14:53:22.0343 0x1410 [ 7D3903AF48E6C1DC2704EAFCB608D031, 95B0F3F4958357C919ADF31D76744D16810325C7313767395521838F65DB3FE0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:53:22.0359 0x1410 ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
14:53:24.0747 0x1410 Detect skipped due to KSN trusted
14:53:24.0747 0x1410 ServiceLayer - ok
14:53:24.0825 0x1410 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
14:53:24.0888 0x1410 SessionEnv - ok
14:53:24.0903 0x1410 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:53:24.0903 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
14:53:24.0919 0x1410 sffdisk - detected LockedFile.Multi.Generic ( 1 )
14:53:27.0369 0x1410 Detect skipped due to KSN trusted
14:53:27.0369 0x1410 sffdisk - ok
14:53:27.0400 0x1410 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:53:27.0400 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
14:53:27.0416 0x1410 sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
14:53:29.0851 0x1410 Detect skipped due to KSN trusted
14:53:29.0851 0x1410 sffp_mmc - ok
14:53:29.0882 0x1410 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:53:29.0882 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
14:53:29.0898 0x1410 sffp_sd - detected LockedFile.Multi.Generic ( 1 )
14:53:32.0270 0x1410 Detect skipped due to KSN trusted
14:53:32.0270 0x1410 sffp_sd - ok
14:53:32.0301 0x1410 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:53:32.0301 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
14:53:32.0301 0x1410 sfloppy - detected LockedFile.Multi.Generic ( 1 )
14:53:34.0768 0x1410 Detect skipped due to KSN trusted
14:53:34.0768 0x1410 sfloppy - ok
14:53:34.0814 0x1410 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:53:34.0861 0x1410 SharedAccess - ok
14:53:34.0908 0x1410 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:53:34.0939 0x1410 ShellHWDetection - ok
14:53:34.0970 0x1410 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:53:34.0970 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
14:53:34.0986 0x1410 SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
14:53:37.0437 0x1410 Detect skipped due to KSN trusted
14:53:37.0437 0x1410 SiSRaid2 - ok
14:53:37.0452 0x1410 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:53:37.0452 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
14:53:37.0468 0x1410 SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
14:53:39.0903 0x1410 Detect skipped due to KSN trusted
14:53:39.0903 0x1410 SiSRaid4 - ok
14:53:39.0934 0x1410 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:53:39.0934 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
14:53:39.0934 0x1410 Smb - detected LockedFile.Multi.Generic ( 1 )
14:53:42.0416 0x1410 Detect skipped due to KSN trusted
14:53:42.0416 0x1410 Smb - ok
14:53:42.0462 0x1410 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:53:42.0478 0x1410 SNMPTRAP - ok
14:53:42.0509 0x1410 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
14:53:42.0509 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
14:53:42.0509 0x1410 spldr - detected LockedFile.Multi.Generic ( 1 )
14:53:44.0960 0x1410 Detect skipped due to KSN trusted
14:53:44.0960 0x1410 spldr - ok
14:53:45.0022 0x1410 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
14:53:45.0069 0x1410 Spooler - ok
14:53:45.0163 0x1410 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
14:53:45.0303 0x1410 sppsvc - ok
14:53:45.0350 0x1410 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:53:45.0381 0x1410 sppuinotify - ok
14:53:45.0428 0x1410 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:53:45.0428 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
14:53:45.0428 0x1410 srv - detected LockedFile.Multi.Generic ( 1 )
14:53:47.0816 0x1410 Detect skipped due to KSN trusted
14:53:47.0816 0x1410 srv - ok
14:53:47.0863 0x1410 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:53:47.0863 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
14:53:47.0879 0x1410 srv2 - detected LockedFile.Multi.Generic ( 1 )
14:53:50.0267 0x1410 Detect skipped due to KSN trusted
14:53:50.0267 0x1410 srv2 - ok
14:53:50.0298 0x1410 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:53:50.0298 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
14:53:50.0313 0x1410 srvnet - detected LockedFile.Multi.Generic ( 1 )
14:53:52.0686 0x1410 Detect skipped due to KSN trusted
14:53:52.0686 0x1410 srvnet - ok
14:53:52.0717 0x1410 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:53:52.0764 0x1410 SSDPSRV - ok
14:53:52.0811 0x1410 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:53:52.0873 0x1410 SstpSvc - ok
14:53:52.0936 0x1410 [ DAE7A8A33DF0635E6299640395037765, F401E7EDECEDDC8B9A11DF91E4DAC29D32BE5B0AE6AF34E3207F0FF2A3AB782A ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
14:53:53.0092 0x1410 STacSV - ok
14:53:53.0123 0x1410 [ C568FDB21CE77A44FD166F28F104AC46, 5D8675CE501EF9CE637FFBBC945E09184D54CF206BC3480B15170E50BCA43D6F ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys
14:53:53.0123 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stdfltn.sys. md5: C568FDB21CE77A44FD166F28F104AC46, sha256: 5D8675CE501EF9CE637FFBBC945E09184D54CF206BC3480B15170E50BCA43D6F
14:53:53.0123 0x1410 stdflt - detected LockedFile.Multi.Generic ( 1 )
14:53:55.0573 0x1410 Detect skipped due to KSN trusted
14:53:55.0573 0x1410 stdflt - ok
14:53:55.0917 0x1410 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:53:55.0917 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
14:53:55.0932 0x1410 stexstor - detected LockedFile.Multi.Generic ( 1 )
14:53:58.0289 0x1410 Detect skipped due to KSN trusted
14:53:58.0289 0x1410 stexstor - ok
14:53:58.0336 0x1410 [ 04906A6B1DD17D38795E28AF4F4392F9, 7B2AA7176EC2DB1B416EA1B3E84871F14D718387547F482AC5ABA2BF9B647A3D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
14:53:58.0336 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stwrt64.sys. md5: 04906A6B1DD17D38795E28AF4F4392F9, sha256: 7B2AA7176EC2DB1B416EA1B3E84871F14D718387547F482AC5ABA2BF9B647A3D
14:53:58.0336 0x1410 STHDA - detected LockedFile.Multi.Generic ( 1 )
14:54:00.0787 0x1410 Detect skipped due to KSN trusted
14:54:00.0787 0x1410 STHDA - ok
14:54:00.0865 0x1410 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
14:54:00.0896 0x1410 stisvc - ok
14:54:00.0927 0x1410 [ E476C66713C842F58E61A95826ED1D57, 33632E8AE6D868EAC7D676E4236E78A0B1E613C9A5FA2470A0419B2E9A6CAE4B ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:54:00.0943 0x1410 stllssvr - ok
14:54:00.0974 0x1410 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:54:00.0974 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7, sha256: F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B
14:54:00.0990 0x1410 storflt - detected LockedFile.Multi.Generic ( 1 )
14:54:03.0362 0x1410 Detect skipped due to KSN trusted
14:54:03.0362 0x1410 storflt - ok
14:54:03.0409 0x1410 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
14:54:03.0424 0x1410 StorSvc - ok
14:54:03.0456 0x1410 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:54:03.0456 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23, sha256: 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE
14:54:03.0471 0x1410 storvsc - detected LockedFile.Multi.Generic ( 1 )
14:54:05.0859 0x1410 Detect skipped due to KSN trusted
14:54:05.0859 0x1410 storvsc - ok
14:54:05.0875 0x1410 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
14:54:05.0875 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
14:54:05.0891 0x1410 swenum - detected LockedFile.Multi.Generic ( 1 )
14:54:08.0341 0x1410 Detect skipped due to KSN trusted
14:54:08.0341 0x1410 swenum - ok
14:54:08.0388 0x1410 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
14:54:08.0450 0x1410 swprv - ok
14:54:08.0513 0x1410 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
14:54:08.0591 0x1410 SysMain - ok
14:54:08.0622 0x1410 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:54:08.0653 0x1410 TabletInputService - ok
14:54:08.0700 0x1410 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:54:08.0747 0x1410 TapiSrv - ok
14:54:08.0778 0x1410 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
14:54:08.0825 0x1410 TBS - ok
14:54:08.0934 0x1410 [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:54:08.0934 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: DB74544B75566C974815E79A62433F29, sha256: 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4
14:54:08.0965 0x1410 Tcpip - detected LockedFile.Multi.Generic ( 1 )
14:54:11.0400 0x1410 Detect skipped due to KSN trusted
14:54:11.0400 0x1410 Tcpip - ok
14:54:11.0478 0x1410 [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:54:11.0478 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: DB74544B75566C974815E79A62433F29, sha256: 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4
14:54:11.0494 0x1410 TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
14:54:11.0494 0x1410 Detect skipped due to KSN trusted
14:54:11.0494 0x1410 TCPIP6 - ok
14:54:11.0541 0x1410 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:54:11.0541 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519, sha256: 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784
14:54:11.0541 0x1410 tcpipreg - detected LockedFile.Multi.Generic ( 1 )
14:54:13.0929 0x1410 Detect skipped due to KSN trusted
14:54:13.0929 0x1410 tcpipreg - ok
14:54:14.0007 0x1410 [ 69F1A38A6DBFE682491CB61A596662E3, A1FD47C8D4331132806205756F5793F2602442B233CAA0628FD27D8766321CE0 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:54:14.0054 0x1410 tcsd_win32.exe - detected UnsignedFile.Multi.Generic ( 1 )
14:54:16.0489 0x1410 Detect skipped due to KSN trusted
14:54:16.0489 0x1410 tcsd_win32.exe - ok
14:54:16.0598 0x1410 [ BF0F20805431965C47641847F33EE1A8, 2B314CBF2453BCB24A0B29D114CE8DCBE4ED8B78702B7579FDE4BAD3D6E2C3BD ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
14:54:16.0660 0x1410 TdmService - ok
14:54:16.0691 0x1410 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:54:16.0691 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
14:54:16.0691 0x1410 TDPIPE - detected LockedFile.Multi.Generic ( 1 )
14:54:19.0080 0x1410 Detect skipped due to KSN trusted
14:54:19.0080 0x1410 TDPIPE - ok
14:54:19.0095 0x1410 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:54:19.0095 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
14:54:19.0111 0x1410 TDTCP - detected LockedFile.Multi.Generic ( 1 )
14:54:21.0530 0x1410 Detect skipped due to KSN trusted
14:54:21.0530 0x1410 TDTCP - ok
14:54:21.0561 0x1410 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:54:21.0561 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
14:54:21.0577 0x1410 tdx - detected LockedFile.Multi.Generic ( 1 )
14:54:23.0965 0x1410 Detect skipped due to KSN trusted
14:54:23.0965 0x1410 tdx - ok
14:54:23.0996 0x1410 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
14:54:23.0996 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
14:54:24.0012 0x1410 TermDD - detected LockedFile.Multi.Generic ( 1 )
14:54:26.0447 0x1410 Detect skipped due to KSN trusted
14:54:26.0447 0x1410 TermDD - ok
14:54:26.0509 0x1410 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
14:54:26.0572 0x1410 TermService - ok
14:54:26.0603 0x1410 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
14:54:26.0618 0x1410 Themes - ok
14:54:26.0650 0x1410 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
14:54:26.0681 0x1410 THREADORDER - ok
14:54:26.0728 0x1410 tmlisten - ok
14:54:26.0743 0x1410 [ 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
14:54:26.0743 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tmtdi.sys. md5: 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, sha256: B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB
14:54:26.0759 0x1410 tmtdi - detected LockedFile.Multi.Generic ( 1 )
14:54:29.0147 0x1410 Detect skipped due to KSN trusted
14:54:29.0147 0x1410 tmtdi - ok
14:54:29.0194 0x1410 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
14:54:29.0256 0x1410 TrkWks - ok
14:54:29.0303 0x1410 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:54:29.0365 0x1410 TrustedInstaller - ok
14:54:29.0412 0x1410 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:29.0412 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300
14:54:29.0412 0x1410 tssecsrv - detected LockedFile.Multi.Generic ( 1 )
14:54:31.0847 0x1410 Detect skipped due to KSN trusted
14:54:31.0847 0x1410 tssecsrv - ok
14:54:31.0878 0x1410 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:54:31.0878 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
14:54:31.0894 0x1410 TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
14:54:34.0251 0x1410 Detect skipped due to KSN trusted
14:54:34.0251 0x1410 TsUsbFlt - ok
14:54:34.0282 0x1410 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:54:34.0282 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
14:54:34.0298 0x1410 tunnel - detected LockedFile.Multi.Generic ( 1 )
14:54:36.0748 0x1410 Detect skipped due to KSN trusted
14:54:36.0748 0x1410 tunnel - ok
14:54:36.0779 0x1410 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:54:36.0779 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
14:54:36.0795 0x1410 uagp35 - detected LockedFile.Multi.Generic ( 1 )
14:54:39.0152 0x1410 Detect skipped due to KSN trusted
14:54:39.0152 0x1410 uagp35 - ok
14:54:39.0183 0x1410 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:54:39.0183 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
14:54:39.0199 0x1410 udfs - detected LockedFile.Multi.Generic ( 1 )
14:54:41.0634 0x1410 Detect skipped due to KSN trusted
14:54:41.0634 0x1410 udfs - ok
14:54:41.0680 0x1410 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:54:41.0712 0x1410 UI0Detect - ok
14:54:41.0727 0x1410 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:54:41.0727 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
14:54:41.0743 0x1410 uliagpkx - detected LockedFile.Multi.Generic ( 1 )
14:54:44.0131 0x1410 Detect skipped due to KSN trusted
14:54:44.0131 0x1410 uliagpkx - ok
14:54:44.0162 0x1410 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
14:54:44.0162 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
14:54:44.0162 0x1410 umbus - detected LockedFile.Multi.Generic ( 1 )
14:54:46.0613 0x1410 Detect skipped due to KSN trusted
14:54:46.0613 0x1410 umbus - ok
14:54:46.0644 0x1410 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:54:46.0644 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
14:54:46.0644 0x1410 UmPass - detected LockedFile.Multi.Generic ( 1 )
14:54:49.0032 0x1410 Detect skipped due to KSN trusted
14:54:49.0032 0x1410 UmPass - ok
14:54:49.0079 0x1410 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
14:54:49.0110 0x1410 UmRdpService - ok
14:54:49.0141 0x1410 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
14:54:49.0188 0x1410 upnphost - ok
14:54:49.0204 0x1410 [ 4E93C8496359E97830C75AC36393654D, D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
14:54:49.0204 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys. md5: 4E93C8496359E97830C75AC36393654D, sha256: D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A
14:54:49.0219 0x1410 upperdev - detected LockedFile.Multi.Generic ( 1 )
14:54:51.0592 0x1410 Detect skipped due to KSN trusted
14:54:51.0592 0x1410 upperdev - ok
14:54:51.0623 0x1410 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:54:51.0623 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: C9E9D59C0099A9FF51697E9306A44240, sha256: 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1
14:54:51.0623 0x1410 USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
14:54:54.0073 0x1410 Detect skipped due to KSN trusted
14:54:54.0073 0x1410 USBAAPL64 - ok
14:54:54.0089 0x1410 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:54.0089 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
14:54:54.0105 0x1410 usbccgp - detected LockedFile.Multi.Generic ( 1 )
14:54:56.0539 0x1410 Detect skipped due to KSN trusted
14:54:56.0539 0x1410 usbccgp - ok
14:54:56.0571 0x1410 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:54:56.0571 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
14:54:56.0571 0x1410 usbcir - detected LockedFile.Multi.Generic ( 1 )
14:54:58.0959 0x1410 Detect skipped due to KSN trusted
14:54:58.0959 0x1410 usbcir - ok
14:54:58.0990 0x1410 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:54:58.0990 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
14:54:59.0006 0x1410 usbehci - detected LockedFile.Multi.Generic ( 1 )
14:55:01.0440 0x1410 Detect skipped due to KSN trusted
14:55:01.0440 0x1410 usbehci - ok
14:55:01.0487 0x1410 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:55:01.0487 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
14:55:01.0503 0x1410 usbhub - detected LockedFile.Multi.Generic ( 1 )
14:55:03.0953 0x1410 Detect skipped due to KSN trusted
14:55:03.0953 0x1410 usbhub - ok
14:55:03.0985 0x1410 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:55:03.0985 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
14:55:03.0985 0x1410 usbohci - detected LockedFile.Multi.Generic ( 1 )
14:55:06.0388 0x1410 Detect skipped due to KSN trusted
14:55:06.0388 0x1410 usbohci - ok
14:55:06.0420 0x1410 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:55:06.0420 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
14:55:06.0435 0x1410 usbprint - detected LockedFile.Multi.Generic ( 1 )
14:55:08.0808 0x1410 Detect skipped due to KSN trusted
14:55:08.0808 0x1410 usbprint - ok
14:55:08.0839 0x1410 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:55:08.0839 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: 9661DA76B4531B2DA272ECCE25A8AF24, sha256: FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637
14:55:08.0839 0x1410 usbscan - detected LockedFile.Multi.Generic ( 1 )
14:55:11.0289 0x1410 Detect skipped due to KSN trusted
14:55:11.0289 0x1410 usbscan - ok
14:55:11.0321 0x1410 [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser C:\Windows\system32\drivers\usbser.sys
14:55:11.0321 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbser.sys. md5: B57B4F0BEC4270A281B9F8537EB2FA04, sha256: 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382
14:55:11.0321 0x1410 usbser - detected LockedFile.Multi.Generic ( 1 )
14:55:13.0693 0x1410 Detect skipped due to KSN trusted
14:55:13.0693 0x1410 usbser - ok
14:55:13.0724 0x1410 [ 8844CB19A37B65E27049D4A7786726A9, 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
14:55:13.0724 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys. md5: 8844CB19A37B65E27049D4A7786726A9, sha256: 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59
14:55:13.0740 0x1410 UsbserFilt - detected LockedFile.Multi.Generic ( 1 )
14:55:16.0190 0x1410 Detect skipped due to KSN trusted
14:55:16.0190 0x1410 UsbserFilt - ok
14:55:16.0222 0x1410 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:55:16.0222 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: D76510CFA0FC09023077F22C2F979D86, sha256: 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439
14:55:16.0222 0x1410 USBSTOR - detected LockedFile.Multi.Generic ( 1 )
14:55:18.0610 0x1410 Detect skipped due to KSN trusted
14:55:18.0610 0x1410 USBSTOR - ok
14:55:18.0641 0x1410 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:55:18.0641 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
14:55:18.0641 0x1410 usbuhci - detected LockedFile.Multi.Generic ( 1 )
14:55:21.0076 0x1410 Detect skipped due to KSN trusted
14:55:21.0076 0x1410 usbuhci - ok
14:55:21.0107 0x1410 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:55:21.0107 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
14:55:21.0123 0x1410 usbvideo - detected LockedFile.Multi.Generic ( 1 )
14:55:23.0573 0x1410 Detect skipped due to KSN trusted
14:55:23.0573 0x1410 usbvideo - ok
14:55:23.0604 0x1410 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
14:55:23.0667 0x1410 UxSms - ok
14:55:23.0698 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
14:55:23.0714 0x1410 VaultSvc - ok
14:55:23.0729 0x1410 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:55:23.0729 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
14:55:23.0870 0x1410 vdrvroot - detected LockedFile.Multi.Generic ( 1 )
14:55:26.0273 0x1410 Detect skipped due to KSN trusted
14:55:26.0273 0x1410 vdrvroot - ok
14:55:26.0320 0x1410 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
14:55:26.0367 0x1410 vds - ok
14:55:26.0398 0x1410 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:55:26.0398 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
14:55:26.0414 0x1410 vga - detected LockedFile.Multi.Generic ( 1 )
14:55:28.0786 0x1410 Detect skipped due to KSN trusted
14:55:28.0786 0x1410 vga - ok
14:55:28.0802 0x1410 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:55:28.0802 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
14:55:28.0817 0x1410 VgaSave - detected LockedFile.Multi.Generic ( 1 )
14:55:31.0268 0x1410 Detect skipped due to KSN trusted
14:55:31.0268 0x1410 VgaSave - ok
14:55:31.0299 0x1410 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:55:31.0299 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
14:55:31.0315 0x1410 vhdmp - detected LockedFile.Multi.Generic ( 1 )
14:55:33.0750 0x1410 Detect skipped due to KSN trusted
14:55:33.0750 0x1410 vhdmp - ok
14:55:33.0765 0x1410 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
14:55:33.0765 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
14:55:33.0781 0x1410 viaide - detected LockedFile.Multi.Generic ( 1 )
14:55:36.0153 0x1410 Detect skipped due to KSN trusted
14:55:36.0153 0x1410 viaide - ok
14:55:36.0185 0x1410 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:55:36.0185 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F, sha256: 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691
14:55:36.0200 0x1410 vmbus - detected LockedFile.Multi.Generic ( 1 )
14:55:38.0681 0x1410 Detect skipped due to KSN trusted
14:55:38.0681 0x1410 vmbus - ok
14:55:38.0712 0x1410 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:55:38.0712 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187, sha256: 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4
14:55:38.0712 0x1410 VMBusHID - detected LockedFile.Multi.Generic ( 1 )
14:55:41.0284 0x1410 Detect skipped due to KSN trusted
14:55:41.0284 0x1410 VMBusHID - ok
14:55:41.0300 0x1410 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:55:41.0300 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
14:55:41.0315 0x1410 volmgr - detected LockedFile.Multi.Generic ( 1 )
14:55:43.0700 0x1410 Detect skipped due to KSN trusted
14:55:43.0700 0x1410 volmgr - ok
14:55:43.0747 0x1410 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:55:43.0747 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
14:55:43.0762 0x1410 volmgrx - detected LockedFile.Multi.Generic ( 1 )
14:55:46.0131 0x1410 Detect skipped due to KSN trusted
14:55:46.0131 0x1410 volmgrx - ok
14:55:46.0163 0x1410 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:55:46.0163 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
14:55:46.0178 0x1410 volsnap - detected LockedFile.Multi.Generic ( 1 )
14:55:48.0610 0x1410 Detect skipped due to KSN trusted
14:55:48.0610 0x1410 volsnap - ok
14:55:48.0641 0x1410 [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
14:55:48.0656 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: B4A73CA4EF9A02B9738CEA9AD5FE5917, sha256: B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166
14:55:48.0656 0x1410 vpcbus - detected LockedFile.Multi.Generic ( 1 )
14:55:51.0041 0x1410 Detect skipped due to KSN trusted
14:55:51.0041 0x1410 vpcbus - ok
14:55:51.0072 0x1410 [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:55:51.0072 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: E675FB2B48C54F09895482E2253B289C, sha256: 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2
14:55:51.0088 0x1410 vpcnfltr - detected LockedFile.Multi.Generic ( 1 )
14:55:53.0535 0x1410 Detect skipped due to KSN trusted
14:55:53.0535 0x1410 vpcnfltr - ok
14:55:53.0566 0x1410 [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
14:55:53.0566 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 5FB42082B0D19A0268705F1DD343DF20, sha256: 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9
14:55:53.0582 0x1410 vpcusb - detected LockedFile.Multi.Generic ( 1 )
14:55:55.0951 0x1410 Detect skipped due to KSN trusted
14:55:55.0951 0x1410 vpcusb - ok
14:55:55.0997 0x1410 [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
14:55:55.0997 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vpcvmm.sys. md5: 207B6539799CC1C112661A9B620DD233, sha256: 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6
14:55:55.0997 0x1410 vpcvmm - detected LockedFile.Multi.Generic ( 1 )
14:55:58.0444 0x1410 Detect skipped due to KSN trusted
14:55:58.0444 0x1410 vpcvmm - ok
14:55:58.0476 0x1410 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:55:58.0476 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
14:55:58.0491 0x1410 vsmraid - detected LockedFile.Multi.Generic ( 1 )
14:56:00.0938 0x1410 Detect skipped due to KSN trusted
14:56:00.0938 0x1410 vsmraid - ok
14:56:01.0016 0x1410 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
14:56:01.0203 0x1410 VSS - ok
14:56:01.0219 0x1410 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:56:01.0219 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
14:56:01.0234 0x1410 vwifibus - detected LockedFile.Multi.Generic ( 1 )
14:56:03.0619 0x1410 Detect skipped due to KSN trusted
14:56:03.0619 0x1410 vwifibus - ok
14:56:03.0650 0x1410 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:56:03.0650 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
14:56:03.0666 0x1410 vwififlt - detected LockedFile.Multi.Generic ( 1 )
14:56:06.0113 0x1410 Detect skipped due to KSN trusted
14:56:06.0113 0x1410 vwififlt - ok
14:56:06.0144 0x1410 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:56:06.0144 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
14:56:06.0144 0x1410 vwifimp - detected LockedFile.Multi.Generic ( 1 )
14:56:08.0529 0x1410 Detect skipped due to KSN trusted
14:56:08.0529 0x1410 vwifimp - ok
14:56:08.0560 0x1410 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
14:56:08.0607 0x1410 W32Time - ok
14:56:08.0638 0x1410 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:56:08.0638 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
14:56:08.0653 0x1410 WacomPen - detected LockedFile.Multi.Generic ( 1 )
14:56:11.0069 0x1410 Detect skipped due to KSN trusted
14:56:11.0069 0x1410 WacomPen - ok
14:56:11.0100 0x1410 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:56:11.0100 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
14:56:11.0116 0x1410 WANARP - detected LockedFile.Multi.Generic ( 1 )
14:56:13.0485 0x1410 Detect skipped due to KSN trusted
14:56:13.0485 0x1410 WANARP - ok
14:56:13.0516 0x1410 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:56:13.0516 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
14:56:13.0532 0x1410 Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
14:56:13.0532 0x1410 Detect skipped due to KSN trusted
14:56:13.0532 0x1410 Wanarpv6 - ok
14:56:13.0610 0x1410 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
14:56:13.0656 0x1410 wbengine - ok
14:56:13.0688 0x1410 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:56:13.0703 0x1410 WbioSrvc - ok
14:56:13.0734 0x1410 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:56:13.0766 0x1410 wcncsvc - ok
14:56:13.0797 0x1410 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:56:13.0828 0x1410 WcsPlugInService - ok
14:56:13.0843 0x1410 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:56:13.0843 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
14:56:13.0843 0x1410 Wd - detected LockedFile.Multi.Generic ( 1 )
14:56:16.0290 0x1410 Detect skipped due to KSN trusted
14:56:16.0290 0x1410 Wd - ok
14:56:16.0337 0x1410 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:56:16.0337 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
14:56:16.0337 0x1410 Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
14:56:18.0722 0x1410 Detect skipped due to KSN trusted
14:56:18.0722 0x1410 Wdf01000 - ok
14:56:18.0769 0x1410 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:56:18.0831 0x1410 WdiServiceHost - ok
14:56:18.0862 0x1410 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:56:18.0893 0x1410 WdiSystemHost - ok
14:56:18.0940 0x1410 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
14:56:18.0971 0x1410 WebClient - ok
14:56:19.0002 0x1410 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:56:19.0049 0x1410 Wecsvc - ok
14:56:19.0080 0x1410 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:56:19.0112 0x1410 wercplsupport - ok
14:56:19.0143 0x1410 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
14:56:19.0174 0x1410 WerSvc - ok
14:56:19.0190 0x1410 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:56:19.0190 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
14:56:19.0205 0x1410 WfpLwf - detected LockedFile.Multi.Generic ( 1 )
14:56:21.0652 0x1410 Detect skipped due to KSN trusted
14:56:21.0652 0x1410 WfpLwf - ok
14:56:21.0683 0x1410 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:56:21.0683 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
14:56:21.0699 0x1410 WIMMount - detected LockedFile.Multi.Generic ( 1 )
14:56:24.0146 0x1410 Detect skipped due to KSN trusted
14:56:24.0146 0x1410 WIMMount - ok
14:56:24.0177 0x1410 WinDefend - ok
14:56:24.0224 0x1410 WinHttpAutoProxySvc - ok
14:56:24.0271 0x1410 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:56:24.0317 0x1410 Winmgmt - ok
14:56:24.0395 0x1410 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
14:56:24.0489 0x1410 WinRM - ok
14:56:24.0551 0x1410 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:56:24.0551 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
14:56:24.0567 0x1410 WinUsb - detected LockedFile.Multi.Generic ( 1 )
14:56:26.0951 0x1410 Detect skipped due to KSN trusted
14:56:26.0951 0x1410 WinUsb - ok
14:56:27.0029 0x1410 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:56:27.0060 0x1410 Wlansvc - ok
14:56:27.0076 0x1410 [ 8097878196EFAA50A70B42AEF8225A61, A3EE52793A612425B0EA0769F3EFDE6668F37D743D89DEBC13E1B410C80ADB66 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
14:56:27.0092 0x1410 wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
14:56:29.0523 0x1410 Detect skipped due to KSN trusted
14:56:29.0523 0x1410 wltrysvc - ok
14:56:29.0554 0x1410 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:56:29.0554 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
14:56:29.0570 0x1410 WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
14:56:31.0923 0x1410 Detect skipped due to KSN trusted
14:56:31.0923 0x1410 WmiAcpi - ok
14:56:31.0970 0x1410 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:56:31.0986 0x1410 wmiApSrv - ok
14:56:32.0001 0x1410 WMPNetworkSvc - ok
14:56:32.0032 0x1410 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:56:32.0064 0x1410 WPCSvc - ok
14:56:32.0079 0x1410 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:56:32.0110 0x1410 WPDBusEnum - ok
14:56:32.0126 0x1410 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:56:32.0126 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
14:56:32.0126 0x1410 ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
14:56:34.0511 0x1410 Detect skipped due to KSN trusted
14:56:34.0511 0x1410 ws2ifsl - ok
14:56:34.0557 0x1410 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
14:56:34.0573 0x1410 wscsvc - ok
14:56:34.0604 0x1410 WSearch - ok
14:56:34.0682 0x1410 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
14:56:34.0760 0x1410 wuauserv - ok
14:56:34.0791 0x1410 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:56:34.0791 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C, sha256: 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9
14:56:34.0807 0x1410 WudfPf - detected LockedFile.Multi.Generic ( 1 )
14:56:37.0238 0x1410 Detect skipped due to KSN trusted
14:56:37.0238 0x1410 WudfPf - ok
14:56:37.0269 0x1410 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:56:37.0269 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682, sha256: FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF
14:56:37.0285 0x1410 WUDFRd - detected LockedFile.Multi.Generic ( 1 )
14:56:39.0670 0x1410 Detect skipped due to KSN trusted
14:56:39.0670 0x1410 WUDFRd - ok
14:56:39.0701 0x1410 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:56:39.0748 0x1410 wudfsvc - ok
14:56:39.0779 0x1410 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:56:39.0794 0x1410 WwanSvc - ok
14:56:39.0872 0x1410 ================ Scan global ===============================
14:56:39.0903 0x1410 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:56:39.0903 0x1410 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:56:39.0919 0x1410 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:56:39.0919 0x1410 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:56:39.0935 0x1410 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:56:39.0950 0x1410 [ Global ] - ok
14:56:39.0950 0x1410 ================ Scan MBR ==================================
14:56:39.0950 0x1410 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:56:40.0168 0x1410 \Device\Harddisk0\DR0 - ok
14:56:40.0184 0x1410 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk1\DR1
14:56:40.0231 0x1410 \Device\Harddisk1\DR1 - ok
14:56:40.0231 0x1410 ================ Scan VBR ==================================
14:56:40.0246 0x1410 [ 1C1C7641746ED2092B7EFE2B54E2C41A ] \Device\Harddisk0\DR0\Partition1
14:56:40.0246 0x1410 \Device\Harddisk0\DR0\Partition1 - ok
14:56:40.0246 0x1410 [ 0A53DDE415C9AC3B70B1A1F5E9E90CCB ] \Device\Harddisk0\DR0\Partition2
14:56:40.0246 0x1410 \Device\Harddisk0\DR0\Partition2 - ok
14:56:40.0246 0x1410 [ 64CBCA4A18DEEF39A7C1D22C8CA24A21 ] \Device\Harddisk0\DR0\Partition3
14:56:40.0246 0x1410 \Device\Harddisk0\DR0\Partition3 - ok
14:56:40.0262 0x1410 [ 25DE6E919F88779E23ACC9E62FC2E446 ] \Device\Harddisk1\DR1\Partition1
14:56:40.0262 0x1410 \Device\Harddisk1\DR1\Partition1 - ok
14:56:40.0262 0x1410 Waiting for KSN requests completion. In queue: 2
14:56:41.0275 0x1410 Waiting for KSN requests completion. In queue: 2
14:56:42.0288 0x1410 Waiting for KSN requests completion. In queue: 2
14:56:43.0317 0x1410 AV detected via SS2: Trend Micro OfficeScan Virenschutz, C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pccntmon.exe ( ), 0x41000 ( enabled : updated )
14:56:43.0317 0x1410 Win FW state via NFP2: enabled
14:56:45.0717 0x1410 ============================================================
14:56:45.0717 0x1410 Scan finished
14:56:45.0717 0x1410 ============================================================
14:56:45.0733 0x0fa0 Detected object count: 1
14:56:45.0733 0x0fa0 Actual detected object count: 1
15:02:50.0564 0x0fa0 35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - skipped by user
15:02:50.0564 0x0fa0 35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - User select action: Skip

schrauber · 29.03.2014, 09:49

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Drücke auf Start Scan.
Mache während dem Scan nichts am Rechner
Gehe sicher das Cure ( default ) angehackt ist !
Drücke Continue --> Reboot.

TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

seeufirst · 02.04.2014, 07:16

Hier das Log Teil 1:

Code:

ATTFilter

16:34:47.0640 0x096c  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
16:34:47.0968 0x096c  ============================================================
16:34:47.0968 0x096c  Current date / time: 2014/04/01 16:34:47.0968
16:34:47.0968 0x096c  SystemInfo:
16:34:47.0968 0x096c  
16:34:47.0968 0x096c  OS Version: 6.1.7601 ServicePack: 1.0
16:34:47.0968 0x096c  Product type: Workstation
16:34:47.0968 0x096c  ComputerName: 53MPRM1
16:34:47.0968 0x096c  UserName: USERNAME
16:34:47.0968 0x096c  Windows directory: C:\Windows
16:34:47.0968 0x096c  System windows directory: C:\Windows
16:34:47.0968 0x096c  Running under WOW64
16:34:47.0968 0x096c  Processor architecture: Intel x64
16:34:47.0968 0x096c  Number of processors: 4
16:34:47.0968 0x096c  Page size: 0x1000
16:34:47.0968 0x096c  Boot type: Normal boot
16:34:47.0968 0x096c  ============================================================
16:34:49.0044 0x096c  BG loaded
16:34:49.0184 0x096c  System UUID: {842690FA-9028-204A-2AB9-2B4C64A8E7F8}
16:34:50.0027 0x096c  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:34:50.0027 0x096c  Drive \Device\Harddisk1\DR1 - Size: 0x76D8B0000 (29.71 Gb), SectorSize: 0x200, Cylinders: 0xF26, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:34:50.0042 0x096c  ============================================================
16:34:50.0042 0x096c  \Device\Harddisk0\DR0:
16:34:50.0042 0x096c  MBR partitions:
16:34:50.0042 0x096c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
16:34:50.0042 0x096c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0xCD1BAB0
16:34:50.0042 0x096c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0xEA7C800, BlocksNum 0x3FF000
16:34:50.0042 0x096c  \Device\Harddisk1\DR1:
16:34:50.0042 0x096c  MBR partitions:
16:34:50.0042 0x096c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3B69F67
16:34:50.0042 0x096c  ============================================================
16:34:50.0042 0x096c  C: <-> \Device\Harddisk0\DR0\Partition2
16:34:50.0042 0x096c  D: <-> \Device\Harddisk0\DR0\Partition3
16:34:50.0042 0x096c  W: <-> \Device\Harddisk1\DR1\Partition1
16:34:50.0042 0x096c  ============================================================
16:34:50.0042 0x096c  Initialize success
16:34:50.0042 0x096c  ============================================================
16:35:05.0385 0x1470  ============================================================
16:35:05.0385 0x1470  Scan started
16:35:05.0385 0x1470  Mode: Manual; SigCheck; TDLFS; 
16:35:05.0385 0x1470  ============================================================
16:35:05.0385 0x1470  KSN ping started
16:35:08.0086 0x1470  KSN ping finished: true
16:35:09.0007 0x1470  ================ Scan system memory ========================
16:35:09.0007 0x1470  System memory - ok
16:35:09.0007 0x1470  ================ Scan services =============================
16:35:09.0116 0x1470  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:35:10.0490 0x1470  1394ohci - ok
16:35:10.0505 0x1470  Suspicious service (NoAccess): 35e788ab90485f7f
16:35:10.0505 0x1470  [ B78C57637978C08E45DD946F908594F5, 90DBE63BB845F4A01314DC1EC284E163B39E112BA6A3929D6F7588276E0EFA68 ] 35e788ab90485f7f C:\Windows\System32\Drivers\35e788ab90485f7f.sys
16:35:10.0505 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\35e788ab90485f7f.sys. md5: B78C57637978C08E45DD946F908594F5, sha256: 90DBE63BB845F4A01314DC1EC284E163B39E112BA6A3929D6F7588276E0EFA68
16:35:10.0521 0x1470  35e788ab90485f7f - detected Rootkit.Win32.Necurs.gen ( 0 )
16:35:12.0940 0x1470  35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - infected
16:35:12.0940 0x1470  Force sending object to P2P due to detect: C:\Windows\System32\Drivers\35e788ab90485f7f.sys
16:35:16.0343 0x1470  Object send P2P result: true
16:35:18.0747 0x1470  A2DDA - ok
16:35:18.0747 0x1470  [ 627371B2D48F64CECC4D019114FB140D, B91698550BD899C208CC57F1ABE00D530D9FDC4559E3E1C0A04A27E7D4C7CE9D ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
16:35:18.0763 0x1470  Acceler - ok
16:35:18.0778 0x1470  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:35:18.0794 0x1470  ACPI - ok
16:35:18.0794 0x1470  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:35:18.0825 0x1470  AcpiPmi - ok
16:35:18.0841 0x1470  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:35:18.0841 0x1470  AdobeARMservice - ok
16:35:18.0919 0x1470  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:35:18.0934 0x1470  AdobeFlashPlayerUpdateSvc - ok
16:35:18.0950 0x1470  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:35:18.0966 0x1470  adp94xx - ok
16:35:18.0981 0x1470  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:35:18.0997 0x1470  adpahci - ok
16:35:18.0997 0x1470  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:35:19.0012 0x1470  adpu320 - ok
16:35:19.0028 0x1470  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:35:19.0090 0x1470  AeLookupSvc - ok
16:35:19.0137 0x1470  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
16:35:19.0153 0x1470  AESTFilters - ok
16:35:19.0169 0x1470  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
16:35:19.0169 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\afd.sys. md5: 79059559E89D06E8B80CE2944BE20228, sha256: 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE
16:35:19.0169 0x1470  AFD - detected LockedFile.Multi.Generic ( 1 )
16:35:21.0838 0x1470  Detect skipped due to KSN trusted
16:35:21.0838 0x1470  AFD - ok
16:35:21.0838 0x1470  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:35:21.0853 0x1470  agp440 - ok
16:35:21.0869 0x1470  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:35:21.0885 0x1470  ALG - ok
16:35:21.0885 0x1470  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:35:21.0900 0x1470  aliide - ok
16:35:21.0900 0x1470  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:35:21.0900 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdide.sys. md5: 1FF8B4431C353CE385C875F194924C0C, sha256: 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720
16:35:21.0900 0x1470  amdide - detected LockedFile.Multi.Generic ( 1 )
16:35:24.0304 0x1470  Detect skipped due to KSN trusted
16:35:24.0304 0x1470  amdide - ok
16:35:24.0351 0x1470  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:35:24.0351 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdk8.sys. md5: 7024F087CFF1833A806193EF9D22CDA9, sha256: E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529
16:35:24.0351 0x1470  AmdK8 - detected LockedFile.Multi.Generic ( 1 )
16:35:26.0708 0x1470  Detect skipped due to KSN trusted
16:35:26.0708 0x1470  AmdK8 - ok
16:35:26.0708 0x1470  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:35:26.0708 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdppm.sys. md5: 1E56388B3FE0D031C44144EB8C4D6217, sha256: E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487
16:35:26.0708 0x1470  AmdPPM - detected LockedFile.Multi.Generic ( 1 )
16:35:29.0159 0x1470  Detect skipped due to KSN trusted
16:35:29.0159 0x1470  AmdPPM - ok
16:35:29.0174 0x1470  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:35:29.0174 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdsata.sys. md5: 6EC6D772EAE38DC17C14AED9B178D24B, sha256: B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6
16:35:29.0174 0x1470  amdsata - detected LockedFile.Multi.Generic ( 1 )
16:35:31.0594 0x1470  Detect skipped due to KSN trusted
16:35:31.0594 0x1470  amdsata - ok
16:35:31.0609 0x1470  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:35:31.0609 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdsbs.sys. md5: F67F933E79241ED32FF46A4F29B5120B, sha256: D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8
16:35:31.0609 0x1470  amdsbs - detected LockedFile.Multi.Generic ( 1 )
16:35:33.0966 0x1470  Detect skipped due to KSN trusted
16:35:33.0966 0x1470  amdsbs - ok
16:35:34.0060 0x1470  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:35:34.0060 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdxata.sys. md5: 1142A21DB581A84EA5597B03A26EBAA0, sha256: F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343
16:35:34.0060 0x1470  amdxata - detected LockedFile.Multi.Generic ( 1 )
16:35:36.0433 0x1470  Detect skipped due to KSN trusted
16:35:36.0433 0x1470  amdxata - ok
16:35:36.0448 0x1470  [ 4B92F0063C633BD4FDBD7D76977F65B3, DC18AB4FFA2893D664D464B3862E587A920C3A92A5D02E9E46710FB6F28CE0DE ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:35:36.0448 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Apfiltr.sys. md5: 4B92F0063C633BD4FDBD7D76977F65B3, sha256: DC18AB4FFA2893D664D464B3862E587A920C3A92A5D02E9E46710FB6F28CE0DE
16:35:36.0448 0x1470  ApfiltrService - detected LockedFile.Multi.Generic ( 1 )
16:35:38.0805 0x1470  Detect skipped due to KSN trusted
16:35:38.0805 0x1470  ApfiltrService - ok
16:35:38.0805 0x1470  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
16:35:38.0805 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\appid.sys. md5: 89A69C3F2F319B43379399547526D952, sha256: 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A
16:35:38.0805 0x1470  AppID - detected LockedFile.Multi.Generic ( 1 )
16:35:41.0240 0x1470  Detect skipped due to KSN trusted
16:35:41.0240 0x1470  AppID - ok
16:35:41.0240 0x1470  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:35:41.0287 0x1470  AppIDSvc - ok
16:35:41.0287 0x1470  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
16:35:41.0303 0x1470  Appinfo - ok
16:35:41.0318 0x1470  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:35:41.0334 0x1470  Apple Mobile Device - ok
16:35:41.0349 0x1470  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:35:41.0365 0x1470  AppMgmt - ok
16:35:41.0365 0x1470  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:35:41.0365 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arc.sys. md5: C484F8CEB1717C540242531DB7845C4E, sha256: C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6
16:35:41.0365 0x1470  arc - detected LockedFile.Multi.Generic ( 1 )
16:35:43.0738 0x1470  Detect skipped due to KSN trusted
16:35:43.0738 0x1470  arc - ok
16:35:43.0738 0x1470  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:35:43.0738 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019AF6924AEFE7839F61C830227FE79C, sha256: 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A
16:35:43.0738 0x1470  arcsas - detected LockedFile.Multi.Generic ( 1 )
16:35:46.0126 0x1470  Detect skipped due to KSN trusted
16:35:46.0126 0x1470  arcsas - ok
16:35:46.0142 0x1470  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:35:46.0142 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242, sha256: 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26
16:35:46.0142 0x1470  AsyncMac - detected LockedFile.Multi.Generic ( 1 )
16:35:48.0561 0x1470  Detect skipped due to KSN trusted
16:35:48.0561 0x1470  AsyncMac - ok
16:35:48.0561 0x1470  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:35:48.0561 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
16:35:48.0561 0x1470  atapi - detected LockedFile.Multi.Generic ( 1 )
16:35:50.0949 0x1470  Detect skipped due to KSN trusted
16:35:50.0949 0x1470  atapi - ok
16:35:50.0980 0x1470  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:35:51.0105 0x1470  AudioEndpointBuilder - ok
16:35:51.0121 0x1470  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:35:51.0168 0x1470  AudioSrv - ok
16:35:51.0183 0x1470  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:35:51.0215 0x1470  AxInstSV - ok
16:35:51.0230 0x1470  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:35:51.0230 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842, sha256: DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580
16:35:51.0230 0x1470  b06bdrv - detected LockedFile.Multi.Generic ( 1 )
16:35:53.0618 0x1470  Detect skipped due to KSN trusted
16:35:53.0618 0x1470  b06bdrv - ok
16:35:53.0634 0x1470  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:35:53.0634 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2, sha256: 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA
16:35:53.0650 0x1470  b57nd60a - detected LockedFile.Multi.Generic ( 1 )
16:35:56.0022 0x1470  Detect skipped due to KSN trusted
16:35:56.0022 0x1470  b57nd60a - ok
16:35:56.0038 0x1470  [ 50D45E314B13F70BF328D783868E6EA6, E22F30E7602D4EC0BEAA1E0DE7FF518B7B49556536C1F9E6C6308327CDEA4CA6 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
16:35:56.0038 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BCM42RLY.sys. md5: 50D45E314B13F70BF328D783868E6EA6, sha256: E22F30E7602D4EC0BEAA1E0DE7FF518B7B49556536C1F9E6C6308327CDEA4CA6
16:35:56.0038 0x1470  BCM42RLY - detected LockedFile.Multi.Generic ( 1 )
16:35:58.0426 0x1470  Detect skipped due to KSN trusted
16:35:58.0426 0x1470  BCM42RLY - ok
16:35:58.0520 0x1470  [ D84B17B03376ACBB7717928071429707, D7A0CD7E3F1A1BD5A0B27FA937004DEF8F02CBC7526D380A19630B7424025BF4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
16:35:58.0520 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bcmwl664.sys. md5: D84B17B03376ACBB7717928071429707, sha256: D7A0CD7E3F1A1BD5A0B27FA937004DEF8F02CBC7526D380A19630B7424025BF4
16:35:58.0520 0x1470  BCM43XX - detected LockedFile.Multi.Generic ( 1 )
16:36:00.0892 0x1470  Detect skipped due to KSN trusted
16:36:00.0892 0x1470  BCM43XX - ok
16:36:00.0924 0x1470  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:36:00.0955 0x1470  BDESVC - ok
16:36:00.0955 0x1470  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:36:00.0955 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746, sha256: 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024
16:36:00.0955 0x1470  Beep - detected LockedFile.Multi.Generic ( 1 )
16:36:03.0390 0x1470  Detect skipped due to KSN trusted
16:36:03.0390 0x1470  Beep - ok
16:36:03.0421 0x1470  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:36:03.0452 0x1470  BFE - ok
16:36:03.0468 0x1470  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:36:03.0577 0x1470  BITS - ok
16:36:03.0577 0x1470  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:36:03.0593 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3, sha256: 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811
16:36:03.0593 0x1470  blbdrive - detected LockedFile.Multi.Generic ( 1 )
16:36:05.0966 0x1470  Detect skipped due to KSN trusted
16:36:05.0966 0x1470  blbdrive - ok
16:36:05.0997 0x1470  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:36:06.0012 0x1470  Bonjour Service - ok
16:36:06.0012 0x1470  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:36:06.0012 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5, sha256: AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28
16:36:06.0012 0x1470  bowser - detected LockedFile.Multi.Generic ( 1 )
16:36:08.0402 0x1470  Detect skipped due to KSN trusted
16:36:08.0402 0x1470  bowser - ok
16:36:08.0417 0x1470  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:36:08.0417 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8, sha256: 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3
16:36:08.0417 0x1470  BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
16:36:10.0805 0x1470  Detect skipped due to KSN trusted
16:36:10.0805 0x1470  BrFiltLo - ok
16:36:10.0805 0x1470  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:36:10.0805 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6, sha256: 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C
16:36:10.0805 0x1470  BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
16:36:13.0194 0x1470  Detect skipped due to KSN trusted
16:36:13.0194 0x1470  BrFiltUp - ok
16:36:13.0209 0x1470  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:36:13.0241 0x1470  Browser - ok
16:36:13.0241 0x1470  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:36:13.0241 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD, sha256: 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272
16:36:13.0256 0x1470  Brserid - detected LockedFile.Multi.Generic ( 1 )
16:36:15.0660 0x1470  Detect skipped due to KSN trusted
16:36:15.0660 0x1470  Brserid - ok
16:36:15.0676 0x1470  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:36:15.0676 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
16:36:15.0676 0x1470  BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
16:36:18.0126 0x1470  Detect skipped due to KSN trusted
16:36:18.0126 0x1470  BrSerWdm - ok
16:36:18.0142 0x1470  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:36:18.0142 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
16:36:18.0142 0x1470  BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
16:36:20.0530 0x1470  Detect skipped due to KSN trusted
16:36:20.0530 0x1470  BrUsbMdm - ok
16:36:20.0530 0x1470  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:36:20.0530 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
16:36:20.0530 0x1470  BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
16:36:22.0918 0x1470  Detect skipped due to KSN trusted
16:36:22.0918 0x1470  BrUsbSer - ok
16:36:22.0918 0x1470  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:36:22.0918 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BthEnum.sys. md5: CF98190A94F62E405C8CB255018B2315, sha256: E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781
16:36:22.0918 0x1470  BthEnum - detected LockedFile.Multi.Generic ( 1 )
16:36:25.0307 0x1470  Detect skipped due to KSN trusted
16:36:25.0307 0x1470  BthEnum - ok
16:36:25.0322 0x1470  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:36:25.0322 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
16:36:25.0322 0x1470  BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
16:36:27.0773 0x1470  Detect skipped due to KSN trusted
16:36:27.0773 0x1470  BTHMODEM - ok
16:36:27.0788 0x1470  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:36:27.0788 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthpan.sys. md5: 02DD601B708DD0667E1331FA8518E9FF, sha256: 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1
16:36:27.0788 0x1470  BthPan - detected LockedFile.Multi.Generic ( 1 )
16:36:30.0177 0x1470  Detect skipped due to KSN trusted
16:36:30.0177 0x1470  BthPan - ok
16:36:30.0208 0x1470  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:36:30.0208 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHport.sys. md5: 64C198198501F7560EE41D8D1EFA7952, sha256: 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0
16:36:30.0208 0x1470  BTHPORT - detected LockedFile.Multi.Generic ( 1 )
16:36:32.0612 0x1470  Detect skipped due to KSN trusted
16:36:32.0612 0x1470  BTHPORT - ok
16:36:32.0627 0x1470  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:36:32.0690 0x1470  bthserv - ok
16:36:32.0705 0x1470  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:36:32.0705 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHUSB.sys. md5: F188B7394D81010767B6DF3178519A37, sha256: 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B
16:36:32.0705 0x1470  BTHUSB - detected LockedFile.Multi.Generic ( 1 )
16:36:35.0140 0x1470  Detect skipped due to KSN trusted
16:36:35.0140 0x1470  BTHUSB - ok
16:36:35.0156 0x1470  [ 2D19C44A9D0E175BC93D23C562A0AA01, 0298E3D57472F1848E217FFE9B7B67792CD9643B2BE879723067F987ED98C31F ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
16:36:35.0172 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwampfl.sys. md5: 2D19C44A9D0E175BC93D23C562A0AA01, sha256: 0298E3D57472F1848E217FFE9B7B67792CD9643B2BE879723067F987ED98C31F
16:36:35.0172 0x1470  btwampfl - detected LockedFile.Multi.Generic ( 1 )
16:36:37.0622 0x1470  Detect skipped due to KSN trusted
16:36:37.0622 0x1470  btwampfl - ok
16:36:37.0638 0x1470  [ AD4B38BF35896778236B40CF453F58AA, 1CE0007090AD07F852C0FE25DB17054D9942D487A11F9DF38A96C0B51ED817D6 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
16:36:37.0638 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: AD4B38BF35896778236B40CF453F58AA, sha256: 1CE0007090AD07F852C0FE25DB17054D9942D487A11F9DF38A96C0B51ED817D6
16:36:37.0638 0x1470  btwaudio - detected LockedFile.Multi.Generic ( 1 )
16:36:40.0026 0x1470  Detect skipped due to KSN trusted
16:36:40.0026 0x1470  btwaudio - ok
16:36:40.0042 0x1470  [ C2A11549E72841EF9FC5AF14C7F29233, FBF280AA92F74EAF73BCB3D8DF864C05D3BFF5E67A2B1756180664FC5D8349FA ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
16:36:40.0042 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwavdt.sys. md5: C2A11549E72841EF9FC5AF14C7F29233, sha256: FBF280AA92F74EAF73BCB3D8DF864C05D3BFF5E67A2B1756180664FC5D8349FA
16:36:40.0042 0x1470  btwavdt - detected LockedFile.Multi.Generic ( 1 )
16:36:42.0430 0x1470  Detect skipped due to KSN trusted
16:36:42.0430 0x1470  btwavdt - ok
16:36:42.0477 0x1470  [ 3D13849A1F9E7C61096294B955EFCDF2, BEF5CC432611367708EEDC1C3CB9D43AB4B9DA53A1E81D3B8DC54CE12BE1E805 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:36:42.0508 0x1470  btwdins - ok
16:36:42.0508 0x1470  [ 06E96CF5C046F7CAB4AA131DF6E2B9BC, D3957A55E5BB614203E187460232F8701CF54599EEC9A0D2146952D75405A44F ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
16:36:42.0508 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwl2cap.sys. md5: 06E96CF5C046F7CAB4AA131DF6E2B9BC, sha256: D3957A55E5BB614203E187460232F8701CF54599EEC9A0D2146952D75405A44F
16:36:42.0508 0x1470  btwl2cap - detected LockedFile.Multi.Generic ( 1 )
16:36:44.0943 0x1470  Detect skipped due to KSN trusted
16:36:44.0943 0x1470  btwl2cap - ok
16:36:44.0959 0x1470  [ D8270F1D59DD10743C8E62D806AF85E2, EF6F74747C56CBFE56E64C375EE51944E21F3DF882F99677CB016BC73CC57F05 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
16:36:44.0959 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwrchid.sys. md5: D8270F1D59DD10743C8E62D806AF85E2, sha256: EF6F74747C56CBFE56E64C375EE51944E21F3DF882F99677CB016BC73CC57F05
16:36:44.0959 0x1470  btwrchid - detected LockedFile.Multi.Generic ( 1 )
16:36:47.0347 0x1470  Detect skipped due to KSN trusted
16:36:47.0347 0x1470  btwrchid - ok
16:36:47.0363 0x1470  [ F9A6DEAC2776A85F23B55E044CD4BC10, BF98EE87E50A6682E5FB1A7F43A2F2ED312C3DE7B1EA112808777E519706C32A ] buttonsvc64     c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
16:36:47.0394 0x1470  buttonsvc64 - ok
16:36:47.0409 0x1470  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:36:47.0409 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
16:36:47.0409 0x1470  cdfs - detected LockedFile.Multi.Generic ( 1 )
16:36:49.0845 0x1470  Detect skipped due to KSN trusted
16:36:49.0845 0x1470  cdfs - ok
16:36:49.0860 0x1470  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:36:49.0860 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
16:36:49.0860 0x1470  cdrom - detected LockedFile.Multi.Generic ( 1 )
16:36:52.0248 0x1470  Detect skipped due to KSN trusted
16:36:52.0248 0x1470  cdrom - ok
16:36:52.0264 0x1470  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:36:52.0311 0x1470  CertPropSvc - ok
16:36:52.0311 0x1470  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:36:52.0311 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
16:36:52.0311 0x1470  circlass - detected LockedFile.Multi.Generic ( 1 )
16:36:54.0699 0x1470  Detect skipped due to KSN trusted
16:36:54.0699 0x1470  circlass - ok
16:36:54.0715 0x1470  cleanhlp - ok
16:36:54.0730 0x1470  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:36:54.0730 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
16:36:54.0730 0x1470  CLFS - detected LockedFile.Multi.Generic ( 1 )
16:36:57.0119 0x1470  Detect skipped due to KSN trusted
16:36:57.0119 0x1470  CLFS - ok
16:36:57.0134 0x1470  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:36:57.0165 0x1470  clr_optimization_v2.0.50727_32 - ok
16:36:57.0181 0x1470  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:36:57.0181 0x1470  clr_optimization_v2.0.50727_64 - ok
16:36:57.0197 0x1470  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:36:57.0212 0x1470  clr_optimization_v4.0.30319_32 - ok
16:36:57.0228 0x1470  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:36:57.0243 0x1470  clr_optimization_v4.0.30319_64 - ok
16:36:57.0243 0x1470  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:36:57.0243 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
16:36:57.0243 0x1470  CmBatt - detected LockedFile.Multi.Generic ( 1 )
16:36:59.0616 0x1470  Detect skipped due to KSN trusted
16:36:59.0616 0x1470  CmBatt - ok
16:36:59.0616 0x1470  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:36:59.0616 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
16:36:59.0616 0x1470  cmdide - detected LockedFile.Multi.Generic ( 1 )
16:37:02.0067 0x1470  Detect skipped due to KSN trusted
16:37:02.0067 0x1470  cmdide - ok
16:37:02.0348 0x1470  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:37:02.0348 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: EBF28856F69CF094A902F884CF989706, sha256: AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F
16:37:02.0348 0x1470  CNG - detected LockedFile.Multi.Generic ( 1 )
16:37:04.0954 0x1470  Detect skipped due to KSN trusted
16:37:04.0954 0x1470  CNG - ok
16:37:04.0954 0x1470  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:37:04.0954 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
16:37:04.0954 0x1470  Compbatt - detected LockedFile.Multi.Generic ( 1 )
16:37:07.0343 0x1470  Detect skipped due to KSN trusted
16:37:07.0343 0x1470  Compbatt - ok
16:37:07.0343 0x1470  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:37:07.0358 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
16:37:07.0358 0x1470  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
16:37:09.0731 0x1470  Detect skipped due to KSN trusted
16:37:09.0731 0x1470  CompositeBus - ok
16:37:09.0731 0x1470  COMSysApp - ok
16:37:09.0747 0x1470  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:37:09.0747 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
16:37:09.0747 0x1470  crcdisk - detected LockedFile.Multi.Generic ( 1 )
16:37:12.0135 0x1470  Detect skipped due to KSN trusted
16:37:12.0135 0x1470  crcdisk - ok
16:37:12.0197 0x1470  [ 55A9081A7A6D0977A0B470AC88F37E6F, F5DB2480D6FE6AFC9226CD554AD9E7E637E7556C3BDBA7FB1B46BDF81A20460C ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
16:37:12.0213 0x1470  Credential Vault Host Control Service - ok
16:37:12.0228 0x1470  [ 53371039D4027E1BB4DDCC83007D3A04, 2C3EC24763FF441F536159B61E412F6D911175F2E117248F017D042231EDB614 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
16:37:12.0228 0x1470  Credential Vault Host Storage - ok
16:37:12.0244 0x1470  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:37:12.0260 0x1470  CryptSvc - ok
16:37:12.0275 0x1470  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
16:37:12.0275 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\csc.sys. md5: 54DA3DFD29ED9F1619B6F53F3CE55E49, sha256: 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E
16:37:12.0275 0x1470  CSC - detected LockedFile.Multi.Generic ( 1 )
16:37:14.0710 0x1470  Detect skipped due to KSN trusted
16:37:14.0710 0x1470  CSC - ok
16:37:14.0742 0x1470  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
16:37:14.0773 0x1470  CscService - ok
16:37:14.0773 0x1470  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:37:14.0773 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CtClsFlt.sys. md5: ED5CF92396A62F4C15110DCDB5E854D9, sha256: CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2
16:37:14.0773 0x1470  CtClsFlt - detected LockedFile.Multi.Generic ( 1 )
16:37:17.0161 0x1470  Detect skipped due to KSN trusted
16:37:17.0161 0x1470  CtClsFlt - ok
16:37:17.0161 0x1470  [ A84CAAE89B487931200B969D94018AFA, 6984F3CF4E78B20350E5C09F16DE412D0232E202BD8DF86B9623F25CD154ED95 ] cvusbdrv        C:\Windows\system32\Drivers\cvusbdrv.sys
16:37:17.0161 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cvusbdrv.sys. md5: A84CAAE89B487931200B969D94018AFA, sha256: 6984F3CF4E78B20350E5C09F16DE412D0232E202BD8DF86B9623F25CD154ED95
16:37:17.0161 0x1470  cvusbdrv - detected LockedFile.Multi.Generic ( 1 )
16:37:19.0580 0x1470  Detect skipped due to KSN trusted
16:37:19.0580 0x1470  cvusbdrv - ok
16:37:19.0627 0x1470  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:37:19.0690 0x1470  DcomLaunch - ok
16:37:19.0705 0x1470  [ C0AADE6FC97F718B1E1B0D4452F2ADA5, 96B88D09F14563D8F87A82824BBE70751BF665813CA1E21EE6C9F9CA7EADE448 ] dcpsysmgrsvc    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
16:37:19.0721 0x1470  dcpsysmgrsvc - ok
16:37:19.0737 0x1470  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:37:19.0768 0x1470  defragsvc - ok
16:37:19.0783 0x1470  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:37:19.0783 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F
16:37:19.0783 0x1470  DfsC - detected LockedFile.Multi.Generic ( 1 )
16:37:22.0218 0x1470  Detect skipped due to KSN trusted
16:37:22.0218 0x1470  DfsC - ok
16:37:22.0234 0x1470  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:37:22.0281 0x1470  Dhcp - ok
16:37:22.0281 0x1470  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:37:22.0281 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
16:37:22.0281 0x1470  discache - detected LockedFile.Multi.Generic ( 1 )
16:37:24.0669 0x1470  Detect skipped due to KSN trusted
16:37:24.0669 0x1470  discache - ok
16:37:24.0685 0x1470  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:37:24.0685 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
16:37:24.0685 0x1470  Disk - detected LockedFile.Multi.Generic ( 1 )
16:37:27.0073 0x1470  Detect skipped due to KSN trusted
16:37:27.0073 0x1470  Disk - ok
16:37:27.0089 0x1470  dkab_device - ok
16:37:27.0104 0x1470  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:37:27.0135 0x1470  Dnscache - ok
16:37:27.0135 0x1470  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:37:27.0182 0x1470  dot3svc - ok
16:37:27.0182 0x1470  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:37:27.0213 0x1470  DPS - ok
16:37:27.0229 0x1470  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:37:27.0229 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
16:37:27.0229 0x1470  drmkaud - detected LockedFile.Multi.Generic ( 1 )
16:37:29.0664 0x1470  Detect skipped due to KSN trusted
16:37:29.0664 0x1470  drmkaud - ok
16:37:29.0680 0x1470  [ 37BA0259E9A79D610FD302C8A3770A2C, 5D7FB757E7E33CCC23919B7A2CC5495C1740E39FA53BD30B73F4142A23E9A413 ] DVMIO           D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys
16:37:29.0695 0x1470  DVMIO - ok
16:37:29.0742 0x1470  [ 6F0952F5A3C8D9E90DF1F88B84541145, 55818BCE974D7BCDBD9DE03CE214477C15C085876BBE2AA3B984805F8E61A564 ] DvmMDES         D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe
16:37:29.0758 0x1470  DvmMDES - detected UnsignedFile.Multi.Generic ( 1 )
16:37:32.0130 0x1470  Detect skipped due to KSN trusted
16:37:32.0130 0x1470  DvmMDES - ok
16:37:32.0193 0x1470  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:37:32.0193 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 88612F1CE3BF42256913BF6E61C70D52, sha256: 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7
16:37:32.0193 0x1470  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
16:37:34.0644 0x1470  Detect skipped due to KSN trusted
16:37:34.0644 0x1470  DXGKrnl - ok
16:37:34.0675 0x1470  [ F369E83F6CDAB987CA2DD764278659A6, 64F7CF085EA19A37D6A23D91B63BCF36EAC4FEE936DDD7E71F665C4FD0EA6DC2 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
16:37:34.0675 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\e1k62x64.sys. md5: F369E83F6CDAB987CA2DD764278659A6, sha256: 64F7CF085EA19A37D6A23D91B63BCF36EAC4FEE936DDD7E71F665C4FD0EA6DC2
16:37:34.0675 0x1470  e1kexpress - detected LockedFile.Multi.Generic ( 1 )
16:37:37.0219 0x1470  Detect skipped due to KSN trusted
16:37:37.0219 0x1470  e1kexpress - ok
16:37:37.0235 0x1470  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:37:37.0297 0x1470  EapHost - ok
16:37:37.0375 0x1470  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:37:37.0375 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
16:37:37.0375 0x1470  ebdrv - detected LockedFile.Multi.Generic ( 1 )
16:37:39.0763 0x1470  Detect skipped due to KSN trusted
16:37:39.0763 0x1470  ebdrv - ok
16:37:39.0779 0x1470  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
16:37:39.0795 0x1470  EFS - ok
16:37:39.0826 0x1470  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:37:39.0857 0x1470  ehRecvr - ok
16:37:39.0873 0x1470  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:37:39.0888 0x1470  ehSched - ok
16:37:39.0904 0x1470  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:37:39.0904 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
16:37:39.0904 0x1470  elxstor - detected LockedFile.Multi.Generic ( 1 )
16:37:42.0292 0x1470  Detect skipped due to KSN trusted
16:37:42.0292 0x1470  elxstor - ok
16:37:42.0308 0x1470  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
16:37:42.0323 0x1470  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
16:37:44.0696 0x1470  Detect skipped due to KSN trusted
16:37:44.0696 0x1470  EpsonBidirectionalService - ok
16:37:44.0696 0x1470  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:37:44.0696 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
16:37:44.0696 0x1470  ErrDev - detected LockedFile.Multi.Generic ( 1 )
16:37:47.0084 0x1470  Detect skipped due to KSN trusted
16:37:47.0084 0x1470  ErrDev - ok
16:37:47.0115 0x1470  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:37:47.0162 0x1470  EventSystem - ok
16:37:47.0178 0x1470  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:37:47.0178 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
16:37:47.0178 0x1470  exfat - detected LockedFile.Multi.Generic ( 1 )
16:37:49.0550 0x1470  Detect skipped due to KSN trusted
16:37:49.0550 0x1470  exfat - ok
16:37:49.0582 0x1470  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:37:49.0582 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
16:37:49.0582 0x1470  fastfat - detected LockedFile.Multi.Generic ( 1 )
16:37:52.0173 0x1470  Detect skipped due to KSN trusted
16:37:52.0173 0x1470  fastfat - ok
16:37:52.0407 0x1470  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:37:52.0438 0x1470  Fax - ok
16:37:52.0454 0x1470  FA_Scheduler - ok
16:37:52.0454 0x1470  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:37:52.0454 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
16:37:52.0454 0x1470  fdc - detected LockedFile.Multi.Generic ( 1 )
16:37:54.0826 0x1470  Detect skipped due to KSN trusted
16:37:54.0826 0x1470  fdc - ok
16:37:54.0826 0x1470  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:37:54.0889 0x1470  fdPHost - ok
16:37:54.0889 0x1470  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:37:54.0920 0x1470  FDResPub - ok
16:37:54.0920 0x1470  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:37:54.0920 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
16:37:54.0920 0x1470  FileInfo - detected LockedFile.Multi.Generic ( 1 )
16:37:57.0324 0x1470  Detect skipped due to KSN trusted
16:37:57.0324 0x1470  FileInfo - ok
16:37:57.0340 0x1470  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:37:57.0340 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
16:37:57.0340 0x1470  Filetrace - detected LockedFile.Multi.Generic ( 1 )
16:37:59.0728 0x1470  Detect skipped due to KSN trusted
16:37:59.0728 0x1470  Filetrace - ok
16:37:59.0759 0x1470  [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:37:59.0790 0x1470  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
16:38:02.0179 0x1470  Detect skipped due to KSN trusted
16:38:02.0179 0x1470  FLEXnet Licensing Service - ok
16:38:02.0194 0x1470  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:38:02.0194 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
16:38:02.0194 0x1470  flpydisk - detected LockedFile.Multi.Generic ( 1 )
16:38:04.0567 0x1470  Detect skipped due to KSN trusted
16:38:04.0567 0x1470  flpydisk - ok
16:38:04.0598 0x1470  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:38:04.0598 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
16:38:04.0598 0x1470  FltMgr - detected LockedFile.Multi.Generic ( 1 )
16:38:07.0049 0x1470  Detect skipped due to KSN trusted
16:38:07.0049 0x1470  FltMgr - ok
16:38:07.0095 0x1470  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
16:38:07.0142 0x1470  FontCache - ok
16:38:07.0142 0x1470  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:38:07.0158 0x1470  FontCache3.0.0.0 - ok
16:38:07.0158 0x1470  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:38:07.0158 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
16:38:07.0158 0x1470  FsDepends - detected LockedFile.Multi.Generic ( 1 )
16:38:09.0609 0x1470  Detect skipped due to KSN trusted
16:38:09.0609 0x1470  FsDepends - ok
16:38:09.0624 0x1470  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:38:09.0624 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
16:38:09.0624 0x1470  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
16:38:12.0012 0x1470  Detect skipped due to KSN trusted
16:38:12.0012 0x1470  Fs_Rec - ok
16:38:12.0044 0x1470  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:38:12.0044 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED, sha256: 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5
16:38:12.0044 0x1470  fvevol - detected LockedFile.Multi.Generic ( 1 )
16:38:14.0416 0x1470  Detect skipped due to KSN trusted
16:38:14.0416 0x1470  fvevol - ok
16:38:14.0432 0x1470  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:38:14.0432 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
16:38:14.0432 0x1470  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
16:38:16.0883 0x1470  Detect skipped due to KSN trusted
16:38:16.0883 0x1470  gagp30kx - ok
16:38:16.0898 0x1470  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:38:16.0898 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
16:38:16.0898 0x1470  GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
16:38:19.0286 0x1470  Detect skipped due to KSN trusted
16:38:19.0286 0x1470  GEARAspiWDM - ok
16:38:19.0333 0x1470  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:38:19.0380 0x1470  gpsvc - ok
16:38:19.0396 0x1470  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:38:19.0396 0x1470  gupdate - ok
16:38:19.0411 0x1470  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:38:19.0411 0x1470  gupdatem - ok
16:38:19.0427 0x1470  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:38:19.0443 0x1470  gusvc - ok
16:38:19.0443 0x1470  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:38:19.0443 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
16:38:19.0443 0x1470  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
16:38:21.0862 0x1470  Detect skipped due to KSN trusted
16:38:21.0862 0x1470  hcw85cir - ok
16:38:21.0878 0x1470  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:38:21.0878 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
16:38:21.0878 0x1470  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
16:38:24.0328 0x1470  Detect skipped due to KSN trusted
16:38:24.0328 0x1470  HDAudBus - ok
16:38:24.0344 0x1470  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:38:24.0344 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
16:38:24.0344 0x1470  HECIx64 - detected LockedFile.Multi.Generic ( 1 )
16:38:26.0732 0x1470  Detect skipped due to KSN trusted
16:38:26.0732 0x1470  HECIx64 - ok
16:38:26.0732 0x1470  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:38:26.0732 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
16:38:26.0748 0x1470  HidBatt - detected LockedFile.Multi.Generic ( 1 )
16:38:29.0120 0x1470  Detect skipped due to KSN trusted
16:38:29.0120 0x1470  HidBatt - ok
16:38:29.0136 0x1470  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:38:29.0136 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
16:38:29.0136 0x1470  HidBth - detected LockedFile.Multi.Generic ( 1 )
16:38:31.0524 0x1470  Detect skipped due to KSN trusted
16:38:31.0524 0x1470  HidBth - ok
16:38:31.0540 0x1470  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:38:31.0540 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
16:38:31.0540 0x1470  HidIr - detected LockedFile.Multi.Generic ( 1 )
16:38:33.0990 0x1470  Detect skipped due to KSN trusted
16:38:33.0990 0x1470  HidIr - ok
16:38:34.0006 0x1470  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:38:34.0053 0x1470  hidserv - ok
16:38:34.0069 0x1470  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:38:34.0069 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
16:38:34.0069 0x1470  HidUsb - detected LockedFile.Multi.Generic ( 1 )
16:38:36.0441 0x1470  Detect skipped due to KSN trusted
16:38:36.0441 0x1470  HidUsb - ok
16:38:36.0441 0x1470  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:38:36.0504 0x1470  hkmsvc - ok
16:38:36.0504 0x1470  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:38:36.0535 0x1470  HomeGroupListener - ok
16:38:36.0535 0x1470  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:38:36.0550 0x1470  HomeGroupProvider - ok
16:38:36.0550 0x1470  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:38:36.0566 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
16:38:36.0566 0x1470  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
16:38:39.0001 0x1470  Detect skipped due to KSN trusted
16:38:39.0001 0x1470  HpSAMD - ok
16:38:39.0048 0x1470  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:38:39.0048 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
16:38:39.0048 0x1470  HTTP - detected LockedFile.Multi.Generic ( 1 )
16:38:41.0499 0x1470  Detect skipped due to KSN trusted
16:38:41.0499 0x1470  HTTP - ok
16:38:41.0514 0x1470  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:38:41.0514 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
16:38:41.0514 0x1470  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
16:38:43.0902 0x1470  Detect skipped due to KSN trusted
16:38:43.0902 0x1470  hwpolicy - ok
16:38:43.0918 0x1470  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:38:43.0918 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
16:38:43.0918 0x1470  i8042prt - detected LockedFile.Multi.Generic ( 1 )
16:38:46.0306 0x1470  Detect skipped due to KSN trusted
16:38:46.0306 0x1470  i8042prt - ok
16:38:46.0337 0x1470  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:38:46.0337 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: ABBF174CB394F5C437410A788B7E404A, sha256: 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8
16:38:46.0337 0x1470  iaStor - detected LockedFile.Multi.Generic ( 1 )
16:38:48.0819 0x1470  Detect skipped due to KSN trusted
16:38:48.0819 0x1470  iaStor - ok
16:38:48.0835 0x1470  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:38:48.0851 0x1470  IAStorDataMgrSvc - ok
16:38:48.0882 0x1470  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:38:48.0882 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 3DF4395A7CF8B7A72A5F4606366B8C2D, sha256: 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80
16:38:48.0882 0x1470  iaStorV - detected LockedFile.Multi.Generic ( 1 )
16:38:51.0254 0x1470  Detect skipped due to KSN trusted
16:38:51.0254 0x1470  iaStorV - ok
16:38:51.0254 0x1470  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:38:51.0270 0x1470  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
16:38:53.0674 0x1470  Detect skipped due to KSN trusted
16:38:53.0674 0x1470  IDriverT - ok
16:38:53.0736 0x1470  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:38:53.0752 0x1470  idsvc - ok
16:38:53.0768 0x1470  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:38:53.0768 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
16:38:53.0768 0x1470  iirsp - detected LockedFile.Multi.Generic ( 1 )
16:38:56.0203 0x1470  Detect skipped due to KSN trusted
16:38:56.0203 0x1470  iirsp - ok
16:38:56.0249 0x1470  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:38:56.0281 0x1470  IKEEXT - ok
16:38:56.0296 0x1470  [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:38:56.0296 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Impcd.sys. md5: 36FDF367A1DABFF903E2214023D71368, sha256: 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68
16:38:56.0296 0x1470  Impcd - detected LockedFile.Multi.Generic ( 1 )
16:38:58.0685 0x1470  Detect skipped due to KSN trusted
16:38:58.0685 0x1470  Impcd - ok
16:38:58.0700 0x1470  [ A4A87C2F228DD2AC93DAE94E103792D3, 22F75A82DA293B9ED6B9EB564A06FFFFDAA9E1FB0B60AC4A479B17E1BD77F1F8 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
16:38:58.0716 0x1470  InstallFilterService - detected UnsignedFile.Multi.Generic ( 1 )
16:39:01.0104 0x1470  Detect skipped due to KSN trusted
16:39:01.0104 0x1470  InstallFilterService - ok
16:39:01.0104 0x1470  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:39:01.0104 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
16:39:01.0104 0x1470  intelide - detected LockedFile.Multi.Generic ( 1 )
16:39:03.0555 0x1470  Detect skipped due to KSN trusted
16:39:03.0555 0x1470  intelide - ok
16:39:03.0570 0x1470  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:39:03.0570 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
16:39:03.0570 0x1470  intelppm - detected LockedFile.Multi.Generic ( 1 )
16:39:05.0959 0x1470  Detect skipped due to KSN trusted
16:39:05.0959 0x1470  intelppm - ok
16:39:05.0974 0x1470  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:39:06.0005 0x1470  IPBusEnum - ok
16:39:06.0021 0x1470  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:39:06.0021 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
16:39:06.0021 0x1470  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
16:39:08.0409 0x1470  Detect skipped due to KSN trusted
16:39:08.0409 0x1470  IpFilterDriver - ok
16:39:08.0456 0x1470  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:39:08.0487 0x1470  iphlpsvc - ok
16:39:08.0503 0x1470  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:39:08.0503 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
16:39:08.0503 0x1470  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
16:39:10.0938 0x1470  Detect skipped due to KSN trusted
16:39:10.0938 0x1470  IPMIDRV - ok
16:39:10.0954 0x1470  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:39:10.0954 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
16:39:10.0954 0x1470  IPNAT - detected LockedFile.Multi.Generic ( 1 )
16:39:13.0342 0x1470  Detect skipped due to KSN trusted
16:39:13.0342 0x1470  IPNAT - ok
16:39:13.0373 0x1470  [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:39:13.0389 0x1470  iPod Service - ok
16:39:13.0404 0x1470  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:39:13.0404 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
16:39:13.0404 0x1470  IRENUM - detected LockedFile.Multi.Generic ( 1 )
16:39:15.0777 0x1470  Detect skipped due to KSN trusted
16:39:15.0777 0x1470  IRENUM - ok
16:39:15.0777 0x1470  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:39:15.0777 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
16:39:15.0777 0x1470  isapnp - detected LockedFile.Multi.Generic ( 1 )
16:39:18.0228 0x1470  Detect skipped due to KSN trusted
16:39:18.0228 0x1470  isapnp - ok
16:39:18.0243 0x1470  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:39:18.0259 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
16:39:18.0259 0x1470  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
16:39:20.0663 0x1470  Detect skipped due to KSN trusted
16:39:20.0663 0x1470  iScsiPrt - ok
16:39:20.0663 0x1470  [ BD5BF20EC242E003A2F570B8754A56D1, B4B3492222E98BF8E6EC453E727187FF4AA50A508D1E88A0CBBD5C46355AE492 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
16:39:20.0663 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ivusb.sys. md5: BD5BF20EC242E003A2F570B8754A56D1, sha256: B4B3492222E98BF8E6EC453E727187FF4AA50A508D1E88A0CBBD5C46355AE492
16:39:20.0663 0x1470  ivusb - detected LockedFile.Multi.Generic ( 1 )
16:39:23.0129 0x1470  Detect skipped due to KSN trusted
16:39:23.0129 0x1470  ivusb - ok
16:39:23.0129 0x1470  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:39:23.0129 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
16:39:23.0129 0x1470  kbdclass - detected LockedFile.Multi.Generic ( 1 )
16:39:25.0580 0x1470  Detect skipped due to KSN trusted
16:39:25.0580 0x1470  kbdclass - ok
16:39:25.0611 0x1470  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:39:25.0611 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
16:39:25.0611 0x1470  kbdhid - detected LockedFile.Multi.Generic ( 1 )
16:39:27.0983 0x1470  Detect skipped due to KSN trusted
16:39:27.0983 0x1470  kbdhid - ok
16:39:27.0999 0x1470  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
16:39:28.0015 0x1470  KeyIso - ok
16:39:28.0015 0x1470  [ 322CD7A01A961D94C6EAB640D6427504, 17979EB65FEE44E329F3E8097194AE20422818EC6859DAA0206EB2CC3EEFA8D7 ] KOBCCEX         C:\Windows\system32\drivers\KOBCCEX.sys
16:39:28.0015 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\KOBCCEX.sys. md5: 322CD7A01A961D94C6EAB640D6427504, sha256: 17979EB65FEE44E329F3E8097194AE20422818EC6859DAA0206EB2CC3EEFA8D7
16:39:28.0015 0x1470  KOBCCEX - detected LockedFile.Multi.Generic ( 1 )
16:39:30.0403 0x1470  Detect skipped due to KSN trusted
16:39:30.0403 0x1470  KOBCCEX - ok
16:39:30.0418 0x1470  [ 000200AD75DE8363546EECAFF77980FE, BE05EF748DC9640DC24DE2E2AC0B8FDCE3A79CCECD63B1E993D53979A1504477 ] KOBCCID         C:\Windows\system32\drivers\KOBCCID.sys
16:39:30.0418 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\KOBCCID.sys. md5: 000200AD75DE8363546EECAFF77980FE, sha256: BE05EF748DC9640DC24DE2E2AC0B8FDCE3A79CCECD63B1E993D53979A1504477
16:39:30.0418 0x1470  KOBCCID - detected LockedFile.Multi.Generic ( 1 )
16:39:32.0807 0x1470  Detect skipped due to KSN trusted
16:39:32.0807 0x1470  KOBCCID - ok
16:39:32.0822 0x1470  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:39:32.0822 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A
16:39:32.0822 0x1470  KSecDD - detected LockedFile.Multi.Generic ( 1 )
16:39:35.0273 0x1470  Detect skipped due to KSN trusted
16:39:35.0273 0x1470  KSecDD - ok
16:39:35.0289 0x1470  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:39:35.0289 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD
16:39:35.0289 0x1470  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
16:39:37.0677 0x1470  Detect skipped due to KSN trusted
16:39:37.0677 0x1470  KSecPkg - ok
16:39:37.0677 0x1470  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:39:37.0677 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
16:39:37.0677 0x1470  ksthunk - detected LockedFile.Multi.Generic ( 1 )
16:39:40.0065 0x1470  Detect skipped due to KSN trusted
16:39:40.0065 0x1470  ksthunk - ok
16:39:40.0112 0x1470  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:39:40.0143 0x1470  KtmRm - ok
16:39:40.0159 0x1470  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:39:40.0190 0x1470  LanmanServer - ok
16:39:40.0206 0x1470  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:39:40.0237 0x1470  LanmanWorkstation - ok
16:39:40.0237 0x1470  [ 1B669AF5811AE2F69024F34203BAD2A2, 2DE460F3F9318E89849E489C844FA848D69665A87B5B21444738CE77E4672209 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:39:40.0237 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\LHidFilt.Sys. md5: 1B669AF5811AE2F69024F34203BAD2A2, sha256: 2DE460F3F9318E89849E489C844FA848D69665A87B5B21444738CE77E4672209
16:39:40.0237 0x1470  LHidFilt - detected LockedFile.Multi.Generic ( 1 )
16:39:42.0687 0x1470  Detect skipped due to KSN trusted
16:39:42.0687 0x1470  LHidFilt - ok
16:39:42.0703 0x1470  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:39:42.0703 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
16:39:42.0703 0x1470  lltdio - detected LockedFile.Multi.Generic ( 1 )
16:39:45.0091 0x1470  Detect skipped due to KSN trusted
16:39:45.0091 0x1470  lltdio - ok
16:39:45.0122 0x1470  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:39:45.0169 0x1470  lltdsvc - ok
16:39:45.0169 0x1470  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:39:45.0201 0x1470  lmhosts - ok
16:39:45.0201 0x1470  [ 79F3696E25B289A6B2B7EA931C7BEC00, 3320874B2ADE48F9A2AF9429C5AA4258922D4745D80E58FFF8DF341BC85A2881 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:39:45.0201 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\LMouFilt.Sys. md5: 79F3696E25B289A6B2B7EA931C7BEC00, sha256: 3320874B2ADE48F9A2AF9429C5AA4258922D4745D80E58FFF8DF341BC85A2881
16:39:45.0216 0x1470  LMouFilt - detected LockedFile.Multi.Generic ( 1 )
16:39:47.0589 0x1470  Detect skipped due to KSN trusted
16:39:47.0589 0x1470  LMouFilt - ok
16:39:47.0620 0x1470  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:39:47.0620 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
16:39:47.0620 0x1470  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
16:39:50.0008 0x1470  Detect skipped due to KSN trusted
16:39:50.0008 0x1470  LSI_FC - ok
16:39:50.0024 0x1470  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:39:50.0024 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
16:39:50.0024 0x1470  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
16:39:52.0412 0x1470  Detect skipped due to KSN trusted
16:39:52.0412 0x1470  LSI_SAS - ok
16:39:52.0412 0x1470  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:39:52.0412 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
16:39:52.0412 0x1470  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
16:39:54.0830 0x1470  Detect skipped due to KSN trusted
16:39:54.0830 0x1470  LSI_SAS2 - ok
16:39:54.0830 0x1470  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:39:54.0846 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
16:39:54.0846 0x1470  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
16:39:57.0280 0x1470  Detect skipped due to KSN trusted
16:39:57.0280 0x1470  LSI_SCSI - ok
16:39:57.0296 0x1470  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:39:57.0296 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
16:39:57.0296 0x1470  luafv - detected LockedFile.Multi.Generic ( 1 )
16:39:59.0745 0x1470  Detect skipped due to KSN trusted
16:39:59.0745 0x1470  luafv - ok
16:39:59.0761 0x1470  [ AF69FEC6F299BD07742127C4CC0FE6A6, F0DDF555FCD85845F241C3AC91A26832E4F5F753665490E01A0E15325E480D2F ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
16:39:59.0761 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\LUsbFilt.Sys. md5: AF69FEC6F299BD07742127C4CC0FE6A6, sha256: F0DDF555FCD85845F241C3AC91A26832E4F5F753665490E01A0E15325E480D2F
16:39:59.0761 0x1470  LUsbFilt - detected LockedFile.Multi.Generic ( 1 )
16:40:02.0148 0x1470  Detect skipped due to KSN trusted
16:40:02.0148 0x1470  LUsbFilt - ok
16:40:02.0164 0x1470  [ 024DA28053D57E9E32BEE52600576BBB, 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
16:40:02.0164 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MarvinBus64.sys. md5: 024DA28053D57E9E32BEE52600576BBB, sha256: 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E
16:40:02.0164 0x1470  MarvinBus - detected LockedFile.Multi.Generic ( 1 )
16:40:04.0551 0x1470  Detect skipped due to KSN trusted
16:40:04.0551 0x1470  MarvinBus - ok
16:40:04.0567 0x1470  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:40:04.0582 0x1470  Mcx2Svc - ok
16:40:04.0707 0x1470  [ 6C7F3086968E530D5EA326C8F5E41C29, 197C61A081224F878B1B3BC9B9141A25F7BF7362A747753CB689F468D407BCF9 ] mdareDriver_43  C:\Users\USERNAME\AppData\Local\Temp\FCPreScan\mdare64_43.sys
16:40:04.0723 0x1470  mdareDriver_43 - ok
16:40:04.0816 0x1470  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:40:04.0816 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
16:40:04.0816 0x1470  megasas - detected LockedFile.Multi.Generic ( 1 )
16:40:07.0204 0x1470  Detect skipped due to KSN trusted
16:40:07.0204 0x1470  megasas - ok
16:40:07.0219 0x1470  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:40:07.0219 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
16:40:07.0219 0x1470  MegaSR - detected LockedFile.Multi.Generic ( 1 )
16:40:09.0607 0x1470  Detect skipped due to KSN trusted
16:40:09.0607 0x1470  MegaSR - ok
16:40:09.0607 0x1470  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:40:09.0685 0x1470  MMCSS - ok
16:40:09.0685 0x1470  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:40:09.0685 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
16:40:09.0685 0x1470  Modem - detected LockedFile.Multi.Generic ( 1 )
16:40:12.0072 0x1470  Detect skipped due to KSN trusted
16:40:12.0072 0x1470  Modem - ok
16:40:12.0088 0x1470  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:40:12.0088 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
16:40:12.0088 0x1470  monitor - detected LockedFile.Multi.Generic ( 1 )
16:40:14.0537 0x1470  Detect skipped due to KSN trusted
16:40:14.0537 0x1470  monitor - ok
16:40:14.0553 0x1470  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:40:14.0553 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
16:40:14.0553 0x1470  mouclass - detected LockedFile.Multi.Generic ( 1 )
16:40:16.0940 0x1470  Detect skipped due to KSN trusted
16:40:16.0940 0x1470  mouclass - ok
16:40:16.0940 0x1470  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:40:16.0940 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
16:40:16.0940 0x1470  mouhid - detected LockedFile.Multi.Generic ( 1 )
16:40:19.0328 0x1470  Detect skipped due to KSN trusted
16:40:19.0328 0x1470  mouhid - ok
16:40:19.0343 0x1470  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:40:19.0343 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
16:40:19.0343 0x1470  mountmgr - detected LockedFile.Multi.Generic ( 1 )
16:40:21.0730 0x1470  Detect skipped due to KSN trusted
16:40:21.0730 0x1470  mountmgr - ok
16:40:21.0746 0x1470  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:40:21.0746 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
16:40:21.0746 0x1470  mpio - detected LockedFile.Multi.Generic ( 1 )
16:40:24.0196 0x1470  Detect skipped due to KSN trusted
16:40:24.0196 0x1470  mpio - ok
16:40:24.0211 0x1470  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:40:24.0211 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
16:40:24.0211 0x1470  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
16:40:26.0583 0x1470  Detect skipped due to KSN trusted
16:40:26.0583 0x1470  mpsdrv - ok
16:40:26.0630 0x1470  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:40:26.0724 0x1470  MpsSvc - ok
16:40:26.0724 0x1470  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:40:26.0724 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
16:40:26.0724 0x1470  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
16:40:29.0111 0x1470  Detect skipped due to KSN trusted
16:40:29.0111 0x1470  MRxDAV - ok
16:40:29.0142 0x1470  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:40:29.0142 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
16:40:29.0142 0x1470  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
16:40:31.0533 0x1470  Detect skipped due to KSN trusted
16:40:31.0533 0x1470  mrxsmb - ok
16:40:31.0546 0x1470  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:40:31.0546 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
16:40:31.0546 0x1470  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
16:40:33.0917 0x1470  Detect skipped due to KSN trusted
16:40:33.0917 0x1470  mrxsmb10 - ok
16:40:33.0917 0x1470  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:40:33.0917 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
16:40:33.0917 0x1470  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
16:40:36.0288 0x1470  Detect skipped due to KSN trusted
16:40:36.0288 0x1470  mrxsmb20 - ok
16:40:36.0288 0x1470  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:40:36.0288 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
16:40:36.0288 0x1470  msahci - detected LockedFile.Multi.Generic ( 1 )
16:40:38.0676 0x1470  Detect skipped due to KSN trusted
16:40:38.0676 0x1470  msahci - ok
16:40:38.0691 0x1470  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:40:38.0691 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
16:40:38.0691 0x1470  msdsm - detected LockedFile.Multi.Generic ( 1 )
16:40:41.0114 0x1470  Detect skipped due to KSN trusted
16:40:41.0114 0x1470  msdsm - ok
16:40:41.0130 0x1470  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:40:41.0146 0x1470  MSDTC - ok
16:40:41.0161 0x1470  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:40:41.0161 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
16:40:41.0161 0x1470  Msfs - detected LockedFile.Multi.Generic ( 1 )
16:40:43.0549 0x1470  Detect skipped due to KSN trusted
16:40:43.0549 0x1470  Msfs - ok
16:40:43.0564 0x1470  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:40:43.0564 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
16:40:43.0564 0x1470  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
16:40:45.0930 0x1470  Detect skipped due to KSN trusted
16:40:45.0930 0x1470  mshidkmdf - ok
16:40:45.0930 0x1470  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:40:45.0930 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
16:40:45.0930 0x1470  msisadrv - detected LockedFile.Multi.Generic ( 1 )
16:40:48.0351 0x1470  Detect skipped due to KSN trusted
16:40:48.0351 0x1470  msisadrv - ok
16:40:48.0366 0x1470  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:40:48.0429 0x1470  MSiSCSI - ok
16:40:48.0429 0x1470  msiserver - ok
16:40:48.0429 0x1470  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:40:48.0429 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
16:40:48.0429 0x1470  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
16:40:50.0816 0x1470  Detect skipped due to KSN trusted
16:40:50.0816 0x1470  MSKSSRV - ok
16:40:50.0816 0x1470  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:40:50.0816 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
16:40:50.0816 0x1470  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
16:40:53.0203 0x1470  Detect skipped due to KSN trusted
16:40:53.0203 0x1470  MSPCLOCK - ok
16:40:53.0203 0x1470  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:40:53.0203 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
16:40:53.0203 0x1470  MSPQM - detected LockedFile.Multi.Generic ( 1 )
16:40:55.0653 0x1470  Detect skipped due to KSN trusted
16:40:55.0653 0x1470  MSPQM - ok
16:40:55.0684 0x1470  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:40:55.0684 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
16:40:55.0684 0x1470  MsRPC - detected LockedFile.Multi.Generic ( 1 )
16:40:58.0071 0x1470  Detect skipped due to KSN trusted
16:40:58.0071 0x1470  MsRPC - ok
16:40:58.0087 0x1470  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:40:58.0087 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
16:40:58.0087 0x1470  mssmbios - detected LockedFile.Multi.Generic ( 1 )
16:41:00.0474 0x1470  Detect skipped due to KSN trusted
16:41:00.0474 0x1470  mssmbios - ok
16:41:00.0490 0x1470  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:41:00.0490 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
16:41:00.0490 0x1470  MSTEE - detected LockedFile.Multi.Generic ( 1 )
16:41:02.0940 0x1470  Detect skipped due to KSN trusted
16:41:02.0940 0x1470  MSTEE - ok
16:41:02.0955 0x1470  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:41:02.0955 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
16:41:02.0955 0x1470  MTConfig - detected LockedFile.Multi.Generic ( 1 )
16:41:05.0405 0x1470  Detect skipped due to KSN trusted
16:41:05.0405 0x1470  MTConfig - ok
16:41:05.0421 0x1470  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:41:05.0421 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
16:41:05.0421 0x1470  Mup - detected LockedFile.Multi.Generic ( 1 )
16:41:07.0808 0x1470  Detect skipped due to KSN trusted
16:41:07.0808 0x1470  Mup - ok
16:41:07.0839 0x1470  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:41:07.0870 0x1470  napagent - ok
16:41:07.0886 0x1470  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:41:07.0886 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
16:41:07.0886 0x1470  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
16:41:10.0273 0x1470  Detect skipped due to KSN trusted
16:41:10.0273 0x1470  NativeWifiP - ok
16:41:10.0320 0x1470  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:41:10.0320 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C, sha256: 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D
16:41:10.0320 0x1470  NDIS - detected LockedFile.Multi.Generic ( 1 )
16:41:12.0692 0x1470  Detect skipped due to KSN trusted
16:41:12.0692 0x1470  NDIS - ok
16:41:12.0707 0x1470  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:41:12.0707 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
16:41:12.0707 0x1470  NdisCap - detected LockedFile.Multi.Generic ( 1 )
16:41:15.0079 0x1470  Detect skipped due to KSN trusted

seeufirst · 02.04.2014, 07:17

Hier Log Teil 2:

Code:

ATTFilter

16:41:15.0079 0x1470  NdisCap - ok
16:41:15.0079 0x1470  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:41:15.0079 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
16:41:15.0079 0x1470  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
16:41:17.0466 0x1470  Detect skipped due to KSN trusted
16:41:17.0466 0x1470  NdisTapi - ok
16:41:17.0482 0x1470  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:41:17.0482 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
16:41:17.0482 0x1470  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
16:41:19.0932 0x1470  Detect skipped due to KSN trusted
16:41:19.0932 0x1470  Ndisuio - ok
16:41:19.0947 0x1470  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:19.0947 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
16:41:19.0947 0x1470  NdisWan - detected LockedFile.Multi.Generic ( 1 )
16:41:22.0397 0x1470  Detect skipped due to KSN trusted
16:41:22.0397 0x1470  NdisWan - ok
16:41:22.0413 0x1470  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:41:22.0413 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
16:41:22.0413 0x1470  NDProxy - detected LockedFile.Multi.Generic ( 1 )
16:41:24.0800 0x1470  Detect skipped due to KSN trusted
16:41:24.0800 0x1470  NDProxy - ok
16:41:24.0816 0x1470  [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
16:41:24.0816 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netaapl64.sys. md5: 6F4607E2333FE21E9E3FF8133A88B35B, sha256: F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6
16:41:24.0816 0x1470  Netaapl - detected LockedFile.Multi.Generic ( 1 )
16:41:27.0203 0x1470  Detect skipped due to KSN trusted
16:41:27.0203 0x1470  Netaapl - ok
16:41:27.0203 0x1470  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:41:27.0203 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
16:41:27.0203 0x1470  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
16:41:29.0590 0x1470  Detect skipped due to KSN trusted
16:41:29.0590 0x1470  NetBIOS - ok
16:41:29.0606 0x1470  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:41:29.0606 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
16:41:29.0606 0x1470  NetBT - detected LockedFile.Multi.Generic ( 1 )
16:41:32.0055 0x1470  Detect skipped due to KSN trusted
16:41:32.0055 0x1470  NetBT - ok
16:41:32.0071 0x1470  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
16:41:32.0087 0x1470  Netlogon - ok
16:41:32.0102 0x1470  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:41:32.0149 0x1470  Netman - ok
16:41:32.0165 0x1470  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:41:32.0196 0x1470  netprofm - ok
16:41:32.0211 0x1470  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:41:32.0211 0x1470  NetTcpPortSharing - ok
16:41:32.0227 0x1470  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:41:32.0227 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
16:41:32.0227 0x1470  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
16:41:34.0599 0x1470  Detect skipped due to KSN trusted
16:41:34.0599 0x1470  nfrd960 - ok
16:41:34.0630 0x1470  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:41:34.0677 0x1470  NlaSvc - ok
16:41:34.0677 0x1470  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2, 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
16:41:34.0677 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ccdcmbx64.sys. md5: 907B5E1E4A592E5EDC5E4CCBDE4863C2, sha256: 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074
16:41:34.0677 0x1470  nmwcd - detected LockedFile.Multi.Generic ( 1 )
16:41:37.0080 0x1470  Detect skipped due to KSN trusted
16:41:37.0095 0x1470  nmwcd - ok
16:41:37.0095 0x1470  [ 41C1AC1F3613435EB32D67BCB80A5FA5, 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
16:41:37.0095 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ccdcmbox64.sys. md5: 41C1AC1F3613435EB32D67BCB80A5FA5, sha256: 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23
16:41:37.0095 0x1470  nmwcdc - detected LockedFile.Multi.Generic ( 1 )
16:41:39.0545 0x1470  Detect skipped due to KSN trusted
16:41:39.0545 0x1470  nmwcdc - ok
16:41:39.0561 0x1470  [ 9573223E205907247AE6D948E3453770, 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
16:41:39.0561 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nmwcdnsux64.sys. md5: 9573223E205907247AE6D948E3453770, sha256: 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B
16:41:39.0561 0x1470  nmwcdnsux64 - detected LockedFile.Multi.Generic ( 1 )
16:41:41.0948 0x1470  Detect skipped due to KSN trusted
16:41:41.0948 0x1470  nmwcdnsux64 - ok
16:41:41.0964 0x1470  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:41:41.0964 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
16:41:41.0964 0x1470  Npfs - detected LockedFile.Multi.Generic ( 1 )
16:41:44.0351 0x1470  Detect skipped due to KSN trusted
16:41:44.0351 0x1470  Npfs - ok
16:41:44.0366 0x1470  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:41:44.0398 0x1470  nsi - ok
16:41:44.0398 0x1470  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:41:44.0398 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
16:41:44.0398 0x1470  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
16:41:46.0769 0x1470  Detect skipped due to KSN trusted
16:41:46.0769 0x1470  nsiproxy - ok
16:41:46.0832 0x1470  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:41:46.0832 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E
16:41:46.0832 0x1470  Ntfs - detected LockedFile.Multi.Generic ( 1 )
16:41:49.0266 0x1470  Detect skipped due to KSN trusted
16:41:49.0266 0x1470  Ntfs - ok
16:41:49.0282 0x1470  ntrtscan - ok
16:41:49.0282 0x1470  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:41:49.0282 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
16:41:49.0282 0x1470  Null - detected LockedFile.Multi.Generic ( 1 )
16:41:51.0669 0x1470  Detect skipped due to KSN trusted
16:41:51.0669 0x1470  Null - ok
16:41:51.0684 0x1470  [ CDDD4478757288DF4BB1494BFD084259, 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:41:51.0684 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvhda64v.sys. md5: CDDD4478757288DF4BB1494BFD084259, sha256: 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0
16:41:51.0684 0x1470  NVHDA - detected LockedFile.Multi.Generic ( 1 )
16:41:54.0119 0x1470  Detect skipped due to KSN trusted
16:41:54.0119 0x1470  NVHDA - ok
16:41:54.0321 0x1470  [ 53A7E1DEA2E7FA22FD4F0C28C078F5A0, B35549BBB36F38AC152B7C932E7FA40899A40A99D8DAFC343749905CEBD08051 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
16:41:54.0477 0x1470  NVIDIA Performance Driver Service - ok
16:41:55.0039 0x1470  [ 53D3DD6A066DE2EC13B954B500970D14, C94E2D0840F64D7EA7EAA2429F72F4132757B0D57B1BB6CA6D34231501B79CB3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:41:55.0039 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: 53D3DD6A066DE2EC13B954B500970D14, sha256: C94E2D0840F64D7EA7EAA2429F72F4132757B0D57B1BB6CA6D34231501B79CB3
16:41:55.0055 0x1470  nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
16:41:57.0676 0x1470  Detect skipped due to KSN trusted
16:41:57.0676 0x1470  nvlddmkm - ok
16:41:57.0692 0x1470  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:41:57.0692 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 5D9FD91F3D38DC9DA01E3CB5FA89CD48, sha256: 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737
16:41:57.0692 0x1470  nvraid - detected LockedFile.Multi.Generic ( 1 )
16:42:00.0079 0x1470  Detect skipped due to KSN trusted
16:42:00.0079 0x1470  nvraid - ok
16:42:00.0095 0x1470  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:42:00.0095 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: F7CD50FE7139F07E77DA8AC8033D1832, sha256: DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC
16:42:00.0095 0x1470  nvstor - detected LockedFile.Multi.Generic ( 1 )
16:42:02.0482 0x1470  Detect skipped due to KSN trusted
16:42:02.0482 0x1470  nvstor - ok
16:42:02.0513 0x1470  [ 253842C6F1CB130AA6578BB0840427C1, 5ED4DA8665EC4BED3B86C1806F6AD308BAC14891E19C25C05C114471BB4A5D42 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:42:02.0529 0x1470  nvsvc - ok
16:42:02.0544 0x1470  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:42:02.0544 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
16:42:02.0544 0x1470  nv_agp - detected LockedFile.Multi.Generic ( 1 )
16:42:04.0978 0x1470  Detect skipped due to KSN trusted
16:42:04.0978 0x1470  nv_agp - ok
16:42:05.0041 0x1470  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:42:05.0056 0x1470  odserv - ok
16:42:05.0072 0x1470  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:42:05.0072 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
16:42:05.0072 0x1470  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
16:42:07.0444 0x1470  Detect skipped due to KSN trusted
16:42:07.0444 0x1470  ohci1394 - ok
16:42:07.0459 0x1470  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:42:07.0491 0x1470  ose - ok
16:42:07.0506 0x1470  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:42:07.0522 0x1470  p2pimsvc - ok
16:42:07.0537 0x1470  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:42:07.0569 0x1470  p2psvc - ok
16:42:07.0569 0x1470  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:42:07.0569 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
16:42:07.0569 0x1470  Parport - detected LockedFile.Multi.Generic ( 1 )
16:42:09.0956 0x1470  Detect skipped due to KSN trusted
16:42:09.0956 0x1470  Parport - ok
16:42:09.0971 0x1470  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:42:09.0971 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
16:42:09.0971 0x1470  partmgr - detected LockedFile.Multi.Generic ( 1 )
16:42:12.0686 0x1470  Detect skipped due to KSN trusted
16:42:12.0686 0x1470  partmgr - ok
16:42:12.0702 0x1470  [ 363B3F857ABEE85767E01E3044C539CD, F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C ] PBADRV          C:\Windows\system32\DRIVERS\PBADRV.sys
16:42:12.0702 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\PBADRV.sys. md5: 363B3F857ABEE85767E01E3044C539CD, sha256: F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C
16:42:12.0702 0x1470  PBADRV - detected LockedFile.Multi.Generic ( 1 )
16:42:15.0089 0x1470  Detect skipped due to KSN trusted
16:42:15.0089 0x1470  PBADRV - ok
16:42:15.0105 0x1470  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:42:15.0152 0x1470  PcaSvc - ok
16:42:15.0167 0x1470  [ BC0018C2D29F655188A0ED3FA94FDB24, BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:42:15.0167 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pccsmcfdx64.sys. md5: BC0018C2D29F655188A0ED3FA94FDB24, sha256: BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A
16:42:15.0167 0x1470  pccsmcfd - detected LockedFile.Multi.Generic ( 1 )
16:42:17.0539 0x1470  Detect skipped due to KSN trusted
16:42:17.0539 0x1470  pccsmcfd - ok
16:42:17.0555 0x1470  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:42:17.0555 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
16:42:17.0555 0x1470  pci - detected LockedFile.Multi.Generic ( 1 )
16:42:19.0942 0x1470  Detect skipped due to KSN trusted
16:42:19.0942 0x1470  pci - ok
16:42:19.0942 0x1470  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:42:19.0942 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
16:42:19.0942 0x1470  pciide - detected LockedFile.Multi.Generic ( 1 )
16:42:22.0329 0x1470  Detect skipped due to KSN trusted
16:42:22.0329 0x1470  pciide - ok
16:42:22.0345 0x1470  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:42:22.0345 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
16:42:22.0345 0x1470  pcmcia - detected LockedFile.Multi.Generic ( 1 )
16:42:24.0763 0x1470  Detect skipped due to KSN trusted
16:42:24.0763 0x1470  pcmcia - ok
16:42:24.0763 0x1470  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:42:24.0763 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
16:42:24.0763 0x1470  pcw - detected LockedFile.Multi.Generic ( 1 )
16:42:27.0213 0x1470  Detect skipped due to KSN trusted
16:42:27.0213 0x1470  pcw - ok
16:42:27.0244 0x1470  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:42:27.0260 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
16:42:27.0260 0x1470  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
16:42:29.0694 0x1470  Detect skipped due to KSN trusted
16:42:29.0694 0x1470  PEAUTH - ok
16:42:29.0756 0x1470  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:42:29.0803 0x1470  PeerDistSvc - ok
16:42:29.0866 0x1470  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:42:29.0897 0x1470  PerfHost - ok
16:42:29.0928 0x1470  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:42:30.0006 0x1470  pla - ok
16:42:30.0006 0x1470  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:42:30.0037 0x1470  PlugPlay - ok
16:42:30.0037 0x1470  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:42:30.0053 0x1470  PNRPAutoReg - ok
16:42:30.0069 0x1470  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:42:30.0084 0x1470  PNRPsvc - ok
16:42:30.0100 0x1470  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:42:30.0147 0x1470  PolicyAgent - ok
16:42:30.0147 0x1470  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:42:30.0178 0x1470  Power - ok
16:42:30.0193 0x1470  [ B0E7D5D2CFAA6ED5F20EB8B84A35E593, 257A2DFB538E9849F50F3AD7B75FB093E6CCF49DB8BD840A769BE77DD7953AD0 ] pppop           C:\Windows\system32\DRIVERS\pppop64.sys
16:42:30.0193 0x1470  pppop - ok
16:42:30.0209 0x1470  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:42:30.0209 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
16:42:30.0209 0x1470  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
16:42:32.0581 0x1470  Detect skipped due to KSN trusted
16:42:32.0581 0x1470  PptpMiniport - ok
16:42:32.0596 0x1470  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:42:32.0596 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
16:42:32.0596 0x1470  Processor - detected LockedFile.Multi.Generic ( 1 )
16:42:34.0984 0x1470  Detect skipped due to KSN trusted
16:42:34.0984 0x1470  Processor - ok
16:42:34.0999 0x1470  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
16:42:35.0046 0x1470  ProfSvc - ok
16:42:35.0046 0x1470  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:42:35.0062 0x1470  ProtectedStorage - ok
16:42:35.0077 0x1470  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:42:35.0077 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
16:42:35.0077 0x1470  Psched - detected LockedFile.Multi.Generic ( 1 )
16:42:37.0511 0x1470  Detect skipped due to KSN trusted
16:42:37.0511 0x1470  Psched - ok
16:42:37.0527 0x1470  [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:42:37.0527 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: 4712CC14E720ECCCC0AA16949D18AAF1, sha256: AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262
16:42:37.0527 0x1470  PxHlpa64 - detected LockedFile.Multi.Generic ( 1 )
16:42:39.0914 0x1470  Detect skipped due to KSN trusted
16:42:39.0914 0x1470  PxHlpa64 - ok
16:42:39.0977 0x1470  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:42:39.0977 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
16:42:39.0977 0x1470  ql2300 - detected LockedFile.Multi.Generic ( 1 )
16:42:42.0426 0x1470  Detect skipped due to KSN trusted
16:42:42.0426 0x1470  ql2300 - ok
16:42:42.0442 0x1470  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:42:42.0442 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
16:42:42.0442 0x1470  ql40xx - detected LockedFile.Multi.Generic ( 1 )
16:42:44.0892 0x1470  Detect skipped due to KSN trusted
16:42:44.0892 0x1470  ql40xx - ok
16:42:44.0907 0x1470  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:42:44.0938 0x1470  QWAVE - ok
16:42:44.0954 0x1470  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:42:44.0954 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
16:42:44.0954 0x1470  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
16:42:47.0326 0x1470  Detect skipped due to KSN trusted
16:42:47.0326 0x1470  QWAVEdrv - ok
16:42:47.0341 0x1470  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:42:47.0341 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
16:42:47.0341 0x1470  RasAcd - detected LockedFile.Multi.Generic ( 1 )
16:42:49.0729 0x1470  Detect skipped due to KSN trusted
16:42:49.0729 0x1470  RasAcd - ok
16:42:49.0729 0x1470  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:42:49.0744 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
16:42:49.0744 0x1470  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
16:42:52.0178 0x1470  Detect skipped due to KSN trusted
16:42:52.0178 0x1470  RasAgileVpn - ok
16:42:52.0194 0x1470  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:42:52.0241 0x1470  RasAuto - ok
16:42:52.0241 0x1470  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:42:52.0241 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
16:42:52.0241 0x1470  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
16:42:54.0628 0x1470  Detect skipped due to KSN trusted
16:42:54.0628 0x1470  Rasl2tp - ok
16:42:54.0644 0x1470  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:42:54.0706 0x1470  RasMan - ok
16:42:54.0706 0x1470  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:42:54.0706 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
16:42:54.0706 0x1470  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
16:42:57.0093 0x1470  Detect skipped due to KSN trusted
16:42:57.0093 0x1470  RasPppoe - ok
16:42:57.0109 0x1470  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:42:57.0109 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
16:42:57.0109 0x1470  RasSstp - detected LockedFile.Multi.Generic ( 1 )
16:42:59.0559 0x1470  Detect skipped due to KSN trusted
16:42:59.0559 0x1470  RasSstp - ok
16:42:59.0574 0x1470  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:42:59.0574 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
16:42:59.0590 0x1470  rdbss - detected LockedFile.Multi.Generic ( 1 )
16:43:01.0962 0x1470  Detect skipped due to KSN trusted
16:43:01.0962 0x1470  rdbss - ok
16:43:01.0977 0x1470  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:43:01.0977 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
16:43:01.0977 0x1470  rdpbus - detected LockedFile.Multi.Generic ( 1 )
16:43:04.0349 0x1470  Detect skipped due to KSN trusted
16:43:04.0349 0x1470  rdpbus - ok
16:43:04.0349 0x1470  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:04.0349 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
16:43:04.0365 0x1470  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
16:43:06.0736 0x1470  Detect skipped due to KSN trusted
16:43:06.0736 0x1470  RDPCDD - ok
16:43:06.0752 0x1470  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:43:06.0752 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683, sha256: 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE
16:43:06.0752 0x1470  RDPDR - detected LockedFile.Multi.Generic ( 1 )
16:43:09.0202 0x1470  Detect skipped due to KSN trusted
16:43:09.0202 0x1470  RDPDR - ok
16:43:09.0217 0x1470  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:43:09.0217 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
16:43:09.0217 0x1470  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
16:43:11.0589 0x1470  Detect skipped due to KSN trusted
16:43:11.0589 0x1470  RDPENCDD - ok
16:43:11.0589 0x1470  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:43:11.0589 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
16:43:11.0589 0x1470  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
16:43:13.0976 0x1470  Detect skipped due to KSN trusted
16:43:13.0976 0x1470  RDPREFMP - ok
16:43:14.0007 0x1470  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:43:14.0007 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
16:43:14.0007 0x1470  RDPWD - detected LockedFile.Multi.Generic ( 1 )
16:43:16.0442 0x1470  Detect skipped due to KSN trusted
16:43:16.0442 0x1470  RDPWD - ok
16:43:16.0457 0x1470  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:43:16.0457 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
16:43:16.0457 0x1470  rdyboost - detected LockedFile.Multi.Generic ( 1 )
16:43:18.0907 0x1470  Detect skipped due to KSN trusted
16:43:18.0907 0x1470  rdyboost - ok
16:43:18.0922 0x1470  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
16:43:18.0954 0x1470  RealNetworks Downloader Resolver Service - ok
16:43:18.0954 0x1470  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:43:18.0985 0x1470  RemoteAccess - ok
16:43:19.0000 0x1470  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:43:19.0032 0x1470  RemoteRegistry - ok
16:43:19.0047 0x1470  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:43:19.0047 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932, sha256: 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D
16:43:19.0047 0x1470  RFCOMM - detected LockedFile.Multi.Generic ( 1 )
16:43:21.0419 0x1470  Detect skipped due to KSN trusted
16:43:21.0419 0x1470  RFCOMM - ok
16:43:21.0419 0x1470  [ 3DCA561AAF776AA2E356FB5B142AA5F8, E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677 ] rimspci         C:\Windows\system32\DRIVERS\rimspe64.sys
16:43:21.0435 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rimspe64.sys. md5: 3DCA561AAF776AA2E356FB5B142AA5F8, sha256: E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677
16:43:21.0435 0x1470  rimspci - detected LockedFile.Multi.Generic ( 1 )
16:43:23.0806 0x1470  Detect skipped due to KSN trusted
16:43:23.0806 0x1470  rimspci - ok
16:43:23.0822 0x1470  [ 380E98DB92B37A5792C962EC15BFB44C, 276F0BB59068F654BF915FB62A15E3369D40F3E0C740664BBD8DB52C6BAF9D3B ] risdpcie        C:\Windows\system32\DRIVERS\risdpe64.sys
16:43:23.0822 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\risdpe64.sys. md5: 380E98DB92B37A5792C962EC15BFB44C, sha256: 276F0BB59068F654BF915FB62A15E3369D40F3E0C740664BBD8DB52C6BAF9D3B
16:43:23.0822 0x1470  risdpcie - detected LockedFile.Multi.Generic ( 1 )
16:43:26.0272 0x1470  Detect skipped due to KSN trusted
16:43:26.0272 0x1470  risdpcie - ok
16:43:26.0287 0x1470  [ A4579105A3C5B6290701EAD0C153E07A, C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe64.sys
16:43:26.0287 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rixdpe64.sys. md5: A4579105A3C5B6290701EAD0C153E07A, sha256: C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC
16:43:26.0287 0x1470  rixdpcie - detected LockedFile.Multi.Generic ( 1 )
16:43:28.0675 0x1470  Detect skipped due to KSN trusted
16:43:28.0675 0x1470  rixdpcie - ok
16:43:28.0675 0x1470  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:43:28.0737 0x1470  RpcEptMapper - ok
16:43:28.0753 0x1470  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:43:28.0753 0x1470  RpcLocator - ok
16:43:28.0768 0x1470  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
16:43:28.0815 0x1470  RpcSs - ok
16:43:28.0831 0x1470  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:43:28.0831 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
16:43:28.0831 0x1470  rspndr - detected LockedFile.Multi.Generic ( 1 )
16:43:31.0218 0x1470  Detect skipped due to KSN trusted
16:43:31.0218 0x1470  rspndr - ok
16:43:31.0233 0x1470  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:43:31.0233 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581, sha256: E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D
16:43:31.0233 0x1470  s3cap - detected LockedFile.Multi.Generic ( 1 )
16:43:33.0683 0x1470  Detect skipped due to KSN trusted
16:43:33.0683 0x1470  s3cap - ok
16:43:33.0699 0x1470  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
16:43:33.0714 0x1470  SamSs - ok
16:43:33.0730 0x1470  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:43:33.0730 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
16:43:33.0730 0x1470  sbp2port - detected LockedFile.Multi.Generic ( 1 )
16:43:36.0102 0x1470  Detect skipped due to KSN trusted
16:43:36.0102 0x1470  sbp2port - ok
16:43:36.0461 0x1470  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:43:36.0492 0x1470  SCardSvr - ok
16:43:36.0507 0x1470  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:43:36.0507 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
16:43:36.0507 0x1470  scfilter - detected LockedFile.Multi.Generic ( 1 )
16:43:38.0879 0x1470  Detect skipped due to KSN trusted
16:43:38.0879 0x1470  scfilter - ok
16:43:38.0941 0x1470  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
16:43:38.0988 0x1470  Schedule - ok
16:43:39.0004 0x1470  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:43:39.0035 0x1470  SCPolicySvc - ok
16:43:39.0035 0x1470  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:43:39.0051 0x1470  SDRSVC - ok
16:43:39.0066 0x1470  [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:43:39.0082 0x1470  SeaPort - ok
16:43:39.0082 0x1470  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:43:39.0082 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
16:43:39.0082 0x1470  secdrv - detected LockedFile.Multi.Generic ( 1 )
16:43:41.0532 0x1470  Detect skipped due to KSN trusted
16:43:41.0532 0x1470  secdrv - ok
16:43:41.0547 0x1470  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:43:41.0594 0x1470  seclogon - ok
16:43:41.0641 0x1470  [ 9C8580D9A5F3C08556D6ECA31848DC89, BF056CB404BC6C13D0640503C7C7214696C7BA0ABCDD3590010811A5429D0AF9 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
16:43:41.0688 0x1470  SecureStorageService - detected UnsignedFile.Multi.Generic ( 1 )
16:43:44.0075 0x1470  Detect skipped due to KSN trusted
16:43:44.0075 0x1470  SecureStorageService - ok
16:43:44.0091 0x1470  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:43:44.0137 0x1470  SENS - ok
16:43:44.0153 0x1470  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:43:44.0169 0x1470  SensrSvc - ok
16:43:44.0169 0x1470  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:43:44.0169 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
16:43:44.0169 0x1470  Serenum - detected LockedFile.Multi.Generic ( 1 )
16:43:46.0540 0x1470  Detect skipped due to KSN trusted
16:43:46.0540 0x1470  Serenum - ok
16:43:46.0759 0x1470  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:43:46.0759 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
16:43:46.0759 0x1470  Serial - detected LockedFile.Multi.Generic ( 1 )
16:43:49.0208 0x1470  Detect skipped due to KSN trusted
16:43:49.0208 0x1470  Serial - ok
16:43:49.0224 0x1470  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:43:49.0224 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
16:43:49.0224 0x1470  sermouse - detected LockedFile.Multi.Generic ( 1 )
16:43:51.0611 0x1470  Detect skipped due to KSN trusted
16:43:51.0611 0x1470  sermouse - ok
16:43:51.0643 0x1470  [ 7D3903AF48E6C1DC2704EAFCB608D031, 95B0F3F4958357C919ADF31D76744D16810325C7313767395521838F65DB3FE0 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
16:43:51.0674 0x1470  ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
16:43:54.0061 0x1470  Detect skipped due to KSN trusted
16:43:54.0061 0x1470  ServiceLayer - ok
16:43:54.0077 0x1470  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:43:54.0139 0x1470  SessionEnv - ok
16:43:54.0139 0x1470  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:43:54.0139 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
16:43:54.0139 0x1470  sffdisk - detected LockedFile.Multi.Generic ( 1 )
16:43:56.0526 0x1470  Detect skipped due to KSN trusted
16:43:56.0526 0x1470  sffdisk - ok
16:43:56.0542 0x1470  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:43:56.0542 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
16:43:56.0542 0x1470  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
16:43:58.0992 0x1470  Detect skipped due to KSN trusted
16:43:58.0992 0x1470  sffp_mmc - ok
16:43:59.0007 0x1470  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:43:59.0007 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
16:43:59.0007 0x1470  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
16:44:01.0410 0x1470  Detect skipped due to KSN trusted
16:44:01.0410 0x1470  sffp_sd - ok
16:44:01.0410 0x1470  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:44:01.0410 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
16:44:01.0410 0x1470  sfloppy - detected LockedFile.Multi.Generic ( 1 )
16:44:03.0922 0x1470  Detect skipped due to KSN trusted
16:44:03.0922 0x1470  sfloppy - ok
16:44:03.0954 0x1470  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:44:04.0000 0x1470  SharedAccess - ok
16:44:04.0016 0x1470  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:44:04.0047 0x1470  ShellHWDetection - ok
16:44:04.0063 0x1470  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:44:04.0063 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
16:44:04.0063 0x1470  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
16:44:06.0497 0x1470  Detect skipped due to KSN trusted
16:44:06.0497 0x1470  SiSRaid2 - ok
16:44:06.0513 0x1470  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:44:06.0513 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
16:44:06.0513 0x1470  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
16:44:08.0900 0x1470  Detect skipped due to KSN trusted
16:44:08.0900 0x1470  SiSRaid4 - ok
16:44:08.0915 0x1470  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:44:08.0915 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
16:44:08.0915 0x1470  Smb - detected LockedFile.Multi.Generic ( 1 )
16:44:11.0303 0x1470  Detect skipped due to KSN trusted
16:44:11.0303 0x1470  Smb - ok
16:44:11.0318 0x1470  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:44:11.0334 0x1470  SNMPTRAP - ok
16:44:11.0350 0x1470  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:44:11.0350 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
16:44:11.0350 0x1470  spldr - detected LockedFile.Multi.Generic ( 1 )
16:44:13.0784 0x1470  Detect skipped due to KSN trusted
16:44:13.0784 0x1470  spldr - ok
16:44:13.0815 0x1470  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
16:44:13.0862 0x1470  Spooler - ok
16:44:13.0940 0x1470  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:44:14.0065 0x1470  sppsvc - ok
16:44:14.0065 0x1470  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:44:14.0096 0x1470  sppuinotify - ok
16:44:14.0111 0x1470  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:44:14.0111 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
16:44:14.0111 0x1470  srv - detected LockedFile.Multi.Generic ( 1 )
16:44:16.0561 0x1470  Detect skipped due to KSN trusted
16:44:16.0561 0x1470  srv - ok
16:44:16.0577 0x1470  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:44:16.0577 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
16:44:16.0577 0x1470  srv2 - detected LockedFile.Multi.Generic ( 1 )
16:44:18.0970 0x1470  Detect skipped due to KSN trusted
16:44:18.0970 0x1470  srv2 - ok
16:44:18.0986 0x1470  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:44:18.0986 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
16:44:18.0986 0x1470  srvnet - detected LockedFile.Multi.Generic ( 1 )
16:44:21.0420 0x1470  Detect skipped due to KSN trusted
16:44:21.0420 0x1470  srvnet - ok
16:44:21.0435 0x1470  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:44:21.0482 0x1470  SSDPSRV - ok
16:44:21.0498 0x1470  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:44:21.0529 0x1470  SstpSvc - ok
16:44:21.0576 0x1470  [ DAE7A8A33DF0635E6299640395037765, F401E7EDECEDDC8B9A11DF91E4DAC29D32BE5B0AE6AF34E3207F0FF2A3AB782A ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
16:44:21.0591 0x1470  STacSV - ok
16:44:21.0591 0x1470  [ C568FDB21CE77A44FD166F28F104AC46, 5D8675CE501EF9CE637FFBBC945E09184D54CF206BC3480B15170E50BCA43D6F ] stdflt          C:\Windows\system32\DRIVERS\stdfltn.sys
16:44:21.0591 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stdfltn.sys. md5: C568FDB21CE77A44FD166F28F104AC46, sha256: 5D8675CE501EF9CE637FFBBC945E09184D54CF206BC3480B15170E50BCA43D6F
16:44:21.0591 0x1470  stdflt - detected LockedFile.Multi.Generic ( 1 )
16:44:23.0944 0x1470  Detect skipped due to KSN trusted
16:44:23.0944 0x1470  stdflt - ok
16:44:23.0959 0x1470  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:44:23.0959 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
16:44:23.0959 0x1470  stexstor - detected LockedFile.Multi.Generic ( 1 )
16:44:26.0251 0x1470  Detect skipped due to KSN trusted
16:44:26.0251 0x1470  stexstor - ok
16:44:26.0274 0x1470  [ 04906A6B1DD17D38795E28AF4F4392F9, 7B2AA7176EC2DB1B416EA1B3E84871F14D718387547F482AC5ABA2BF9B647A3D ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
16:44:26.0274 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stwrt64.sys. md5: 04906A6B1DD17D38795E28AF4F4392F9, sha256: 7B2AA7176EC2DB1B416EA1B3E84871F14D718387547F482AC5ABA2BF9B647A3D
16:44:26.0274 0x1470  STHDA - detected LockedFile.Multi.Generic ( 1 )
16:44:28.0709 0x1470  Detect skipped due to KSN trusted
16:44:28.0709 0x1470  STHDA - ok
16:44:28.0729 0x1470  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:44:28.0769 0x1470  stisvc - ok
16:44:28.0789 0x1470  [ E476C66713C842F58E61A95826ED1D57, 33632E8AE6D868EAC7D676E4236E78A0B1E613C9A5FA2470A0419B2E9A6CAE4B ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:44:28.0799 0x1470  stllssvr - ok
16:44:28.0809 0x1470  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:44:28.0809 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7, sha256: F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B
16:44:28.0809 0x1470  storflt - detected LockedFile.Multi.Generic ( 1 )
16:44:31.0117 0x1470  Detect skipped due to KSN trusted
16:44:31.0117 0x1470  storflt - ok
16:44:31.0124 0x1470  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
16:44:31.0142 0x1470  StorSvc - ok
16:44:31.0147 0x1470  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:44:31.0149 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23, sha256: 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE
16:44:31.0149 0x1470  storvsc - detected LockedFile.Multi.Generic ( 1 )
16:44:33.0520 0x1470  Detect skipped due to KSN trusted
16:44:33.0520 0x1470  storvsc - ok
16:44:33.0520 0x1470  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:44:33.0530 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
16:44:33.0530 0x1470  swenum - detected LockedFile.Multi.Generic ( 1 )
16:44:35.0945 0x1470  Detect skipped due to KSN trusted
16:44:35.0945 0x1470  swenum - ok
16:44:35.0978 0x1470  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:44:36.0048 0x1470  swprv - ok
16:44:36.0088 0x1470  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
16:44:36.0158 0x1470  SysMain - ok
16:44:36.0168 0x1470  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:44:36.0188 0x1470  TabletInputService - ok
16:44:36.0198 0x1470  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:44:36.0238 0x1470  TapiSrv - ok
16:44:36.0248 0x1470  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:44:36.0288 0x1470  TBS - ok
16:44:36.0328 0x1470  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:44:36.0328 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: DB74544B75566C974815E79A62433F29, sha256: 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4
16:44:36.0338 0x1470  Tcpip - detected LockedFile.Multi.Generic ( 1 )
16:44:38.0666 0x1470  Detect skipped due to KSN trusted
16:44:38.0676 0x1470  Tcpip - ok
16:44:38.0726 0x1470  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:44:38.0726 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: DB74544B75566C974815E79A62433F29, sha256: 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4
16:44:38.0726 0x1470  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
16:44:38.0726 0x1470  Detect skipped due to KSN trusted
16:44:38.0726 0x1470  TCPIP6 - ok
16:44:38.0736 0x1470  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:44:38.0736 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519, sha256: 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784
16:44:38.0736 0x1470  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
16:44:41.0076 0x1470  Detect skipped due to KSN trusted
16:44:41.0076 0x1470  tcpipreg - ok
16:44:41.0116 0x1470  [ 69F1A38A6DBFE682491CB61A596662E3, A1FD47C8D4331132806205756F5793F2602442B233CAA0628FD27D8766321CE0 ] tcsd_win32.exe  C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
16:44:41.0156 0x1470  tcsd_win32.exe - detected UnsignedFile.Multi.Generic ( 1 )
16:44:43.0600 0x1470  Detect skipped due to KSN trusted
16:44:43.0600 0x1470  tcsd_win32.exe - ok
16:44:43.0693 0x1470  [ BF0F20805431965C47641847F33EE1A8, 2B314CBF2453BCB24A0B29D114CE8DCBE4ED8B78702B7579FDE4BAD3D6E2C3BD ] TdmService      C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
16:44:43.0756 0x1470  TdmService - ok
16:44:43.0756 0x1470  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:44:43.0756 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
16:44:43.0756 0x1470  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
16:44:46.0121 0x1470  Detect skipped due to KSN trusted
16:44:46.0121 0x1470  TDPIPE - ok
16:44:46.0121 0x1470  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:44:46.0121 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
16:44:46.0121 0x1470  TDTCP - detected LockedFile.Multi.Generic ( 1 )
16:44:48.0508 0x1470  Detect skipped due to KSN trusted
16:44:48.0508 0x1470  TDTCP - ok
16:44:48.0524 0x1470  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:44:48.0524 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
16:44:48.0524 0x1470  tdx - detected LockedFile.Multi.Generic ( 1 )
16:44:50.0958 0x1470  Detect skipped due to KSN trusted
16:44:50.0958 0x1470  tdx - ok
16:44:50.0958 0x1470  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:44:50.0958 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
16:44:50.0958 0x1470  TermDD - detected LockedFile.Multi.Generic ( 1 )
16:44:53.0329 0x1470  Detect skipped due to KSN trusted
16:44:53.0329 0x1470  TermDD - ok
16:44:53.0345 0x1470  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
16:44:53.0423 0x1470  TermService - ok
16:44:53.0438 0x1470  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:44:53.0454 0x1470  Themes - ok
16:44:53.0454 0x1470  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:44:53.0501 0x1470  THREADORDER - ok
16:44:53.0516 0x1470  tmlisten - ok
16:44:53.0516 0x1470  [ 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
16:44:53.0516 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tmtdi.sys. md5: 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, sha256: B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB
16:44:53.0516 0x1470  tmtdi - detected LockedFile.Multi.Generic ( 1 )
16:44:55.0903 0x1470  Detect skipped due to KSN trusted
16:44:55.0903 0x1470  tmtdi - ok
16:44:55.0919 0x1470  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:44:55.0950 0x1470  TrkWks - ok
16:44:55.0966 0x1470  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:44:55.0997 0x1470  TrustedInstaller - ok
16:44:56.0013 0x1470  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:56.0013 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300
16:44:56.0013 0x1470  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
16:44:58.0384 0x1470  Detect skipped due to KSN trusted
16:44:58.0384 0x1470  tssecsrv - ok
16:44:58.0400 0x1470  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:44:58.0400 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
16:44:58.0400 0x1470  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
16:45:00.0849 0x1470  Detect skipped due to KSN trusted
16:45:00.0849 0x1470  TsUsbFlt - ok
16:45:00.0865 0x1470  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:45:00.0865 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
16:45:00.0865 0x1470  tunnel - detected LockedFile.Multi.Generic ( 1 )
16:45:03.0283 0x1470  Detect skipped due to KSN trusted
16:45:03.0283 0x1470  tunnel - ok
16:45:03.0298 0x1470  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:45:03.0298 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
16:45:03.0298 0x1470  uagp35 - detected LockedFile.Multi.Generic ( 1 )
16:45:05.0732 0x1470  Detect skipped due to KSN trusted
16:45:05.0732 0x1470  uagp35 - ok
16:45:05.0763 0x1470  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:45:05.0763 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
16:45:05.0763 0x1470  udfs - detected LockedFile.Multi.Generic ( 1 )
16:45:08.0213 0x1470  Detect skipped due to KSN trusted
16:45:08.0213 0x1470  udfs - ok
16:45:08.0228 0x1470  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:45:08.0260 0x1470  UI0Detect - ok
16:45:08.0275 0x1470  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:45:08.0275 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
16:45:08.0275 0x1470  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
16:45:10.0647 0x1470  Detect skipped due to KSN trusted
16:45:10.0647 0x1470  uliagpkx - ok
16:45:10.0647 0x1470  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
16:45:10.0662 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
16:45:10.0662 0x1470  umbus - detected LockedFile.Multi.Generic ( 1 )
16:45:13.0033 0x1470  Detect skipped due to KSN trusted
16:45:13.0033 0x1470  umbus - ok
16:45:13.0049 0x1470  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:45:13.0049 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
16:45:13.0049 0x1470  UmPass - detected LockedFile.Multi.Generic ( 1 )
16:45:15.0483 0x1470  Detect skipped due to KSN trusted
16:45:15.0483 0x1470  UmPass - ok
16:45:15.0498 0x1470  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:45:15.0530 0x1470  UmRdpService - ok
16:45:15.0545 0x1470  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:45:15.0576 0x1470  upnphost - ok
16:45:15.0592 0x1470  [ 4E93C8496359E97830C75AC36393654D, D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:45:15.0592 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys. md5: 4E93C8496359E97830C75AC36393654D, sha256: D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A
16:45:15.0592 0x1470  upperdev - detected LockedFile.Multi.Generic ( 1 )
16:45:17.0963 0x1470  Detect skipped due to KSN trusted
16:45:17.0963 0x1470  upperdev - ok
16:45:17.0979 0x1470  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:45:17.0979 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: C9E9D59C0099A9FF51697E9306A44240, sha256: 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1
16:45:17.0979 0x1470  USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
16:45:20.0366 0x1470  Detect skipped due to KSN trusted
16:45:20.0366 0x1470  USBAAPL64 - ok
16:45:20.0382 0x1470  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:45:20.0382 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
16:45:20.0382 0x1470  usbccgp - detected LockedFile.Multi.Generic ( 1 )
16:45:22.0831 0x1470  Detect skipped due to KSN trusted
16:45:22.0831 0x1470  usbccgp - ok
16:45:22.0847 0x1470  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:45:22.0847 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
16:45:22.0847 0x1470  usbcir - detected LockedFile.Multi.Generic ( 1 )
16:45:25.0234 0x1470  Detect skipped due to KSN trusted
16:45:25.0234 0x1470  usbcir - ok
16:45:25.0249 0x1470  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:45:25.0249 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
16:45:25.0249 0x1470  usbehci - detected LockedFile.Multi.Generic ( 1 )
16:45:27.0636 0x1470  Detect skipped due to KSN trusted
16:45:27.0636 0x1470  usbehci - ok
16:45:27.0667 0x1470  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:45:27.0667 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
16:45:27.0667 0x1470  usbhub - detected LockedFile.Multi.Generic ( 1 )
16:45:30.0039 0x1470  Detect skipped due to KSN trusted
16:45:30.0039 0x1470  usbhub - ok
16:45:30.0054 0x1470  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:45:30.0054 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
16:45:30.0054 0x1470  usbohci - detected LockedFile.Multi.Generic ( 1 )
16:45:32.0504 0x1470  Detect skipped due to KSN trusted
16:45:32.0504 0x1470  usbohci - ok
16:45:32.0519 0x1470  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:45:32.0519 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
16:45:32.0519 0x1470  usbprint - detected LockedFile.Multi.Generic ( 1 )
16:45:34.0906 0x1470  Detect skipped due to KSN trusted
16:45:34.0906 0x1470  usbprint - ok
16:45:34.0922 0x1470  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:45:34.0922 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: 9661DA76B4531B2DA272ECCE25A8AF24, sha256: FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637
16:45:34.0922 0x1470  usbscan - detected LockedFile.Multi.Generic ( 1 )
16:45:37.0309 0x1470  Detect skipped due to KSN trusted
16:45:37.0309 0x1470  usbscan - ok
16:45:37.0325 0x1470  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\drivers\usbser.sys
16:45:37.0325 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbser.sys. md5: B57B4F0BEC4270A281B9F8537EB2FA04, sha256: 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382
16:45:37.0325 0x1470  usbser - detected LockedFile.Multi.Generic ( 1 )
16:45:39.0774 0x1470  Detect skipped due to KSN trusted
16:45:39.0774 0x1470  usbser - ok
16:45:39.0790 0x1470  [ 8844CB19A37B65E27049D4A7786726A9, 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:45:39.0790 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys. md5: 8844CB19A37B65E27049D4A7786726A9, sha256: 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59
16:45:39.0790 0x1470  UsbserFilt - detected LockedFile.Multi.Generic ( 1 )
16:45:42.0333 0x1470  Detect skipped due to KSN trusted
16:45:42.0333 0x1470  UsbserFilt - ok
16:45:42.0348 0x1470  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:45:42.0348 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: D76510CFA0FC09023077F22C2F979D86, sha256: 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439
16:45:42.0348 0x1470  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
16:45:44.0735 0x1470  Detect skipped due to KSN trusted
16:45:44.0735 0x1470  USBSTOR - ok
16:45:44.0751 0x1470  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:45:44.0751 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
16:45:44.0751 0x1470  usbuhci - detected LockedFile.Multi.Generic ( 1 )
16:45:47.0138 0x1470  Detect skipped due to KSN trusted
16:45:47.0138 0x1470  usbuhci - ok
16:45:47.0153 0x1470  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:45:47.0153 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
16:45:47.0153 0x1470  usbvideo - detected LockedFile.Multi.Generic ( 1 )
16:45:49.0540 0x1470  Detect skipped due to KSN trusted
16:45:49.0540 0x1470  usbvideo - ok
16:45:49.0540 0x1470  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:45:49.0587 0x1470  UxSms - ok
16:45:49.0587 0x1470  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
16:45:49.0587 0x1470  VaultSvc - ok
16:45:49.0603 0x1470  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:45:49.0603 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
16:45:49.0603 0x1470  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
16:45:52.0036 0x1470  Detect skipped due to KSN trusted
16:45:52.0036 0x1470  vdrvroot - ok
16:45:52.0068 0x1470  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:45:52.0130 0x1470  vds - ok
16:45:52.0130 0x1470  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:45:52.0130 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
16:45:52.0130 0x1470  vga - detected LockedFile.Multi.Generic ( 1 )
16:45:54.0517 0x1470  Detect skipped due to KSN trusted
16:45:54.0517 0x1470  vga - ok
16:45:54.0533 0x1470  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:45:54.0533 0x1470  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
16:45:54.0533 0x1470  VgaSave - detected LockedFile.Multi.Generic ( 1 )
16:45:56.0920 0x1470  Detect skipped due to KSN trusted
16:45:56.0920 0x1470  VgaSave - ok
16:45:56.0951 0x1470  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:45:56.0951 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
16:45:56.0951 0x1470  vhdmp - detected LockedFile.Multi.Generic ( 1 )
16:45:59.0385 0x1470  Detect skipped due to KSN trusted
16:45:59.0385 0x1470  vhdmp - ok
16:45:59.0400 0x1470  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:45:59.0400 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
16:45:59.0400 0x1470  viaide - detected LockedFile.Multi.Generic ( 1 )
16:46:01.0787 0x1470  Detect skipped due to KSN trusted
16:46:01.0787 0x1470  viaide - ok
16:46:01.0803 0x1470  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:46:01.0803 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F, sha256: 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691
16:46:01.0803 0x1470  vmbus - detected LockedFile.Multi.Generic ( 1 )
16:46:04.0190 0x1470  Detect skipped due to KSN trusted
16:46:04.0190 0x1470  vmbus - ok
16:46:04.0205 0x1470  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:46:04.0205 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187, sha256: 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4
16:46:04.0205 0x1470  VMBusHID - detected LockedFile.Multi.Generic ( 1 )
16:46:06.0592 0x1470  Detect skipped due to KSN trusted
16:46:06.0592 0x1470  VMBusHID - ok
16:46:06.0608 0x1470  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:46:06.0608 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
16:46:06.0608 0x1470  volmgr - detected LockedFile.Multi.Generic ( 1 )
16:46:09.0057 0x1470  Detect skipped due to KSN trusted
16:46:09.0057 0x1470  volmgr - ok
16:46:09.0089 0x1470  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:46:09.0089 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
16:46:09.0089 0x1470  volmgrx - detected LockedFile.Multi.Generic ( 1 )
16:46:11.0476 0x1470  Detect skipped due to KSN trusted
16:46:11.0476 0x1470  volmgrx - ok
16:46:11.0507 0x1470  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:46:11.0507 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
16:46:11.0507 0x1470  volsnap - detected LockedFile.Multi.Generic ( 1 )
16:46:13.0878 0x1470  Detect skipped due to KSN trusted
16:46:13.0878 0x1470  volsnap - ok
16:46:13.0909 0x1470  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
16:46:13.0909 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: B4A73CA4EF9A02B9738CEA9AD5FE5917, sha256: B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166
16:46:13.0909 0x1470  vpcbus - detected LockedFile.Multi.Generic ( 1 )
16:46:16.0359 0x1470  Detect skipped due to KSN trusted
16:46:16.0359 0x1470  vpcbus - ok
16:46:16.0374 0x1470  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
16:46:16.0374 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: E675FB2B48C54F09895482E2253B289C, sha256: 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2
16:46:16.0374 0x1470  vpcnfltr - detected LockedFile.Multi.Generic ( 1 )
16:46:18.0824 0x1470  Detect skipped due to KSN trusted
16:46:18.0824 0x1470  vpcnfltr - ok
16:46:18.0839 0x1470  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
16:46:18.0839 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 5FB42082B0D19A0268705F1DD343DF20, sha256: 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9
16:46:18.0839 0x1470  vpcusb - detected LockedFile.Multi.Generic ( 1 )
16:46:21.0226 0x1470  Detect skipped due to KSN trusted
16:46:21.0226 0x1470  vpcusb - ok
16:46:21.0258 0x1470  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
16:46:21.0258 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vpcvmm.sys. md5: 207B6539799CC1C112661A9B620DD233, sha256: 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6
16:46:21.0258 0x1470  vpcvmm - detected LockedFile.Multi.Generic ( 1 )
16:46:23.0645 0x1470  Detect skipped due to KSN trusted
16:46:23.0645 0x1470  vpcvmm - ok
16:46:23.0660 0x1470  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:46:23.0660 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
16:46:23.0660 0x1470  vsmraid - detected LockedFile.Multi.Generic ( 1 )
16:46:26.0047 0x1470  Detect skipped due to KSN trusted
16:46:26.0047 0x1470  vsmraid - ok
16:46:26.0110 0x1470  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:46:26.0188 0x1470  VSS - ok
16:46:26.0188 0x1470  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:46:26.0188 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
16:46:26.0188 0x1470  vwifibus - detected LockedFile.Multi.Generic ( 1 )
16:46:28.0637 0x1470  Detect skipped due to KSN trusted
16:46:28.0637 0x1470  vwifibus - ok
16:46:28.0653 0x1470  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:46:28.0653 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
16:46:28.0653 0x1470  vwififlt - detected LockedFile.Multi.Generic ( 1 )
16:46:31.0039 0x1470  Detect skipped due to KSN trusted
16:46:31.0039 0x1470  vwififlt - ok
16:46:31.0039 0x1470  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:46:31.0039 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
16:46:31.0039 0x1470  vwifimp - detected LockedFile.Multi.Generic ( 1 )
16:46:35.0002 0x1470  Detect skipped due to KSN trusted
16:46:35.0002 0x1470  vwifimp - ok
16:46:35.0018 0x1470  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:46:35.0065 0x1470  W32Time - ok
16:46:35.0065 0x1470  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:46:35.0065 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
16:46:35.0065 0x1470  WacomPen - detected LockedFile.Multi.Generic ( 1 )
16:46:37.0514 0x1470  Detect skipped due to KSN trusted
16:46:37.0514 0x1470  WacomPen - ok
16:46:37.0530 0x1470  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:46:37.0530 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
16:46:37.0530 0x1470  WANARP - detected LockedFile.Multi.Generic ( 1 )
16:46:39.0917 0x1470  Detect skipped due to KSN trusted
16:46:39.0917 0x1470  WANARP - ok
16:46:39.0917 0x1470  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:46:39.0917 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
16:46:39.0917 0x1470  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
16:46:39.0917 0x1470  Detect skipped due to KSN trusted
16:46:39.0917 0x1470  Wanarpv6 - ok
16:46:39.0979 0x1470  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:46:40.0026 0x1470  wbengine - ok
16:46:40.0041 0x1470  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:46:40.0057 0x1470  WbioSrvc - ok
16:46:40.0073 0x1470  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:46:40.0088 0x1470  wcncsvc - ok
16:46:40.0104 0x1470  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:46:40.0104 0x1470  WcsPlugInService - ok
16:46:40.0119 0x1470  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:46:40.0119 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
16:46:40.0119 0x1470  Wd - detected LockedFile.Multi.Generic ( 1 )
16:46:42.0491 0x1470  Detect skipped due to KSN trusted
16:46:42.0491 0x1470  Wd - ok
16:46:42.0538 0x1470  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:46:42.0538 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
16:46:42.0538 0x1470  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
16:46:44.0971 0x1470  Detect skipped due to KSN trusted
16:46:44.0971 0x1470  Wdf01000 - ok
16:46:45.0003 0x1470  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:46:45.0065 0x1470  WdiServiceHost - ok
16:46:45.0065 0x1470  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:46:45.0096 0x1470  WdiSystemHost - ok
16:46:45.0096 0x1470  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
16:46:45.0127 0x1470  WebClient - ok
16:46:45.0127 0x1470  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:46:45.0174 0x1470  Wecsvc - ok
16:46:45.0174 0x1470  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:46:45.0205 0x1470  wercplsupport - ok
16:46:45.0221 0x1470  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:46:45.0252 0x1470  WerSvc - ok
16:46:45.0252 0x1470  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:46:45.0252 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
16:46:45.0252 0x1470  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
16:46:47.0639 0x1470  Detect skipped due to KSN trusted
16:46:47.0639 0x1470  WfpLwf - ok
16:46:47.0655 0x1470  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:46:47.0655 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
16:46:47.0655 0x1470  WIMMount - detected LockedFile.Multi.Generic ( 1 )
16:46:50.0104 0x1470  Detect skipped due to KSN trusted
16:46:50.0104 0x1470  WIMMount - ok
16:46:50.0120 0x1470  WinDefend - ok
16:46:50.0120 0x1470  WinHttpAutoProxySvc - ok
16:46:50.0151 0x1470  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:46:50.0198 0x1470  Winmgmt - ok
16:46:50.0245 0x1470  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:46:50.0338 0x1470  WinRM - ok
16:46:50.0338 0x1470  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:46:50.0338 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
16:46:50.0338 0x1470  WinUsb - detected LockedFile.Multi.Generic ( 1 )
16:46:52.0725 0x1470  Detect skipped due to KSN trusted
16:46:52.0725 0x1470  WinUsb - ok
16:46:52.0772 0x1470  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:46:52.0819 0x1470  Wlansvc - ok
16:46:52.0834 0x1470  [ 8097878196EFAA50A70B42AEF8225A61, A3EE52793A612425B0EA0769F3EFDE6668F37D743D89DEBC13E1B410C80ADB66 ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
16:46:52.0834 0x1470  wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
16:46:55.0206 0x1470  Detect skipped due to KSN trusted
16:46:55.0206 0x1470  wltrysvc - ok
16:46:55.0221 0x1470  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:46:55.0221 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
16:46:55.0221 0x1470  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
16:46:57.0624 0x1470  Detect skipped due to KSN trusted
16:46:57.0624 0x1470  WmiAcpi - ok
16:46:57.0640 0x1470  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:46:57.0686 0x1470  wmiApSrv - ok
16:46:57.0686 0x1470  WMPNetworkSvc - ok
16:46:57.0702 0x1470  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:46:57.0718 0x1470  WPCSvc - ok
16:46:57.0718 0x1470  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:46:57.0733 0x1470  WPDBusEnum - ok
16:46:57.0749 0x1470  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:46:57.0749 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
16:46:57.0749 0x1470  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
16:47:00.0120 0x1470  Detect skipped due to KSN trusted
16:47:00.0120 0x1470  ws2ifsl - ok
16:47:00.0136 0x1470  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:47:00.0151 0x1470  wscsvc - ok
16:47:00.0167 0x1470  WSearch - ok
16:47:00.0229 0x1470  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:47:00.0307 0x1470  wuauserv - ok
16:47:00.0323 0x1470  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:47:00.0323 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C, sha256: 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9
16:47:00.0323 0x1470  WudfPf - detected LockedFile.Multi.Generic ( 1 )
16:47:02.0694 0x1470  Detect skipped due to KSN trusted
16:47:02.0694 0x1470  WudfPf - ok
16:47:02.0710 0x1470  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:02.0726 0x1470  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682, sha256: FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF
16:47:02.0726 0x1470  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
16:47:05.0159 0x1470  Detect skipped due to KSN trusted
16:47:05.0159 0x1470  WUDFRd - ok
16:47:05.0175 0x1470  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:47:05.0206 0x1470  wudfsvc - ok
16:47:05.0222 0x1470  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:47:05.0237 0x1470  WwanSvc - ok
16:47:05.0253 0x1470  ================ Scan global ===============================
16:47:05.0253 0x1470  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:47:05.0284 0x1470  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:47:05.0300 0x1470  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:47:05.0300 0x1470  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:47:05.0315 0x1470  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:47:05.0315 0x1470  [ Global ] - ok
16:47:05.0315 0x1470  ================ Scan MBR ==================================
16:47:05.0315 0x1470  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:47:05.0565 0x1470  \Device\Harddisk0\DR0 - ok
16:47:05.0581 0x1470  [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk1\DR1
16:47:05.0643 0x1470  \Device\Harddisk1\DR1 - ok
16:47:05.0643 0x1470  ================ Scan VBR ==================================
16:47:05.0643 0x1470  [ 1C1C7641746ED2092B7EFE2B54E2C41A ] \Device\Harddisk0\DR0\Partition1
16:47:05.0659 0x1470  \Device\Harddisk0\DR0\Partition1 - ok
16:47:05.0659 0x1470  [ 0A53DDE415C9AC3B70B1A1F5E9E90CCB ] \Device\Harddisk0\DR0\Partition2
16:47:05.0659 0x1470  \Device\Harddisk0\DR0\Partition2 - ok
16:47:05.0674 0x1470  [ 64CBCA4A18DEEF39A7C1D22C8CA24A21 ] \Device\Harddisk0\DR0\Partition3
16:47:05.0674 0x1470  \Device\Harddisk0\DR0\Partition3 - ok
16:47:05.0674 0x1470  [ 25DE6E919F88779E23ACC9E62FC2E446 ] \Device\Harddisk1\DR1\Partition1
16:47:05.0674 0x1470  \Device\Harddisk1\DR1\Partition1 - ok
16:47:05.0674 0x1470  Waiting for KSN requests completion. In queue: 7
16:47:06.0688 0x1470  Waiting for KSN requests completion. In queue: 2
16:47:07.0702 0x1470  Waiting for KSN requests completion. In queue: 2
16:47:08.0732 0x1470  AV detected via SS2: Trend Micro OfficeScan Virenschutz, C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pccntmon.exe (  ), 0x41000 ( enabled : updated )
16:47:08.0748 0x1470  Win FW state via NFP2: enabled
16:47:11.0150 0x1470  ============================================================
16:47:11.0150 0x1470  Scan finished
16:47:11.0150 0x1470  ============================================================
16:47:11.0166 0x1468  Detected object count: 1
16:47:11.0166 0x1468  Actual detected object count: 1
16:47:34.0022 0x1468  C:\Windows\System32\Drivers\35e788ab90485f7f.sys - copied to quarantine
16:47:34.0037 0x1468  HKLM\SYSTEM\ControlSet001\services\35e788ab90485f7f - will be deleted on reboot
16:47:34.0037 0x1468  HKLM\SYSTEM\ControlSet002\services\35e788ab90485f7f - will be deleted on reboot
16:47:34.0053 0x1468  C:\Windows\System32\Drivers\35e788ab90485f7f.sys - will be deleted on reboot
16:47:34.0053 0x1468  35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
16:47:34.0084 0x1468  KLMD registered as C:\Windows\system32\drivers\90695672.sys
16:47:41.0182 0x0ce0  Deinitialize success

schrauber · 03.04.2014, 08:06

Supi, jetzt bitte nochmal einen Scan mit TDSSKiller machen und das Log posten.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

seeufirst · 03.04.2014, 13:27

Hier das Combofix Log-file:
Combofix Logfile:

Code:

ATTFilter

ComboFix 14-04-03.01 - USERNAME 03.04.2014  13:53:46.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8182.6363 [GMT 2:00]
ausgeführt von:: c:\users\USERNAME\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Virenschutz *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\USERNAME\MM26_GER.exe
c:\windows\SysWow64\test
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-03 bis 2014-04-03  ))))))))))))))))))))))))))))))
.
.
2014-04-03 12:00 . 2014-04-03 12:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-03 12:00 . 2014-04-03 12:00	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-04-03 12:00 . 2014-04-03 12:00	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2014-04-03 12:00 . 2014-04-03 12:00	--------	d-----w-	c:\users\pp80\AppData\Local\temp
2014-04-03 12:00 . 2014-04-03 12:00	--------	d-----w-	c:\users\meinschenk\AppData\Local\temp
2014-04-02 12:18 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FF17B7C-FD67-4C51-B5B9-D079CBB12D94}\mpengine.dll
2014-04-01 15:05 . 2011-03-21 10:54	16928	----a-w-	c:\windows\system32\drivers\ftvnic.sys
2014-04-01 15:05 . 2014-04-01 15:05	--------	d-----w-	c:\program files\Common Files\Fortinet
2014-04-01 14:47 . 2014-04-01 14:47	--------	d-----w-	C:\TDSSKiller_Quarantine
2014-03-25 15:09 . 2014-03-25 15:09	--------	d-----w-	c:\program files (x86)\Trend Micro
2014-03-25 14:38 . 2014-03-25 14:38	--------	d-----w-	c:\program files (x86)\Fortinet
2014-03-25 14:19 . 2014-03-25 14:19	--------	d-----w-	c:\programdata\Applications
2014-03-25 14:12 . 2014-03-25 14:13	--------	d-----w-	C:\FRST
2014-03-24 16:29 . 2014-03-24 16:39	--------	d-----w-	c:\program files (x86)\Advanced Fix 2014
2014-03-24 15:28 . 2014-03-24 16:08	2120	----a-w-	C:\FixitRegBackup.reg
2014-03-24 13:21 . 2014-03-24 13:21	--------	d-----w-	c:\users\USERNAME\AppData\Roaming\Malwarebytes
2014-03-24 13:21 . 2014-03-24 13:21	--------	d-----w-	c:\programdata\Malwarebytes
2014-03-24 13:19 . 2014-03-24 13:19	--------	d-----w-	c:\users\USERNAME\AppData\Local\Programs
2014-03-21 23:49 . 2014-03-21 23:49	--------	d--h--w-	c:\windows\msdownld.tmp
2014-03-13 20:32 . 2013-07-04 12:50	633856	----a-w-	c:\windows\system32\comctl32.dll
2014-03-13 20:32 . 2013-07-04 11:50	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2014-03-13 20:30 . 2013-10-05 20:25	1474048	----a-w-	c:\windows\system32\crypt32.dll
2014-03-13 20:30 . 2013-10-05 19:57	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2014-03-13 20:30 . 2014-01-29 02:32	484864	----a-w-	c:\windows\system32\wer.dll
2014-03-13 20:30 . 2014-01-29 02:06	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-03-13 20:29 . 2013-10-19 02:18	81408	----a-w-	c:\windows\system32\imagehlp.dll
2014-03-13 20:29 . 2013-10-19 01:36	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2014-03-13 20:29 . 2013-08-29 01:29	33280	----a-w-	c:\windows\system32\drivers\usbser.sys
2014-03-13 20:28 . 2013-12-06 02:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-03-13 20:28 . 2013-12-06 02:30	1882112	----a-w-	c:\windows\system32\msxml3.dll
2014-03-13 20:28 . 2013-12-06 02:02	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2014-03-13 20:28 . 2013-12-06 02:02	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-03-13 20:27 . 2013-09-28 01:09	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2014-03-13 20:26 . 2013-10-04 02:16	116736	----a-w-	c:\windows\system32\drivers\drmk.sys
2014-03-13 20:26 . 2013-10-04 01:36	230400	----a-w-	c:\windows\system32\drivers\portcls.sys
2014-03-13 20:26 . 2014-02-07 01:23	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-03-13 20:24 . 2013-11-27 01:41	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2014-03-13 20:24 . 2013-11-27 01:41	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2014-03-13 20:24 . 2013-11-27 01:41	53248	----a-w-	c:\windows\system32\drivers\usbehci.sys
2014-03-13 20:24 . 2013-11-27 01:41	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2014-03-13 20:24 . 2013-11-27 01:41	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2014-03-13 20:24 . 2013-11-27 01:41	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2014-03-13 20:24 . 2013-11-27 01:41	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2014-03-13 20:22 . 2013-07-12 10:41	185344	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2014-03-13 20:22 . 2013-07-12 10:41	100864	----a-w-	c:\windows\system32\drivers\usbcir.sys
2014-03-13 20:21 . 2013-07-03 04:40	42496	----a-w-	c:\windows\system32\drivers\usbscan.sys
2014-03-13 20:21 . 2013-07-03 04:05	76800	----a-w-	c:\windows\system32\drivers\hidclass.sys
2014-03-13 20:21 . 2013-07-03 04:05	32896	----a-w-	c:\windows\system32\drivers\hidparse.sys
2014-03-13 20:20 . 2013-12-21 09:39	600064	----a-w-	c:\windows\system32\vbscript.dll
2014-03-13 20:20 . 2013-12-21 07:56	523776	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-13 20:16 . 2013-12-24 23:09	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-03-13 20:16 . 2013-12-24 22:48	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-03-13 20:16 . 2013-11-26 08:16	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2014-03-13 20:16 . 2013-11-22 22:48	3928064	----a-w-	c:\windows\system32\d2d1.dll
2014-03-13 20:15 . 2014-02-23 08:12	197120	----a-w-	c:\windows\system32\msrating.dll
2014-03-13 20:15 . 2014-02-23 06:35	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2014-03-13 20:15 . 2014-02-23 06:31	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-03-13 20:15 . 2014-02-23 08:13	279040	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2014-03-13 20:15 . 2014-02-23 08:11	526336	----a-w-	c:\windows\system32\ieui.dll
2014-03-13 20:15 . 2014-02-23 06:54	218112	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-03-13 20:15 . 2014-02-23 06:53	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2014-03-13 20:11 . 2013-10-03 02:23	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-03-13 20:11 . 2013-10-03 02:00	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-03-13 20:11 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-13 20:11 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-13 20:08 . 2013-07-20 10:33	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-03-13 20:08 . 2013-07-20 10:33	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-12 11:48 . 2013-09-02 14:58	175528	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2014-03-12 11:48 . 2013-08-29 16:30	85376	----a-w-	c:\windows\system32\drivers\tmactmon.sys
2014-03-12 11:47 . 2013-07-26 02:24	14172672	----a-w-	c:\windows\system32\shell32.dll
2014-03-12 11:47 . 2013-07-26 02:24	197120	----a-w-	c:\windows\system32\shdocvw.dll
2014-03-08 20:16 . 2014-03-20 15:30	--------	d-----w-	c:\users\USERNAME\AppData\Local\CrashDumps
2014-03-05 13:26 . 2014-03-05 13:26	--------	d-----w-	c:\programdata\pcvisit Software AG
2014-03-05 13:26 . 2014-03-05 13:26	--------	d-----w-	c:\users\USERNAME\AppData\Local\pcvisit Software AG
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-25 13:57 . 2014-03-25 13:57	577701	----a-w-	C:\53MPRM1_2014.03.25-1454.41_52AEB628-00A9-00CE-00A2-00C97232013E_17907.zip
2014-03-12 12:41 . 2012-04-08 11:45	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 12:41 . 2011-05-17 09:48	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:09 . 2014-03-04 09:09	96480	----a-w-	c:\windows\fcsetup.exe
2014-03-04 08:50 . 2014-03-04 08:50	28384	----a-w-	c:\windows\system32\drivers\fortiwf2.sys
2014-03-04 08:49 . 2014-03-04 08:49	47328	----a-w-	c:\windows\system32\drivers\FortiRdr2.sys
2014-03-04 08:49 . 2014-03-04 08:49	133856	----a-w-	c:\windows\system32\drivers\fortips.sys
2014-03-04 08:49 . 2014-03-04 08:49	37600	----a-w-	c:\windows\system32\drivers\fortifw2.sys
2014-03-04 08:49 . 2014-03-04 08:49	12512	----a-w-	c:\windows\system32\drivers\fortiloader.sys
2014-03-04 08:49 . 2014-03-04 08:49	56544	----a-w-	c:\windows\system32\drivers\FortiShield.sys
2014-03-04 08:49 . 2014-03-04 08:49	50912	----a-w-	c:\windows\system32\drivers\FortiRmon.sys
2014-03-04 08:49 . 2014-03-04 08:49	56032	----a-w-	c:\windows\system32\drivers\fortimon2.sys
2014-03-04 08:49 . 2014-03-04 08:49	16096	----a-w-	c:\windows\system32\drivers\fortiapd.sys
2014-01-20 04:00 . 2010-09-05 11:25	270496	------w-	c:\windows\system32\MpSigStub.exe
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE" [2009-12-09 202576]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVCServ"="c:\program files (x86)\DATEV-SiPa-compact\DVCSERV" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"DellBtrEvent"="d:\program files (x86)\Dell\Reader 2.0\DellBtrEvent.exe" [2009-08-25 147456]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 1121568]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1416480]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-7-14 1207312]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-651377827-682003330-1178\Scripts\Logon\0\0]
"Script"=mount_is.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-651377827-682003330-1202\Scripts\Logon\0\0]
"Script"=mount_sys.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-651377827-682003330-3773\Scripts\Logon\0\0]
"Script"=mount_sys.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 A2DDA;A2 Direct Disk Access Support Driver;f:\eek\RUN\a2ddax64.sys;f:\eek\RUN\a2ddax64.sys [x]
R1 FortiFW;FortiFW;c:\windows\system32\drivers\FortiFW2.sys;c:\windows\SYSNATIVE\drivers\FortiFW2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cleanhlp;cleanhlp;f:\eek\Run\cleanhlp64.sys;f:\eek\Run\cleanhlp64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 FARegMon;FARegMon;c:\windows\system32\drivers\FortiRmon.sys;c:\windows\SYSNATIVE\drivers\FortiRmon.sys [x]
R3 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys;c:\windows\SYSNATIVE\drivers\fortips.sys [x]
R3 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys;c:\windows\SYSNATIVE\drivers\FortiRdr2.sys [x]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys;c:\windows\SYSNATIVE\drivers\KOBCCEX.sys [x]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys;c:\windows\SYSNATIVE\drivers\KOBCCID.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 fortiloader;fortiloader;c:\windows\system32\drivers\fortiloader.sys;c:\windows\SYSNATIVE\drivers\fortiloader.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdfltn.sys [x]
S1 DVMIO;DVMIO;d:\program files (x86)\Dell\Reader 2.0\dvmio_x64.sys;d:\program files (x86)\Dell\Reader 2.0\dvmio_x64.sys [x]
S1 FAFileMon;FAFileMon;c:\windows\system32\drivers\fortimon2.sys;c:\windows\SYSNATIVE\drivers\fortimon2.sys [x]
S1 FortiFilter;Fortinet NDIS6 Packet Filter Service;c:\windows\system32\DRIVERS\FortiFilter.sys;c:\windows\SYSNATIVE\DRIVERS\FortiFilter.sys [x]
S1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys;c:\windows\SYSNATIVE\drivers\FortiShield.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe [x]
S2 buttonsvc64;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [x]
S2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe;c:\windows\SYSNATIVE\DKabcoms.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files (x86)\Dell\Reader 2.0\DVMExportService.exe;d:\program files (x86)\Dell\Reader 2.0\DVMExportService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys;c:\windows\SYSNATIVE\drivers\fortiapd.sys [x]
S3 FortiWF;FortiWF;c:\windows\system32\drivers\FortiWF2.sys;c:\windows\SYSNATIVE\drivers\FortiWF2.sys [x]
S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ftvnic.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 mdareDriver_43;mdareDriver_43;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys [x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys;c:\windows\SYSNATIVE\DRIVERS\pppop64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:41]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 00:17]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 00:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 21:02	60784	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 21:02	60784	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 391024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-11-30 5107712]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-14 34232]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 130576]
"nwiz"="nwiz.exe" [2010-04-14 1712744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-16 16414824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-04-16 95336]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.desys.de/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.180.32.186 194.180.32.187
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-OfficeScanNT Monitor - c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe
SafeBoot-06103282.sys
SafeBoot-41014840.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
Toolbar-Locked - (no file)
AddRemove-OfficeScanNT - c:\program files (x86)\Trend Micro\OfficeScan Client\ntrmv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Fortinet\FortiClient\scheduler.exe
c:\program files (x86)\Fortinet\FortiClient\FCDBLog.exe
c:\program files (x86)\Fortinet\FortiClient\fcappdb.exe
c:\program files (x86)\Fortinet\FortiClient\fortiwf.exe
c:\program files (x86)\Fortinet\FortiClient\FortiESNAC.exe
c:\program files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Fortinet\FortiClient\FortiProxy.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files (x86)\Fortinet\FortiClient\fmon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-03  14:17:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-03 12:17
.
Vor Suchlauf: 23 Verzeichnis(se), 25.977.847.808 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 26.110.631.936 Bytes frei
.
- - End Of File - - 1169887D8A96329FCA8E1B64FA99F9F2

--- --- ---

schrauber · 04.04.2014, 09:46

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

seeufirst · 04.04.2014, 14:12

Hallo Schrauber,
vielen Dank. Wird gemacht so bald ich an den Rechner komm. Kann aber Anfang nächster Woche werden.
Gruß
seeufirst

schrauber · 05.04.2014, 10:41

ok

05.04.2014, 10:41	#15
schrauber /// the machine /// TB-Ausbilder	Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren

Log-Analyse und Auswertung: Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren