| |
| |||||||
Log-Analyse und Auswertung: Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2014, 02:13
| #1 |
 |  Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Liebes Trojaner-Board-Team, bräuchte unbedingt eure Hilfe. Habe gestern von meinem Internet - Anbieter einen Brief bekommen, mit der Mitteilung dass von meinen Anschluss Spam-Mails versendet wurden. Es folgten die Hinweise, ich sollte Computer auf Viren und Trojaner durchsuchen. Daraufhin habe ich Avira mal alles durchscannen lassen und dabei wurde TR/Agent.37888.248 entdeckt. Hatte es einige male versucht zu entfernen bzw. in Quarantäne zu stecken, was mir nicht gelungen ist. Computer startet neu, aber beim erneuten Durchsuchen ist es immer noch da. Hinzu kommt das Problem, dass Echtzeit-Scanner lahm gelegt wurde und nicht mehr aktiviert werden kann. Bis zum gestrigen Tag hatte ich keine ernsthafte Probleme feststellen können, kann deshalb nicht einschätzen seit wann Trojaner drauf ist. defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:48 on 07/07/2014 (*****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read 8a6a6eefe4cb1615.sys Unable to read tdx.sys Unable to read termdd.sys Unable to read tssecsrv.sys Unable to read TsUsbFlt.sys Unable to read tunnel.sys Unable to read UAGP35.SYS Unable to read udfs.sys Unable to read ULIAGPKX.SYS Unable to read umbus.sys Unable to read umpass.sys Unable to read usb8023.sys Unable to read usbccgp.sys Unable to read usbcir.sys Unable to read usbd.sys Unable to read usbehci.sys Unable to read usbhub.sys Unable to read usbohci.sys Unable to read usbport.sys Unable to read usbprint.sys Unable to read usbscan.sys Unable to read USBSTOR.SYS Unable to read usbuhci.sys Unable to read usbvideo.sys Unable to read vdrvroot.sys Unable to read vga.sys Unable to read vgapnp.sys Unable to read vhdmp.sys Unable to read VIAAGP.SYS Unable to read viac7.sys Unable to read viaide.sys Unable to read videoprt.sys Unable to read volmgr.sys Unable to read volmgrx.sys Unable to read volsnap.sys Unable to read vpnva.sys Unable to read vsmraid.sys Unable to read vwifibus.sys Unable to read vwififlt.sys Unable to read vwifimp.sys Unable to read wacompen.sys Unable to read wanarp.sys Unable to read watchdog.sys Unable to read wd.sys Unable to read Wdf01000.sys Unable to read WdfLdr.sys Unable to read wfplwf.sys Unable to read wimmount.sys Unable to read winusb.sys Unable to read wmiacpi.sys Unable to read wmilib.sys Unable to read ws2ifsl.sys Unable to read WSDPrint.sys Unable to read WSDScan.sys Unable to read WUDFPf.sys Unable to read WUDFRd.sys -=E.O.F=- FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by *****(administrator) on *****-PC on 07-07-2014 01:54:45 Running from C:\Users\*****\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe () C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2064384 2009-08-05] (Micro-Star International Co., Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor) HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-02-10] (CyberLink Corp.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.) HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-09] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Anna Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Anna Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} SearchScopes: HKCU - {29684CFD-8CF8-477C-B5DD-D316698CC245} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} SearchScopes: HKCU - {4480DF41-E315-4A99-9736-88E977EF4CF5} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} SearchScopes: HKCU - {E9EC7059-435D-4A4F-9E8D-7C02A139395C} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://asavpn-cluster-1.hrz.uni-bielefeld.de/CACHE/stc/1/binaries/vpnweb.cab DPF: {85C86CCC-2158-4123-9C7D-785190CED875} hxxp://www.digitalpublishing.de/launcher/dpLaunchPlugin.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @mytalkpal.com/ffplugin - C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll No File FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR DefaultSearchKeyword: go.mail.ru CHR DefaultSearchProvider: Поиск@Mail.Ru CHR DefaultSearchURL: hxxp://go.mail.ru/search?q={searchTerms}&fr=chrome CHR DefaultNewTabURL: CHR Extension: (Google Wallet) - C:\Users\Anna Schröder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\*****\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2014-05-12] CHR HKLM\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files\BonanzaDeals\BonanzaDeals.crx [2014-05-12] ========================== Services (Whitelisted) ================= Locked "8a6a6eefe4cb1615" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation) R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [6989856 2014-07-06] () R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] () R2 syshost32; C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe [99328 2014-06-24] () [File not signed] R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] () [File not signed] R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] () [File not signed] S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] () [File not signed] S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] () [File not signed] S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] () [File not signed] S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] () [File not signed] S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] () [File not signed] R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2013-09-14] () [File not signed] S3 agp440; C:\Windows\system32\drivers\agp440.sys [53312 2009-07-14] () [File not signed] S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] () [File not signed] S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] () [File not signed] S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [53312 2009-07-14] () [File not signed] S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-14] () [File not signed] S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] () [File not signed] S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] () [File not signed] S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2011-03-11] () [File not signed] S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] () [File not signed] R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-11] () [File not signed] S3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [30312 2011-05-13] () [File not signed] S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] () [File not signed] S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] () [File not signed] S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] () [File not signed] R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] () [File not signed] S3 atapi; C:\Windows\system32\drivers\atapi.sys [21584 2009-07-14] () [File not signed] S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] () [File not signed] R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-02] () [File not signed] S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] () [File not signed] S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] () [File not signed] R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] () [File not signed] R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [35328 2009-07-14] () [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] () [File not signed] S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] () [File not signed] S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] () [File not signed] S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-14] () [File not signed] S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] () [File not signed] S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] () [File not signed] S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] () [File not signed] S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] () [File not signed] R3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [34816 2009-07-14] () [File not signed] S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] () [File not signed] R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-14] () [File not signed] S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [392704 2009-07-14] () [File not signed] R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [58880 2009-07-14] () [File not signed] R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2009-07-01] () [File not signed] R3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [108072 2009-07-01] () [File not signed] R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-07] () [File not signed] R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18344 2009-07-01] () [File not signed] S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] () [File not signed] S3 cdrom; C:\Windows\system32\drivers\cdrom.sys [108544 2010-11-20] () [File not signed] S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] () [File not signed] R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] () [File not signed] R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [14080 2009-07-14] () [File not signed] S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] () [File not signed] R0 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2013-07-04] () [File not signed] R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] () [File not signed] R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] () [File not signed] S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] () [File not signed] R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] () [File not signed] R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] () [File not signed] R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-14] () [File not signed] S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] () [File not signed] R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [729024 2013-08-01] () [File not signed] S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] () [File not signed] S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] () [File not signed] S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] () [File not signed] S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] () [File not signed] S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] () [File not signed] S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] () [File not signed] R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] () [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] () [File not signed] S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] () [File not signed] S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] () [File not signed] U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] () [File not signed] R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] () [File not signed] S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] () [File not signed] S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] () [File not signed] S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] () [File not signed] R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] () [File not signed] S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] () [File not signed] S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] () [File not signed] S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] () [File not signed] S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] () [File not signed] S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] () [File not signed] R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] () [File not signed] R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-14] () [File not signed] R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [330264 2009-06-04] () [File not signed] S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] () [File not signed] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9024512 2010-08-25] () [File not signed] S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] () [File not signed] R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [2745760 2009-08-05] () [File not signed] R3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [122368 2009-05-26] () [File not signed] S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () [File not signed] S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] () [File not signed] S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () [File not signed] S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] () [File not signed] S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] () [File not signed] R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [42576 2009-07-14] () [File not signed] S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2014-04-12] () [File not signed] R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2014-04-12] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () [File not signed] S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] () [File not signed] S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] () [File not signed] S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] () [File not signed] S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () [File not signed] S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] () [File not signed] S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] () [File not signed] S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () [File not signed] R3 mouclass; C:\Windows\system32\drivers\mouclass.sys [41552 2009-07-14] () [File not signed] S3 mouhid; C:\Windows\system32\DRIVERS\mouhid.sys [26112 2009-07-14] () [File not signed] R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] () [File not signed] S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] () [File not signed] S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] () [File not signed] S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] () [File not signed] R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] () [File not signed] S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed] R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] () [File not signed] R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] () [File not signed] R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] () [File not signed] S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] () [File not signed] S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-14] () [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] () [File not signed] S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed] S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] () [File not signed] R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-14] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed] S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [167424 2009-06-24] () [File not signed] R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [167936 2009-05-22] () [File not signed] R3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1009184 2010-04-01] () [File not signed] S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] () [File not signed] R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] () [File not signed] S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed] R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] () [File not signed] S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [121064 2011-05-13] () [File not signed] S3 ssadmdfl; C:\Windows\System32\DRIVERS\ssadmdfl.sys [12776 2011-05-13] () [File not signed] S3 ssadmdm; C:\Windows\System32\DRIVERS\ssadmdm.sys [136808 2011-05-13] () [File not signed] S3 ssadserd; C:\Windows\System32\DRIVERS\ssadserd.sys [114280 2011-05-13] () [File not signed] S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-29] (Avira GmbH) S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] () [File not signed] R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [212656 2009-07-14] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2014-04-05] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2014-04-05] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] () [File not signed] R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] () [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () [File not signed] R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] () [File not signed] S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] () [File not signed] R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] () [File not signed] S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () [File not signed] S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [36352 2013-07-03] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] () [File not signed] R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2013-11-27] () [File not signed] S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] () [File not signed] R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] () [File not signed] S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () [File not signed] S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] () [File not signed] S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] () [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva.sys [23976 2012-12-10] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed] S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] () [File not signed] R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] () [File not signed] R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed] S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-14] () [File not signed] S3 WSDScan; C:\Windows\system32\drivers\WSDScan.sys [20480 2009-07-14] () [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] () [File not signed] U5 8a6a6eefe4cb1615; C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys [37888 2014-06-24] () <===== ATTENTION Necurs Rootkit? U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] () [File not signed] S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 01:54 - 2014-07-07 01:55 - 00041131 _____ () C:\Users\*****\Desktop\FRST.txt 2014-07-07 01:54 - 2014-07-07 01:54 - 00000000 ____D () C:\FRST 2014-07-07 01:52 - 2014-07-07 01:52 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-07-07 01:48 - 2014-07-07 01:49 - 00003582 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-07-07 01:48 - 2014-07-07 01:48 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-07-07 01:46 - 2014-07-07 01:46 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-07-06 22:16 - 2014-07-06 22:16 - 00103680 _____ (GMER) C:\fwkdrfoc.sys 2014-06-24 00:18 - 2014-06-24 00:18 - 00037888 _____ () C:\Windows\system32\Drivers\8a6a6eefe4cb1615.sys 2014-06-23 22:43 - 2014-06-23 22:43 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SketchUp 2014-06-23 22:42 - 2014-06-23 22:42 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx 2014-06-23 22:40 - 2014-06-23 22:40 - 00000000 ____D () C:\ProgramData\SketchUp 2014-06-18 16:03 - 2014-06-18 16:03 - 00146600 _____ () C:\Windows\Minidump\061814-26832-01.dmp 2014-06-11 13:32 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 13:32 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 13:32 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 13:32 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 13:32 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 13:32 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 13:32 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 13:32 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 13:32 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 13:32 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 13:32 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 13:32 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 13:32 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 13:32 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 13:32 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 13:32 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 13:32 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 13:32 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 13:32 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 13:32 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 13:32 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 13:32 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 13:32 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 13:32 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 13:32 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 13:32 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 13:31 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 13:31 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 13:30 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 13:30 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-11 13:30 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 13:30 - 2014-04-05 04:25 - 01294272 _____ () C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 13:30 - 2014-04-05 04:24 - 00187840 _____ () C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 13:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 13:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 13:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 13:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= 2014-07-07 01:55 - 2014-07-07 01:54 - 00041131 _____ () C:\Users\*****\Desktop\FRST.txt 2014-07-07 01:55 - 2012-11-21 00:05 - 00000000 ____D () C:\Users\*****\AppData\Local\Mail.Ru 2014-07-07 01:54 - 2014-07-07 01:54 - 00000000 ____D () C:\FRST 2014-07-07 01:52 - 2014-07-07 01:52 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-07-07 01:49 - 2014-07-07 01:48 - 00003582 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-07-07 01:48 - 2014-07-07 01:48 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-07-07 01:48 - 2010-09-30 20:40 - 00000000 ____D () C:\Users\***** 2014-07-07 01:46 - 2014-07-07 01:46 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-07-07 01:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-07 01:06 - 2013-05-03 22:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-07 01:04 - 2014-02-14 01:04 - 00000314 _____ () C:\Windows\Tasks\Digital Sites.job 2014-07-07 01:04 - 2013-10-07 23:01 - 00000314 _____ () C:\Windows\Tasks\DigitalSite.job 2014-07-07 01:00 - 2013-02-20 11:53 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-07 00:45 - 2009-07-14 06:34 - 00009920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-07 00:45 - 2009-07-14 06:34 - 00009920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-07 00:39 - 2013-02-20 11:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-07 00:39 - 2010-09-30 20:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema 2014-07-07 00:38 - 2013-05-27 19:51 - 00012172 _____ () C:\Windows\setupact.log 2014-07-07 00:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-07 00:04 - 2013-10-08 00:01 - 00000038 _____ () C:\Users\*****\AppData\Roaming\WB.CFG 2014-07-06 22:16 - 2014-07-06 22:16 - 00103680 _____ (GMER) C:\fwkdrfoc.sys 2014-07-06 22:13 - 2013-05-29 18:35 - 00215558 _____ () C:\Windows\PFRO.log 2014-07-06 21:44 - 2012-11-21 00:10 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru 2014-07-06 21:42 - 2011-11-10 22:47 - 01788614 _____ () C:\Windows\WindowsUpdate.log 2014-07-06 21:41 - 2013-05-14 22:12 - 00045568 _____ () C:\Users\*****\Documents\Arbeit OnlineMedia.wps 2014-07-06 21:38 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-04 23:07 - 2013-05-29 21:12 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-01 19:29 - 2011-02-20 23:00 - 00041218 _____ () C:\Users\*****\AppData\Roaming\wklnhst.dat 2014-07-01 19:28 - 2013-05-20 16:31 - 00000000 ____D () C:\Users\*****\Documents\Suchex 2014-06-26 23:45 - 2013-10-09 21:08 - 00000000 ____D () C:\Users\*****\Downloads\Audiobücher 2014-06-25 11:14 - 2013-12-27 15:31 - 00000000 ____D () C:\Users\*****\Documents\Calibre Library 2014-06-25 01:37 - 2013-12-27 03:07 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-06-25 01:37 - 2013-12-27 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-06-25 01:36 - 2013-12-27 03:06 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-24 00:18 - 2014-06-24 00:18 - 00037888 _____ () C:\Windows\system32\Drivers\8a6a6eefe4cb1615.sys 2014-06-23 22:43 - 2014-06-23 22:43 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SketchUp 2014-06-23 22:42 - 2014-06-23 22:42 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx 2014-06-23 22:40 - 2014-06-23 22:40 - 00000000 ____D () C:\ProgramData\SketchUp 2014-06-21 00:42 - 2009-09-04 18:53 - 00393064 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-19 17:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-06-18 16:04 - 2014-05-02 00:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-18 16:03 - 2014-06-18 16:03 - 00146600 _____ () C:\Windows\Minidump\061814-26832-01.dmp 2014-06-18 16:03 - 2013-09-03 14:35 - 290608158 _____ () C:\Windows\MEMORY.DMP 2014-06-18 16:03 - 2011-05-16 15:05 - 00000000 ____D () C:\Windows\Minidump 2014-06-18 13:55 - 2013-08-20 21:33 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-18 13:50 - 2009-09-17 15:31 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-15 22:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-06-15 21:30 - 2014-04-25 12:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-06-12 23:06 - 2013-12-27 15:31 - 00000000 ____D () C:\Users\*****\AppData\Local\calibre-cache 2014-06-12 23:05 - 2013-12-27 03:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\calibre 2014-06-12 01:03 - 2013-05-27 14:51 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-08 10:48 - 2014-06-11 13:30 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 10:43 - 2014-06-11 13:30 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\*****\AppData\Local\temp\2sysconf.exe C:\Users\*****\AppData\Local\temp\avgnt.exe C:\Users\*****\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe C:\Users\*****\AppData\Local\temp\jre-7u60-windows-i586-iftw.exe C:\Users\*****\AppData\Local\temp\NativeUtilities0.dll C:\Users\*****\AppData\Local\temp\WEB.DE_Softwareaktualisierung_Setup.exe C:\Users\*****\AppData\Local\temp\WEB.DE_Toolbar_IE_Setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys [2011-07-03 02:44] - [2010-11-20 14:30] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION! LastRegBack: 2014-06-28 20:57 ==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01 Ran by ***** at 2014-07-07 01:56:15 Running from C:\Users\***** \Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira) calibre (HKLM\...\{E0601182-5F00-4513-95D0-AFDCB7A0C658}) (Version: 1.41.0 - Kovid Goyal) Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.) CyberLink PowerDVD 9 (Version: 9.0.1719 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.) CyberLink YouCam (Version: 3.0.2609 - CyberLink Corp.) Hidden Download Accelerator Packages (HKCU\...\Download Accelerator Packages) (Version: - ) <==== ATTENTION Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Guard.Mail.ru (HKLM\...\Guard.Mail.ru) (Version: 1.0.0.453 - Mail.ru) <==== ATTENTION Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle) Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Lidl-Fotos (HKLM\...\Lidl-Fotos_is1) (Version: - ) Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Qtrax Player (HKLM\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax) Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.) Roadster for Windows Beta 3 (HKLM\...\Roadster for Windows Beta 3) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.209.0805.OE005.02 - Micro-Star International Co., Ltd.) Total Immersion D'Fusion @Home Web Plug-In (HKLM\...\D'Fusion @Home Web Plug-In) (Version: - Total Immersion) Update for Image Editor (HKCU\...\DigitalSite) (Version: - ) <==== ATTENTION VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN) WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH) WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Кулинарный Блокнот, версия 0.7.4 (HKLM\...\Кулинарный Блокнот_is1) (Version: 0.7.4 - Maxxi Soft) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-05-29 18:29 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {25B9D6E4-92C2-45CC-81B5-1D196BDB3860} - System32\Tasks\DealPly => C:\Users\ANNASC~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {2879A743-CC3F-4B6A-9CFC-79AC1E31A869} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2B2DD82F-66C8-4AEE-93B4-B9EE5846F128} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation) Task: {367C0385-6C17-4B48-93CF-3880F18C6C7A} - System32\Tasks\DigitalSite => C:\Users\***** \AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {5040A2B1-2F43-41FC-B4C2-87A89FEB003C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {552477B5-0143-4D50-B9B6-B44DEE3D9222} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-15] (Microsoft Corporation) Task: {5C1D5F3D-361A-4DA3-8054-4B851F350CA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-15] (Microsoft Corporation) Task: {5FA78D2C-E437-43DF-93A5-D8573E520754} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {7BF3A44C-B76B-4F4B-BAA4-931A918B59D5} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH) Task: {8E028077-6A10-4C41-ADF4-59B76CF052F7} - System32\Tasks\4792 => Wscript.exe C:\Users\ANNASC~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {94C05804-4549-4F01-A3B2-FF16E115324E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-15] (Microsoft Corporation) Task: {BB6C26BE-0285-44A9-A103-11A2D5DB2BF2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION Task: {C038ED19-ED35-4D95-BF4D-AB0959A94A1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.) Task: {C0F4EF46-A7CF-4E52-97AE-D36B34CD07A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.) Task: {F574264E-E877-48AA-95F3-1BE3F69AA255} - System32\Tasks\Digital Sites => C:\Users\ANNASC~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {F9C21999-028E-4D72-BC6A-3DD9351693D8} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\***** ~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\***** ~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-09 21:31 - 2013-03-19 06:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll 2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll 2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL 2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () c:\windows\system32\pcwum.dll 2014-04-25 12:23 - 2013-10-31 18:14 - 00077992 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2012-11-21 00:04 - 2014-07-06 21:45 - 06989856 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe 2009-09-17 15:12 - 2009-04-27 12:22 - 00271760 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2014-02-06 23:34 - 2014-02-06 23:34 - 00052608 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.dll 2009-07-01 18:03 - 2009-07-01 18:03 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2014-06-15 21:11 - 2014-06-15 21:11 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2011-01-17 16:19 - 2011-05-10 00:16 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: ssmdrv Description: ssmdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ssmdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Kontext: Volumename: \\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\ Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Error: (07/07/2014 01:52:38 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:34 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:19 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:18 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:16 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:13 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:10 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:01 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator System errors: ============= Error: (07/07/2014 01:51:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: %%5 Error: (07/07/2014 01:49:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:39:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:29:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:19:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:09:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 00:59:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 00:49:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 00:40:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ssmdrv Error: (07/07/2014 00:40:19 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist. Microsoft Office Sessions: ========================= Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)0x80070005, Zugriff verweigert Kontext: Volumename: \\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\ Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)0x80070005, Zugriff verweigert Error: (07/07/2014 01:52:38 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:34 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:19 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:18 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:16 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:13 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:10 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:01 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 2011.16 MB Available physical RAM: 801.59 MB Total Pagefile: 4022.32 MB Available Pagefile: 2334.21 MB Total Virtual: 2047.88 MB Available Virtual: 1904.95 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:434.66 GB) (Free:372.51 GB) NTFS Drive d: (Recovery) (Fixed) (Total:30 GB) (Free:11.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: F98D6E74) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=435 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ gmer: da habe ich leider den Fehler gemacht, da ich das Programm bereits auf meinem Rechner hatte, es durchscannen zu lassen bevor ich mich an euch gewendet habe. Dabei habe ich zu Anfang nicht auf NEIN gedrückt. Es wurde ein Bericht erstellt, den ich allerdings nicht abgespeichert habe. Habe es jetzt noch mal laufen lassen, und nun wird kein Bericht erstellt. Wie kann ich das ändern? Bitte um eure Hilfe. |
|
07.07.2014, 06:13
| #2 |
| /// the machine /// TB-Ausbilder    | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
07.07.2014, 15:31
| #3 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Hallo Schrauber,
__________________vielen Dank für deine Hilfe. Ich hoffe, dass ich alles richtig gemacht habe. Code:
ATTFilter 16:13:07.0325 0x2088 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
16:13:35.0499 0x2088 ============================================================
16:13:35.0499 0x2088 Current date / time: 2014/07/07 16:13:35.0499
16:13:35.0499 0x2088 SystemInfo:
16:13:35.0499 0x2088
16:13:35.0499 0x2088 OS Version: 6.1.7601 ServicePack: 1.0
16:13:35.0499 0x2088 Product type: Workstation
16:13:35.0499 0x2088 ComputerName: *****-PC
16:13:35.0499 0x2088 UserName: *****
16:13:35.0499 0x2088 Windows directory: C:\Windows
16:13:35.0499 0x2088 System windows directory: C:\Windows
16:13:35.0499 0x2088 Processor architecture: Intel x86
16:13:35.0499 0x2088 Number of processors: 2
16:13:35.0499 0x2088 Page size: 0x1000
16:13:35.0499 0x2088 Boot type: Normal boot
16:13:35.0499 0x2088 ============================================================
16:13:35.0998 0x2088 KLMD registered as C:\Windows\system32\drivers\79481579.sys
16:14:41.0877 0x2088 System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
16:14:42.0485 0x2088 !crdlk
16:14:42.0688 0x2088 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:14:42.0704 0x2088 ============================================================
16:14:42.0704 0x2088 \Device\Harddisk0\DR0:
16:14:42.0704 0x2088 MBR partitions:
16:14:42.0704 0x2088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:14:42.0704 0x2088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
16:14:42.0704 0x2088 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
16:14:42.0704 0x2088 ============================================================
16:14:42.0735 0x2088 C: <-> \Device\Harddisk0\DR0\Partition2
16:14:42.0782 0x2088 D: <-> \Device\Harddisk0\DR0\Partition3
16:14:42.0782 0x2088 ============================================================
16:14:42.0782 0x2088 Initialize success
16:14:42.0782 0x2088 ============================================================
16:16:11.0811 0x2280 ============================================================
16:16:11.0811 0x2280 Scan started
16:16:11.0811 0x2280 Mode: Manual; SigCheck; TDLFS;
16:16:11.0811 0x2280 ============================================================
16:16:11.0811 0x2280 KSN ping started
16:16:14.0682 0x2280 KSN ping finished: true
16:16:15.0852 0x2280 ================ Scan system memory ========================
16:16:15.0852 0x2280 System memory - ok
16:16:15.0852 0x2280 ================ Scan services =============================
16:16:16.0132 0x2280 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:16:16.0320 0x2280 1394ohci - ok
16:16:16.0351 0x2280 Suspicious service (NoAccess): 8a6a6eefe4cb1615
16:16:16.0398 0x2280 [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
16:16:16.0398 0x2280 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
16:16:16.0444 0x2280 8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
16:16:19.0533 0x2280 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
16:16:19.0533 0x2280 Force sending object to P2P due to detect: 8a6a6eefe4cb1615
16:16:23.0574 0x2280 Object send P2P result: false
16:16:26.0569 0x2280 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:16:26.0616 0x2280 ACPI - ok
16:16:26.0662 0x2280 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:16:26.0725 0x2280 AcpiPmi - ok
16:16:26.0787 0x2280 [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock C:\Windows\system32\DRIVERS\acsock.sys
16:16:26.0834 0x2280 acsock - ok
16:16:26.0959 0x2280 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:16:26.0974 0x2280 AdobeARMservice - ok
16:16:27.0115 0x2280 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:16:27.0130 0x2280 AdobeFlashPlayerUpdateSvc - ok
16:16:27.0224 0x2280 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:16:27.0286 0x2280 adp94xx - ok
16:16:27.0349 0x2280 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:16:27.0396 0x2280 adpahci - ok
16:16:27.0442 0x2280 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:16:27.0474 0x2280 adpu320 - ok
16:16:27.0567 0x2280 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:16:27.0614 0x2280 AeLookupSvc - ok
16:16:27.0692 0x2280 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
16:16:27.0770 0x2280 AFD - ok
16:16:27.0848 0x2280 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:16:27.0864 0x2280 agp440 - ok
16:16:27.0957 0x2280 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:16:27.0988 0x2280 aic78xx - ok
16:16:28.0066 0x2280 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
16:16:28.0098 0x2280 ALG - ok
16:16:28.0160 0x2280 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
16:16:28.0191 0x2280 aliide - ok
16:16:28.0254 0x2280 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:16:28.0285 0x2280 amdagp - ok
16:16:28.0347 0x2280 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
16:16:28.0363 0x2280 amdide - ok
16:16:28.0425 0x2280 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:16:28.0472 0x2280 AmdK8 - ok
16:16:28.0503 0x2280 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:16:28.0534 0x2280 AmdPPM - ok
16:16:28.0628 0x2280 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:16:28.0659 0x2280 amdsata - ok
16:16:28.0737 0x2280 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:16:28.0768 0x2280 amdsbs - ok
16:16:28.0800 0x2280 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:16:28.0846 0x2280 amdxata - ok
16:16:28.0893 0x2280 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:16:28.0956 0x2280 androidusb - ok
16:16:29.0080 0x2280 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:16:29.0127 0x2280 AntiVirSchedulerService - ok
16:16:29.0236 0x2280 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:16:29.0268 0x2280 AntiVirService - ok
16:16:29.0330 0x2280 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
16:16:29.0470 0x2280 AppID - ok
16:16:29.0533 0x2280 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:16:29.0595 0x2280 AppIDSvc - ok
16:16:29.0673 0x2280 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
16:16:29.0736 0x2280 Appinfo - ok
16:16:29.0814 0x2280 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:16:29.0845 0x2280 arc - ok
16:16:29.0892 0x2280 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:16:29.0923 0x2280 arcsas - ok
16:16:30.0063 0x2280 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:16:30.0094 0x2280 aspnet_state - ok
16:16:30.0141 0x2280 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:16:30.0235 0x2280 AsyncMac - ok
16:16:30.0313 0x2280 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
16:16:30.0344 0x2280 atapi - ok
16:16:30.0438 0x2280 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:16:30.0547 0x2280 AudioEndpointBuilder - ok
16:16:30.0609 0x2280 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:16:30.0672 0x2280 Audiosrv - ok
16:16:30.0781 0x2280 [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:16:30.0812 0x2280 avgntflt - ok
16:16:30.0890 0x2280 [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:16:30.0921 0x2280 avipbb - ok
16:16:30.0984 0x2280 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:16:30.0999 0x2280 avkmgr - ok
16:16:31.0093 0x2280 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:16:31.0140 0x2280 AxInstSV - ok
16:16:31.0218 0x2280 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:16:31.0296 0x2280 b06bdrv - ok
16:16:31.0358 0x2280 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:16:31.0405 0x2280 b57nd60x - ok
16:16:31.0530 0x2280 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
16:16:31.0576 0x2280 BDESVC - ok
16:16:31.0639 0x2280 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
16:16:31.0701 0x2280 Beep - ok
16:16:31.0810 0x2280 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
16:16:31.0904 0x2280 BFE - ok
16:16:31.0998 0x2280 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
16:16:32.0091 0x2280 BITS - ok
16:16:32.0154 0x2280 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:16:32.0200 0x2280 blbdrive - ok
16:16:32.0310 0x2280 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:16:32.0356 0x2280 bowser - ok
16:16:32.0419 0x2280 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:16:32.0481 0x2280 BrFiltLo - ok
16:16:32.0528 0x2280 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:16:32.0559 0x2280 BrFiltUp - ok
16:16:32.0622 0x2280 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:16:32.0700 0x2280 BridgeMP - ok
16:16:32.0778 0x2280 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
16:16:32.0824 0x2280 Browser - ok
16:16:32.0887 0x2280 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:16:32.0934 0x2280 Brserid - ok
16:16:32.0980 0x2280 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:16:33.0043 0x2280 BrSerWdm - ok
16:16:33.0090 0x2280 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:16:33.0136 0x2280 BrUsbMdm - ok
16:16:33.0183 0x2280 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:16:33.0246 0x2280 BrUsbSer - ok
16:16:33.0308 0x2280 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:16:33.0402 0x2280 BthEnum - ok
16:16:33.0480 0x2280 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:16:33.0526 0x2280 BTHMODEM - ok
16:16:33.0604 0x2280 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:16:33.0651 0x2280 BthPan - ok
16:16:33.0729 0x2280 [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:16:33.0823 0x2280 BTHPORT - ok
16:16:33.0901 0x2280 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
16:16:33.0963 0x2280 bthserv - ok
16:16:34.0026 0x2280 [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:16:34.0072 0x2280 BTHUSB - ok
16:16:34.0150 0x2280 [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:16:34.0166 0x2280 btwaudio - ok
16:16:34.0244 0x2280 [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
16:16:34.0275 0x2280 btwavdt - ok
16:16:34.0369 0x2280 [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:16:34.0431 0x2280 btwdins - ok
16:16:34.0478 0x2280 [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:16:34.0494 0x2280 btwl2cap - ok
16:16:34.0556 0x2280 [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:16:34.0572 0x2280 btwrchid - ok
16:16:34.0681 0x2280 catchme - ok
16:16:34.0743 0x2280 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:16:34.0821 0x2280 cdfs - ok
16:16:34.0915 0x2280 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:16:34.0962 0x2280 cdrom - ok
16:16:35.0040 0x2280 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
16:16:35.0164 0x2280 CertPropSvc - ok
16:16:35.0227 0x2280 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:16:35.0289 0x2280 circlass - ok
16:16:35.0367 0x2280 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
16:16:35.0398 0x2280 CLFS - ok
16:16:35.0601 0x2280 [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
16:16:35.0726 0x2280 ClickToRunSvc - ok
16:16:35.0835 0x2280 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:35.0866 0x2280 clr_optimization_v2.0.50727_32 - ok
16:16:35.0944 0x2280 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:16:35.0976 0x2280 clr_optimization_v4.0.30319_32 - ok
16:16:36.0038 0x2280 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:16:36.0069 0x2280 CmBatt - ok
16:16:36.0132 0x2280 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:16:36.0147 0x2280 cmdide - ok
16:16:36.0225 0x2280 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
16:16:36.0303 0x2280 CNG - ok
16:16:36.0366 0x2280 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:16:36.0381 0x2280 Compbatt - ok
16:16:36.0459 0x2280 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:16:36.0490 0x2280 CompositeBus - ok
16:16:36.0537 0x2280 COMSysApp - ok
16:16:36.0584 0x2280 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:16:36.0600 0x2280 crcdisk - ok
16:16:36.0693 0x2280 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:16:36.0740 0x2280 CryptSvc - ok
16:16:36.0896 0x2280 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
16:16:36.0974 0x2280 DcomLaunch - ok
16:16:37.0052 0x2280 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
16:16:37.0114 0x2280 defragsvc - ok
16:16:37.0177 0x2280 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:16:37.0239 0x2280 DfsC - ok
16:16:37.0348 0x2280 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:16:37.0395 0x2280 Dhcp - ok
16:16:37.0426 0x2280 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
16:16:37.0489 0x2280 discache - ok
16:16:37.0551 0x2280 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:16:37.0582 0x2280 Disk - ok
16:16:37.0645 0x2280 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:16:37.0692 0x2280 Dnscache - ok
16:16:37.0754 0x2280 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
16:16:37.0816 0x2280 dot3svc - ok
16:16:37.0926 0x2280 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
16:16:38.0019 0x2280 DPS - ok
16:16:38.0097 0x2280 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:16:38.0160 0x2280 drmkaud - ok
16:16:38.0269 0x2280 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:16:38.0331 0x2280 DXGKrnl - ok
16:16:38.0409 0x2280 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
16:16:38.0487 0x2280 EapHost - ok
16:16:38.0721 0x2280 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:16:38.0986 0x2280 ebdrv - ok
16:16:39.0064 0x2280 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
16:16:39.0111 0x2280 EFS - ok
16:16:39.0236 0x2280 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:16:39.0314 0x2280 ehRecvr - ok
16:16:39.0376 0x2280 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
16:16:39.0423 0x2280 ehSched - ok
16:16:39.0517 0x2280 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:16:39.0579 0x2280 elxstor - ok
16:16:39.0642 0x2280 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:16:39.0673 0x2280 ErrDev - ok
16:16:39.0798 0x2280 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
16:16:39.0891 0x2280 EventSystem - ok
16:16:39.0938 0x2280 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
16:16:40.0000 0x2280 exfat - ok
16:16:40.0032 0x2280 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:16:40.0110 0x2280 fastfat - ok
16:16:40.0188 0x2280 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
16:16:40.0266 0x2280 Fax - ok
16:16:40.0297 0x2280 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:16:40.0344 0x2280 fdc - ok
16:16:40.0406 0x2280 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
16:16:40.0484 0x2280 fdPHost - ok
16:16:40.0531 0x2280 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
16:16:40.0593 0x2280 FDResPub - ok
16:16:40.0656 0x2280 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:16:40.0687 0x2280 FileInfo - ok
16:16:40.0734 0x2280 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:16:40.0796 0x2280 Filetrace - ok
16:16:40.0843 0x2280 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:16:40.0874 0x2280 flpydisk - ok
16:16:40.0936 0x2280 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:16:40.0968 0x2280 FltMgr - ok
16:16:41.0108 0x2280 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
16:16:41.0217 0x2280 FontCache - ok
16:16:41.0311 0x2280 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:16:41.0326 0x2280 FontCache3.0.0.0 - ok
16:16:41.0389 0x2280 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:16:41.0420 0x2280 FsDepends - ok
16:16:41.0467 0x2280 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:16:41.0482 0x2280 Fs_Rec - ok
16:16:41.0560 0x2280 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:16:41.0607 0x2280 fvevol - ok
16:16:41.0670 0x2280 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:16:41.0685 0x2280 gagp30kx - ok
16:16:41.0794 0x2280 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
16:16:41.0935 0x2280 gpsvc - ok
16:16:42.0060 0x2280 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:16:42.0075 0x2280 gupdate - ok
16:16:42.0138 0x2280 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:16:42.0153 0x2280 gupdatem - ok
16:16:42.0200 0x2280 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:16:42.0247 0x2280 hcw85cir - ok
16:16:42.0325 0x2280 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:16:42.0403 0x2280 HdAudAddService - ok
16:16:42.0450 0x2280 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:16:42.0496 0x2280 HDAudBus - ok
16:16:42.0559 0x2280 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:16:42.0606 0x2280 HidBatt - ok
16:16:42.0684 0x2280 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:16:42.0730 0x2280 HidBth - ok
16:16:42.0777 0x2280 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:16:42.0824 0x2280 HidIr - ok
16:16:42.0886 0x2280 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
16:16:42.0949 0x2280 hidserv - ok
16:16:43.0011 0x2280 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:16:43.0074 0x2280 HidUsb - ok
16:16:43.0152 0x2280 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
16:16:43.0214 0x2280 hkmsvc - ok
16:16:43.0292 0x2280 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:16:43.0339 0x2280 HomeGroupListener - ok
16:16:43.0401 0x2280 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:16:43.0464 0x2280 HomeGroupProvider - ok
16:16:43.0526 0x2280 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:16:43.0542 0x2280 HpSAMD - ok
16:16:43.0651 0x2280 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:16:43.0744 0x2280 HTTP - ok
16:16:43.0822 0x2280 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:16:43.0838 0x2280 hwpolicy - ok
16:16:43.0932 0x2280 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:16:43.0963 0x2280 i8042prt - ok
16:16:44.0072 0x2280 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:16:44.0134 0x2280 IAANTMON - ok
16:16:44.0244 0x2280 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:16:44.0275 0x2280 iaStor - ok
16:16:44.0353 0x2280 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:16:44.0400 0x2280 iaStorV - ok
16:16:44.0524 0x2280 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:16:44.0602 0x2280 idsvc - ok
16:16:44.0680 0x2280 IEEtwCollectorService - ok
16:16:45.0180 0x2280 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:16:45.0882 0x2280 igfx - ok
16:16:46.0022 0x2280 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:16:46.0038 0x2280 iirsp - ok
16:16:46.0147 0x2280 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
16:16:46.0240 0x2280 IKEEXT - ok
16:16:46.0474 0x2280 [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:16:46.0630 0x2280 IntcAzAudAddService - ok
16:16:46.0693 0x2280 [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:16:46.0755 0x2280 IntcHdmiAddService - ok
16:16:46.0833 0x2280 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
16:16:46.0849 0x2280 intelide - ok
16:16:46.0911 0x2280 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:16:46.0942 0x2280 intelppm - ok
16:16:47.0036 0x2280 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:16:47.0114 0x2280 IPBusEnum - ok
16:16:47.0176 0x2280 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:47.0223 0x2280 IpFilterDriver - ok
16:16:47.0348 0x2280 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:16:47.0426 0x2280 iphlpsvc - ok
16:16:47.0488 0x2280 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:16:47.0535 0x2280 IPMIDRV - ok
16:16:47.0613 0x2280 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:16:47.0676 0x2280 IPNAT - ok
16:16:47.0722 0x2280 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:16:47.0785 0x2280 IRENUM - ok
16:16:47.0847 0x2280 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:16:47.0878 0x2280 isapnp - ok
16:16:47.0941 0x2280 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:16:47.0988 0x2280 iScsiPrt - ok
16:16:48.0050 0x2280 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:16:48.0081 0x2280 kbdclass - ok
16:16:48.0128 0x2280 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:16:48.0159 0x2280 kbdhid - ok
16:16:48.0222 0x2280 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
16:16:48.0237 0x2280 KeyIso - ok
16:16:48.0315 0x2280 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:16:48.0331 0x2280 KSecDD - ok
16:16:48.0378 0x2280 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:16:48.0409 0x2280 KSecPkg - ok
16:16:48.0502 0x2280 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:16:48.0596 0x2280 KtmRm - ok
16:16:48.0674 0x2280 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:16:48.0752 0x2280 LanmanServer - ok
16:16:48.0814 0x2280 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:16:48.0877 0x2280 LanmanWorkstation - ok
16:16:48.0986 0x2280 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:16:49.0048 0x2280 lltdio - ok
16:16:49.0126 0x2280 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:16:49.0189 0x2280 lltdsvc - ok
16:16:49.0267 0x2280 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:16:49.0329 0x2280 lmhosts - ok
16:16:49.0392 0x2280 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:16:49.0423 0x2280 LSI_FC - ok
16:16:49.0470 0x2280 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:16:49.0501 0x2280 LSI_SAS - ok
16:16:49.0548 0x2280 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:16:49.0579 0x2280 LSI_SAS2 - ok
16:16:49.0610 0x2280 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:16:49.0641 0x2280 LSI_SCSI - ok
16:16:49.0719 0x2280 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
16:16:49.0766 0x2280 luafv - ok
16:16:49.0844 0x2280 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:16:49.0875 0x2280 Mcx2Svc - ok
16:16:49.0922 0x2280 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:16:49.0953 0x2280 megasas - ok
16:16:50.0016 0x2280 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:16:50.0062 0x2280 MegaSR - ok
16:16:50.0140 0x2280 [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
16:16:50.0156 0x2280 Micro Star SCM - detected UnsignedFile.Multi.Generic ( 1 )
16:16:53.0151 0x2280 Detect skipped due to KSN trusted
16:16:53.0151 0x2280 Micro Star SCM - ok
16:16:53.0276 0x2280 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
16:16:53.0338 0x2280 MMCSS - ok
16:16:53.0401 0x2280 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
16:16:53.0479 0x2280 Modem - ok
16:16:53.0526 0x2280 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:16:53.0572 0x2280 monitor - ok
16:16:53.0619 0x2280 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:16:53.0650 0x2280 mouclass - ok
16:16:53.0697 0x2280 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:16:53.0744 0x2280 mouhid - ok
16:16:53.0806 0x2280 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:16:53.0838 0x2280 mountmgr - ok
16:16:53.0900 0x2280 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
16:16:53.0931 0x2280 mpio - ok
16:16:53.0994 0x2280 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:16:54.0072 0x2280 mpsdrv - ok
16:16:54.0181 0x2280 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:16:54.0290 0x2280 MpsSvc - ok
16:16:54.0368 0x2280 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:16:54.0415 0x2280 MRxDAV - ok
16:16:54.0493 0x2280 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:54.0540 0x2280 mrxsmb - ok
16:16:54.0618 0x2280 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:54.0649 0x2280 mrxsmb10 - ok
16:16:54.0696 0x2280 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:54.0742 0x2280 mrxsmb20 - ok
16:16:54.0820 0x2280 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
16:16:54.0836 0x2280 msahci - ok
16:16:54.0883 0x2280 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:16:54.0914 0x2280 msdsm - ok
16:16:54.0976 0x2280 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
16:16:55.0023 0x2280 MSDTC - ok
16:16:55.0117 0x2280 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:16:55.0179 0x2280 Msfs - ok
16:16:55.0226 0x2280 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:16:55.0273 0x2280 mshidkmdf - ok
16:16:55.0335 0x2280 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:16:55.0351 0x2280 msisadrv - ok
16:16:55.0429 0x2280 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:16:55.0491 0x2280 MSiSCSI - ok
16:16:55.0538 0x2280 msiserver - ok
16:16:55.0600 0x2280 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:16:55.0663 0x2280 MSKSSRV - ok
16:16:55.0710 0x2280 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:55.0756 0x2280 MSPCLOCK - ok
16:16:55.0803 0x2280 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:16:55.0866 0x2280 MSPQM - ok
16:16:55.0944 0x2280 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:16:55.0990 0x2280 MsRPC - ok
16:16:56.0037 0x2280 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:16:56.0068 0x2280 mssmbios - ok
16:16:56.0115 0x2280 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:16:56.0162 0x2280 MSTEE - ok
16:16:56.0209 0x2280 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:16:56.0240 0x2280 MTConfig - ok
16:16:56.0302 0x2280 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
16:16:56.0334 0x2280 Mup - ok
16:16:56.0427 0x2280 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
16:16:56.0521 0x2280 napagent - ok
16:16:56.0599 0x2280 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:16:56.0661 0x2280 NativeWifiP - ok
16:16:56.0755 0x2280 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:16:56.0833 0x2280 NDIS - ok
16:16:56.0895 0x2280 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:16:56.0958 0x2280 NdisCap - ok
16:16:57.0004 0x2280 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:57.0051 0x2280 NdisTapi - ok
16:16:57.0129 0x2280 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:57.0176 0x2280 Ndisuio - ok
16:16:57.0238 0x2280 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:57.0301 0x2280 NdisWan - ok
16:16:57.0348 0x2280 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:16:57.0394 0x2280 NDProxy - ok
16:16:57.0441 0x2280 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:16:57.0504 0x2280 NetBIOS - ok
16:16:57.0582 0x2280 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:16:57.0660 0x2280 NetBT - ok
16:16:57.0722 0x2280 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
16:16:57.0738 0x2280 Netlogon - ok
16:16:57.0816 0x2280 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
16:16:57.0909 0x2280 Netman - ok
16:16:57.0972 0x2280 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0003 0x2280 NetMsmqActivator - ok
16:16:58.0034 0x2280 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0081 0x2280 NetPipeActivator - ok
16:16:58.0143 0x2280 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
16:16:58.0237 0x2280 netprofm - ok
16:16:58.0284 0x2280 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0315 0x2280 NetTcpActivator - ok
16:16:58.0346 0x2280 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0377 0x2280 NetTcpPortSharing - ok
16:16:58.0424 0x2280 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:16:58.0455 0x2280 nfrd960 - ok
16:16:58.0549 0x2280 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:16:58.0611 0x2280 NlaSvc - ok
16:16:58.0658 0x2280 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:16:58.0720 0x2280 Npfs - ok
16:16:58.0783 0x2280 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
16:16:58.0845 0x2280 nsi - ok
16:16:58.0892 0x2280 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:16:58.0939 0x2280 nsiproxy - ok
16:16:59.0079 0x2280 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:16:59.0173 0x2280 Ntfs - ok
16:16:59.0251 0x2280 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
16:16:59.0313 0x2280 Null - ok
16:16:59.0376 0x2280 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:16:59.0407 0x2280 nvraid - ok
16:16:59.0454 0x2280 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:16:59.0485 0x2280 nvstor - ok
16:16:59.0532 0x2280 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:16:59.0563 0x2280 nv_agp - ok
16:16:59.0594 0x2280 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:16:59.0625 0x2280 ohci1394 - ok
16:16:59.0703 0x2280 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:16:59.0734 0x2280 ose - ok
16:17:00.0093 0x2280 [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:17:00.0405 0x2280 osppsvc - ok
16:17:00.0514 0x2280 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:17:00.0577 0x2280 p2pimsvc - ok
16:17:00.0639 0x2280 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
16:17:00.0702 0x2280 p2psvc - ok
16:17:00.0764 0x2280 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:17:00.0795 0x2280 Parport - ok
16:17:00.0873 0x2280 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:17:00.0904 0x2280 partmgr - ok
16:17:00.0951 0x2280 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:17:00.0982 0x2280 Parvdm - ok
16:17:01.0060 0x2280 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:17:01.0107 0x2280 PcaSvc - ok
16:17:01.0170 0x2280 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
16:17:01.0201 0x2280 pci - ok
16:17:01.0248 0x2280 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
16:17:01.0279 0x2280 pciide - ok
16:17:01.0326 0x2280 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:17:01.0372 0x2280 pcmcia - ok
16:17:01.0435 0x2280 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
16:17:01.0466 0x2280 pcw - ok
16:17:01.0544 0x2280 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:17:01.0653 0x2280 PEAUTH - ok
16:17:01.0825 0x2280 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
16:17:01.0996 0x2280 pla - ok
16:17:02.0121 0x2280 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:17:02.0184 0x2280 PlugPlay - ok
16:17:02.0277 0x2280 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:17:02.0308 0x2280 PNRPAutoReg - ok
16:17:02.0371 0x2280 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:17:02.0418 0x2280 PNRPsvc - ok
16:17:02.0511 0x2280 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:17:02.0605 0x2280 PolicyAgent - ok
16:17:02.0698 0x2280 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
16:17:02.0776 0x2280 Power - ok
16:17:02.0823 0x2280 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:17:02.0901 0x2280 PptpMiniport - ok
16:17:02.0948 0x2280 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:17:02.0995 0x2280 Processor - ok
16:17:03.0073 0x2280 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:17:03.0120 0x2280 ProfSvc - ok
16:17:03.0182 0x2280 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:17:03.0213 0x2280 ProtectedStorage - ok
16:17:03.0276 0x2280 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:17:03.0338 0x2280 Psched - ok
16:17:03.0447 0x2280 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:17:03.0556 0x2280 ql2300 - ok
16:17:03.0681 0x2280 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:17:03.0712 0x2280 ql40xx - ok
16:17:03.0806 0x2280 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
16:17:03.0868 0x2280 QWAVE - ok
16:17:03.0915 0x2280 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:17:03.0962 0x2280 QWAVEdrv - ok
16:17:04.0024 0x2280 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:17:04.0071 0x2280 RasAcd - ok
16:17:04.0134 0x2280 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:17:04.0180 0x2280 RasAgileVpn - ok
16:17:04.0258 0x2280 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
16:17:04.0352 0x2280 RasAuto - ok
16:17:04.0399 0x2280 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:17:04.0477 0x2280 Rasl2tp - ok
16:17:04.0570 0x2280 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
16:17:04.0664 0x2280 RasMan - ok
16:17:04.0726 0x2280 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:17:04.0773 0x2280 RasPppoe - ok
16:17:04.0820 0x2280 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:17:04.0867 0x2280 RasSstp - ok
16:17:04.0929 0x2280 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:17:05.0007 0x2280 rdbss - ok
16:17:05.0054 0x2280 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:17:05.0101 0x2280 rdpbus - ok
16:17:05.0163 0x2280 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:17:05.0226 0x2280 RDPCDD - ok
16:17:05.0304 0x2280 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:17:05.0350 0x2280 RDPENCDD - ok
16:17:05.0428 0x2280 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:17:05.0491 0x2280 RDPREFMP - ok
16:17:05.0553 0x2280 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:17:05.0600 0x2280 RDPWD - ok
16:17:05.0694 0x2280 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:17:05.0725 0x2280 rdyboost - ok
16:17:05.0818 0x2280 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:17:05.0896 0x2280 RemoteAccess - ok
16:17:05.0974 0x2280 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:17:06.0052 0x2280 RemoteRegistry - ok
16:17:06.0115 0x2280 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:17:06.0162 0x2280 RFCOMM - ok
16:17:06.0286 0x2280 [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:17:06.0318 0x2280 RichVideo - ok
16:17:06.0396 0x2280 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:17:06.0458 0x2280 RpcEptMapper - ok
16:17:06.0520 0x2280 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
16:17:06.0552 0x2280 RpcLocator - ok
16:17:06.0630 0x2280 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
16:17:06.0692 0x2280 RpcSs - ok
16:17:06.0770 0x2280 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:17:06.0832 0x2280 rspndr - ok
16:17:06.0910 0x2280 [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:17:06.0942 0x2280 RSUSBSTOR - ok
16:17:07.0004 0x2280 [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:17:07.0082 0x2280 RTL8167 - ok
16:17:07.0176 0x2280 [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
16:17:07.0269 0x2280 rtl8192se - ok
16:17:07.0300 0x2280 RtsUIR - ok
16:17:07.0363 0x2280 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
16:17:07.0394 0x2280 SamSs - ok
16:17:07.0472 0x2280 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:17:07.0488 0x2280 sbp2port - ok
16:17:07.0566 0x2280 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:17:07.0644 0x2280 SCardSvr - ok
16:17:07.0690 0x2280 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:17:07.0753 0x2280 scfilter - ok
16:17:07.0862 0x2280 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
16:17:07.0956 0x2280 Schedule - ok
16:17:08.0018 0x2280 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:17:08.0080 0x2280 SCPolicySvc - ok
16:17:08.0143 0x2280 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:17:08.0190 0x2280 SDRSVC - ok
16:17:08.0252 0x2280 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:17:08.0314 0x2280 secdrv - ok
16:17:08.0392 0x2280 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
16:17:08.0455 0x2280 seclogon - ok
16:17:08.0502 0x2280 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
16:17:08.0564 0x2280 SENS - ok
16:17:08.0626 0x2280 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:17:08.0658 0x2280 SensrSvc - ok
16:17:08.0704 0x2280 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:17:08.0736 0x2280 Serenum - ok
16:17:08.0798 0x2280 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:17:08.0845 0x2280 Serial - ok
16:17:08.0907 0x2280 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:17:08.0954 0x2280 sermouse - ok
16:17:09.0079 0x2280 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
16:17:09.0141 0x2280 SessionEnv - ok
16:17:09.0204 0x2280 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:17:09.0235 0x2280 sffdisk - ok
16:17:09.0266 0x2280 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:17:09.0313 0x2280 sffp_mmc - ok
16:17:09.0344 0x2280 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:17:09.0391 0x2280 sffp_sd - ok
16:17:09.0453 0x2280 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:17:09.0484 0x2280 sfloppy - ok
16:17:09.0640 0x2280 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:17:09.0718 0x2280 SharedAccess - ok
16:17:09.0796 0x2280 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:17:09.0890 0x2280 ShellHWDetection - ok
16:17:09.0952 0x2280 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:17:09.0968 0x2280 sisagp - ok
16:17:10.0030 0x2280 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:17:10.0062 0x2280 SiSRaid2 - ok
16:17:10.0108 0x2280 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:17:10.0140 0x2280 SiSRaid4 - ok
16:17:10.0202 0x2280 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:17:10.0264 0x2280 Smb - ok
16:17:10.0374 0x2280 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:17:10.0405 0x2280 SNMPTRAP - ok
16:17:10.0467 0x2280 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
16:17:10.0498 0x2280 spldr - ok
16:17:10.0561 0x2280 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
16:17:10.0623 0x2280 Spooler - ok
16:17:10.0842 0x2280 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
16:17:11.0122 0x2280 sppsvc - ok
16:17:11.0232 0x2280 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:17:11.0294 0x2280 sppuinotify - ok
16:17:11.0356 0x2280 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:17:11.0434 0x2280 srv - ok
16:17:11.0466 0x2280 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:17:11.0528 0x2280 srv2 - ok
16:17:11.0575 0x2280 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:17:11.0622 0x2280 srvnet - ok
16:17:11.0700 0x2280 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
16:17:11.0746 0x2280 ssadbus - ok
16:17:11.0793 0x2280 [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:17:11.0824 0x2280 ssadmdfl - ok
16:17:11.0887 0x2280 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
16:17:11.0934 0x2280 ssadmdm - ok
16:17:11.0980 0x2280 [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
16:17:12.0012 0x2280 ssadserd - ok
16:17:12.0105 0x2280 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:17:12.0168 0x2280 SSDPSRV - ok
16:17:12.0261 0x2280 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:17:12.0277 0x2280 ssmdrv - ok
16:17:12.0355 0x2280 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:17:12.0433 0x2280 SstpSvc - ok
16:17:12.0495 0x2280 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:17:12.0511 0x2280 stexstor - ok
16:17:12.0620 0x2280 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
16:17:12.0714 0x2280 StiSvc - ok
16:17:12.0776 0x2280 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
16:17:12.0792 0x2280 swenum - ok
16:17:12.0885 0x2280 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
16:17:12.0979 0x2280 swprv - ok
16:17:13.0057 0x2280 [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:17:13.0088 0x2280 SynTP - ok
16:17:13.0182 0x2280 [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32 C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
16:17:13.0182 0x2280 Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
16:17:13.0213 0x2280 syshost32 - detected LockedFile.Multi.Generic ( 1 )
16:17:16.0286 0x2280 Detect turned to UDS exact due to KSN untrusted
16:17:16.0286 0x2280 syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
16:17:16.0286 0x2280 Force sending object to P2P due to detect: syshost32
16:17:20.0670 0x2280 Object send P2P result: true
16:17:23.0649 0x2280 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
16:17:23.0774 0x2280 SysMain - ok
16:17:23.0836 0x2280 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
16:17:23.0899 0x2280 TabletInputService - ok
16:17:24.0008 0x2280 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
16:17:24.0086 0x2280 TapiSrv - ok
16:17:24.0148 0x2280 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
16:17:24.0211 0x2280 TBS - ok
16:17:24.0351 0x2280 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:17:24.0460 0x2280 Tcpip - ok
16:17:24.0585 0x2280 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:17:24.0663 0x2280 TCPIP6 - ok
16:17:24.0757 0x2280 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:17:24.0804 0x2280 tcpipreg - ok
16:17:24.0866 0x2280 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:17:24.0928 0x2280 TDPIPE - ok
16:17:24.0975 0x2280 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:17:25.0006 0x2280 TDTCP - ok
16:17:25.0069 0x2280 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:17:25.0116 0x2280 tdx - ok
16:17:25.0194 0x2280 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:17:25.0209 0x2280 TermDD - ok
16:17:25.0303 0x2280 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
16:17:25.0396 0x2280 TermService - ok
16:17:25.0474 0x2280 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
16:17:25.0506 0x2280 Themes - ok
16:17:25.0568 0x2280 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
16:17:25.0615 0x2280 THREADORDER - ok
16:17:25.0693 0x2280 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
16:17:25.0755 0x2280 TrkWks - ok
16:17:25.0849 0x2280 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:17:25.0927 0x2280 TrustedInstaller - ok
16:17:26.0036 0x2280 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:17:26.0067 0x2280 tssecsrv - ok
16:17:26.0145 0x2280 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:17:26.0192 0x2280 TsUsbFlt - ok
16:17:26.0270 0x2280 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:17:26.0332 0x2280 tunnel - ok
16:17:26.0395 0x2280 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:17:26.0426 0x2280 uagp35 - ok
16:17:26.0504 0x2280 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:17:26.0566 0x2280 udfs - ok
16:17:26.0676 0x2280 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:17:26.0707 0x2280 UI0Detect - ok
16:17:26.0754 0x2280 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:17:26.0785 0x2280 uliagpkx - ok
16:17:26.0863 0x2280 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
16:17:26.0894 0x2280 umbus - ok
16:17:26.0956 0x2280 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:17:26.0988 0x2280 UmPass - ok
16:17:27.0081 0x2280 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
16:17:27.0159 0x2280 upnphost - ok
16:17:27.0222 0x2280 [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:17:27.0253 0x2280 usbccgp - ok
16:17:27.0300 0x2280 USBCCID - ok
16:17:27.0362 0x2280 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:17:27.0409 0x2280 usbcir - ok
16:17:27.0456 0x2280 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:17:27.0487 0x2280 usbehci - ok
16:17:27.0565 0x2280 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:17:27.0627 0x2280 usbhub - ok
16:17:27.0674 0x2280 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:17:27.0721 0x2280 usbohci - ok
16:17:27.0783 0x2280 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:17:27.0830 0x2280 usbprint - ok
16:17:27.0892 0x2280 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
16:17:27.0939 0x2280 usbscan - ok
16:17:28.0017 0x2280 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:17:28.0064 0x2280 USBSTOR - ok
16:17:28.0142 0x2280 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:17:28.0173 0x2280 usbuhci - ok
16:17:28.0251 0x2280 [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:17:28.0282 0x2280 usbvideo - ok
16:17:28.0376 0x2280 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
16:17:28.0438 0x2280 UxSms - ok
16:17:28.0485 0x2280 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
16:17:28.0516 0x2280 VaultSvc - ok
16:17:28.0563 0x2280 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:17:28.0594 0x2280 vdrvroot - ok
16:17:28.0672 0x2280 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
16:17:28.0782 0x2280 vds - ok
16:17:28.0844 0x2280 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:17:28.0875 0x2280 vga - ok
16:17:28.0922 0x2280 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:17:28.0984 0x2280 VgaSave - ok
16:17:29.0062 0x2280 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:17:29.0094 0x2280 vhdmp - ok
16:17:29.0140 0x2280 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:17:29.0172 0x2280 viaagp - ok
16:17:29.0234 0x2280 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:17:29.0281 0x2280 ViaC7 - ok
16:17:29.0343 0x2280 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
16:17:29.0359 0x2280 viaide - ok
16:17:29.0421 0x2280 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:17:29.0452 0x2280 volmgr - ok
16:17:29.0515 0x2280 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:17:29.0562 0x2280 volmgrx - ok
16:17:29.0608 0x2280 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:17:29.0655 0x2280 volsnap - ok
16:17:29.0764 0x2280 [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
16:17:29.0811 0x2280 vpnagent - ok
16:17:29.0889 0x2280 [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
16:17:29.0905 0x2280 vpnva - ok
16:17:29.0967 0x2280 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:17:29.0998 0x2280 vsmraid - ok
16:17:30.0123 0x2280 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
16:17:30.0248 0x2280 VSS - ok
16:17:30.0310 0x2280 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:17:30.0357 0x2280 vwifibus - ok
16:17:30.0404 0x2280 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:17:30.0451 0x2280 vwififlt - ok
16:17:30.0498 0x2280 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:17:30.0544 0x2280 vwifimp - ok
16:17:30.0622 0x2280 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
16:17:30.0732 0x2280 W32Time - ok
16:17:30.0810 0x2280 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:17:30.0856 0x2280 WacomPen - ok
16:17:30.0919 0x2280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:17:30.0981 0x2280 WANARP - ok
16:17:31.0012 0x2280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:17:31.0059 0x2280 Wanarpv6 - ok
16:17:31.0215 0x2280 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:17:31.0309 0x2280 WatAdminSvc - ok
16:17:31.0434 0x2280 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
16:17:31.0558 0x2280 wbengine - ok
16:17:31.0636 0x2280 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:17:31.0683 0x2280 WbioSrvc - ok
16:17:31.0746 0x2280 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:17:31.0808 0x2280 wcncsvc - ok
16:17:31.0870 0x2280 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:17:31.0917 0x2280 WcsPlugInService - ok
16:17:31.0964 0x2280 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:17:31.0995 0x2280 Wd - ok
16:17:32.0089 0x2280 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:17:32.0136 0x2280 Wdf01000 - ok
16:17:32.0182 0x2280 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:17:32.0245 0x2280 WdiServiceHost - ok
16:17:32.0276 0x2280 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:17:32.0323 0x2280 WdiSystemHost - ok
16:17:32.0416 0x2280 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
16:17:32.0479 0x2280 WebClient - ok
16:17:32.0557 0x2280 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:17:32.0635 0x2280 Wecsvc - ok
16:17:32.0682 0x2280 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:17:32.0760 0x2280 wercplsupport - ok
16:17:32.0806 0x2280 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
16:17:32.0869 0x2280 WerSvc - ok
16:17:32.0931 0x2280 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:17:32.0931 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8B9A943F3B53861F2BFAF6C186168F79, sha256: 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713
16:17:32.0947 0x2280 WfpLwf - detected LockedFile.Multi.Generic ( 1 )
16:17:35.0989 0x2280 Detect skipped due to KSN trusted
16:17:35.0989 0x2280 WfpLwf - ok
16:17:36.0067 0x2280 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:17:36.0067 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 5CF95B35E59E2A38023836FFF31BE64C, sha256: CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D
16:17:36.0082 0x2280 WIMMount - detected LockedFile.Multi.Generic ( 1 )
16:17:39.0031 0x2280 Detect skipped due to KSN trusted
16:17:39.0031 0x2280 WIMMount - ok
16:17:39.0202 0x2280 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:17:39.0296 0x2280 WinDefend - ok
16:17:39.0390 0x2280 WinHttpAutoProxySvc - ok
16:17:39.0468 0x2280 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:17:39.0530 0x2280 Winmgmt - ok
16:17:39.0655 0x2280 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
16:17:39.0780 0x2280 WinRM - ok
16:17:39.0904 0x2280 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:17:39.0904 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: A67E5F9A400F3BD1BE3D80613B45F708, sha256: E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367
16:17:39.0936 0x2280 WinUsb - detected LockedFile.Multi.Generic ( 1 )
16:17:43.0040 0x2280 Detect skipped due to KSN trusted
16:17:43.0040 0x2280 WinUsb - ok
16:17:43.0212 0x2280 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:17:43.0305 0x2280 Wlansvc - ok
16:17:43.0368 0x2280 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:17:43.0368 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: 0217679B8FCA58714C3BF2726D2CA84E, sha256: 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A
16:17:43.0368 0x2280 WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
16:17:46.0316 0x2280 Detect skipped due to KSN trusted
16:17:46.0316 0x2280 WmiAcpi - ok
16:17:46.0441 0x2280 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:17:46.0472 0x2280 wmiApSrv - ok
16:17:46.0613 0x2280 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:17:46.0722 0x2280 WMPNetworkSvc - ok
16:17:46.0800 0x2280 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:17:46.0847 0x2280 WPCSvc - ok
16:17:46.0909 0x2280 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:17:46.0956 0x2280 WPDBusEnum - ok
16:17:47.0018 0x2280 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:17:47.0018 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6DB3276587B853BF886B69528FDB048C, sha256: 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C
16:17:47.0049 0x2280 ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
16:17:49.0967 0x2280 Detect skipped due to KSN trusted
16:17:49.0967 0x2280 ws2ifsl - ok
16:17:50.0107 0x2280 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
16:17:50.0154 0x2280 wscsvc - ok
16:17:50.0232 0x2280 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:17:50.0232 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 553F6CCD7C58EB98D4A8FBDAF283D7A9, sha256: 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560
16:17:50.0263 0x2280 WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
16:17:53.0196 0x2280 Detect skipped due to KSN trusted
16:17:53.0196 0x2280 WSDPrintDevice - ok
16:17:53.0289 0x2280 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\Windows\system32\drivers\WSDScan.sys
16:17:53.0305 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WSDScan.sys. md5: 7DC0270CFD4A05B4112E3EBBF083B595, sha256: DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137
16:17:53.0321 0x2280 WSDScan - detected LockedFile.Multi.Generic ( 1 )
16:17:56.0238 0x2280 Detect skipped due to KSN trusted
16:17:56.0238 0x2280 WSDScan - ok
16:17:56.0253 0x2280 WSearch - ok
16:17:56.0487 0x2280 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
16:17:56.0643 0x2280 wuauserv - ok
16:17:56.0737 0x2280 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:17:56.0737 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 06E6F32C8D0A3F66D956F57B43A2E070, sha256: 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943
16:17:56.0753 0x2280 WudfPf - detected LockedFile.Multi.Generic ( 1 )
16:18:00.0434 0x2280 Detect skipped due to KSN trusted
16:18:00.0434 0x2280 WudfPf - ok
16:18:00.0543 0x2280 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:18:00.0543 0x2280 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 867C301E8B790040AE9CF6486E8041DF, sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
16:18:00.0543 0x2280 WUDFRd - detected LockedFile.Multi.Generic ( 1 )
16:18:03.0741 0x2280 Detect skipped due to KSN trusted
16:18:03.0741 0x2280 WUDFRd - ok
16:18:03.0819 0x2280 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:18:03.0851 0x2280 wudfsvc - ok
16:18:03.0929 0x2280 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
16:18:03.0975 0x2280 WwanSvc - ok
16:18:04.0147 0x2280 ================ Scan global ===============================
16:18:04.0225 0x2280 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
16:18:04.0272 0x2280 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:18:04.0303 0x2280 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:18:04.0350 0x2280 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
16:18:04.0381 0x2280 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
16:18:04.0397 0x2280 [ Global ] - ok
16:18:04.0397 0x2280 ================ Scan MBR ==================================
16:18:04.0412 0x2280 [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
16:18:10.0059 0x2280 \Device\Harddisk0\DR0 - ok
16:18:10.0059 0x2280 ================ Scan VBR ==================================
16:18:10.0059 0x2280 [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
16:18:10.0075 0x2280 \Device\Harddisk0\DR0\Partition1 - ok
16:18:10.0106 0x2280 [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
16:18:10.0106 0x2280 \Device\Harddisk0\DR0\Partition2 - ok
16:18:10.0106 0x2280 [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
16:18:10.0122 0x2280 \Device\Harddisk0\DR0\Partition3 - ok
16:18:10.0122 0x2280 ================ Scan generic autorun ======================
16:18:10.0169 0x2280 [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
16:18:10.0200 0x2280 IAAnotif - ok
16:18:10.0340 0x2280 [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
16:18:10.0481 0x2280 MGSysCtrl - detected UnsignedFile.Multi.Generic ( 1 )
16:18:13.0413 0x2280 Detect skipped due to KSN trusted
16:18:13.0413 0x2280 MGSysCtrl - ok
16:18:13.0585 0x2280 [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
16:18:13.0694 0x2280 SynTPEnh - ok
16:18:14.0131 0x2280 [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
16:18:14.0661 0x2280 RtHDVCpl - ok
16:18:14.0864 0x2280 [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
16:18:14.0880 0x2280 PDVD9LanguageShortcut - ok
16:18:14.0942 0x2280 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
16:18:14.0973 0x2280 UCam_Menu - ok
16:18:15.0005 0x2280 [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
16:18:15.0036 0x2280 YouCam Mirror Tray icon - detected UnsignedFile.Multi.Generic ( 1 )
16:18:18.0015 0x2280 Detect skipped due to KSN trusted
16:18:18.0015 0x2280 YouCam Mirror Tray icon - ok
16:18:18.0093 0x2280 [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
16:18:18.0125 0x2280 IgfxTray - ok
16:18:18.0140 0x2280 [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
16:18:18.0171 0x2280 HotKeysCmds - ok
16:18:18.0187 0x2280 [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
16:18:18.0218 0x2280 Persistence - ok
16:18:18.0296 0x2280 [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
16:18:18.0359 0x2280 IJNetworkScannerSelectorEX - ok
16:18:18.0468 0x2280 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:18:18.0546 0x2280 Adobe ARM - ok
16:18:18.0624 0x2280 [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:18:18.0655 0x2280 SunJavaUpdateSched - ok
16:18:18.0780 0x2280 [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
16:18:18.0873 0x2280 avgnt - ok
16:18:18.0936 0x2280 [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
16:18:18.0983 0x2280 Cisco AnyConnect Secure Mobility Agent for Windows - ok
16:18:19.0123 0x2280 [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
16:18:19.0248 0x2280 MailCheck IE Broker - ok
16:18:19.0263 0x2280 Waiting for KSN requests completion. In queue: 13
16:18:20.0277 0x2280 Waiting for KSN requests completion. In queue: 13
16:18:21.0291 0x2280 Waiting for KSN requests completion. In queue: 13
16:18:22.0337 0x2280 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
16:18:22.0368 0x2280 Win FW state via NFP2: enabled
16:18:25.0207 0x2280 ============================================================
16:18:25.0207 0x2280 Scan finished
16:18:25.0207 0x2280 ============================================================
16:18:25.0223 0x23f0 Detected object count: 2
16:18:25.0223 0x23f0 Actual detected object count: 2
16:20:09.0634 0x23f0 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - skipped by user
16:20:09.0634 0x23f0 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
16:20:09.0634 0x23f0 syshost32 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
16:20:09.0634 0x23f0 syshost32 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
|
|
08.07.2014, 09:32
| #4 |
| /// the machine /// TB-Ausbilder | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2014, 11:06
| #5 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Hallo Schrauber, habe es durchlaufen lassen. Es wurden zwei Objekte gefunden. Allerdings kann ich da cure nicht anklicken. Es geht nur delete, skip oder in die Quarantäne stecken. Bin mir nicht sicher was ich tun soll. Habe Bedenken etwas falsch zu machen. Wie soll ich weiter vorgehen? |
|
09.07.2014, 08:13
| #6 |
| /// the machine /// TB-Ausbilder | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Wähle Delete.
__________________ --> Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr |
|
09.07.2014, 13:56
| #7 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Hallo Schrauber, habe meinen Rechner seit gestern, als ich hier rein geschrieben habe, stehen lassen und auf deine Antwort gewartet. Daraufhin hat er sich neu gestartet. Habe heute das Programm durchlaufen lassen, und es wurde nur eine Bedrohung gefunden. Habe deine Schritte befolgt und stellte dann fest, dass auf dem Computer bereits drei weitere Logfiles zu finden sind. D. h. es wurden vom Programm drei Logfiles gestern ohne mein Handeln erstellt. Ich poste hier mal alle vier rein. Code:
ATTFilter 11:36:30.0528 0x1644 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
11:36:37.0829 0x1644 ============================================================
11:36:37.0829 0x1644 Current date / time: 2014/07/08 11:36:37.0829
11:36:37.0829 0x1644 SystemInfo:
11:36:37.0829 0x1644
11:36:37.0829 0x1644 OS Version: 6.1.7601 ServicePack: 1.0
11:36:37.0829 0x1644 Product type: Workstation
11:36:37.0829 0x1644 ComputerName: *****-PC
11:36:37.0829 0x1644 UserName: *****
11:36:37.0829 0x1644 Windows directory: C:\Windows
11:36:37.0829 0x1644 System windows directory: C:\Windows
11:36:37.0829 0x1644 Processor architecture: Intel x86
11:36:37.0829 0x1644 Number of processors: 2
11:36:37.0829 0x1644 Page size: 0x1000
11:36:37.0829 0x1644 Boot type: Normal boot
11:36:37.0829 0x1644 ============================================================
11:36:40.0434 0x1644 KLMD registered as C:\Windows\system32\drivers\58580041.sys
11:36:57.0578 0x1644 System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
11:36:58.0155 0x1644 !crdlk
11:36:58.0311 0x1644 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
11:36:58.0327 0x1644 ============================================================
11:36:58.0327 0x1644 \Device\Harddisk0\DR0:
11:36:58.0343 0x1644 MBR partitions:
11:36:58.0343 0x1644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:36:58.0343 0x1644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
11:36:58.0343 0x1644 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
11:36:58.0343 0x1644 ============================================================
11:36:58.0389 0x1644 C: <-> \Device\Harddisk0\DR0\Partition2
11:36:58.0452 0x1644 D: <-> \Device\Harddisk0\DR0\Partition3
11:36:58.0452 0x1644 ============================================================
11:36:58.0452 0x1644 Initialize success
11:36:58.0452 0x1644 ============================================================
11:37:06.0330 0x1694 ============================================================
11:37:06.0330 0x1694 Scan started
11:37:06.0330 0x1694 Mode: Manual;
11:37:06.0330 0x1694 ============================================================
11:37:06.0330 0x1694 KSN ping started
11:37:09.0341 0x1694 KSN ping finished: true
11:37:10.0464 0x1694 ================ Scan system memory ========================
11:37:10.0464 0x1694 System memory - ok
11:37:10.0464 0x1694 ================ Scan services =============================
11:37:10.0745 0x1694 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:37:10.0760 0x1694 1394ohci - ok
11:37:10.0823 0x1694 Suspicious service (NoAccess): 8a6a6eefe4cb1615
11:37:10.0869 0x1694 [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
11:37:10.0869 0x1694 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
11:37:10.0963 0x1694 8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
11:37:14.0083 0x1694 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
11:37:14.0083 0x1694 Force sending object to P2P due to detect: 8a6a6eefe4cb1615
11:37:18.0139 0x1694 Object send P2P result: true
11:37:21.0119 0x1694 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:37:21.0150 0x1694 ACPI - ok
11:37:21.0197 0x1694 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:37:21.0197 0x1694 AcpiPmi - ok
11:37:21.0259 0x1694 [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock C:\Windows\system32\DRIVERS\acsock.sys
11:37:21.0259 0x1694 acsock - ok
11:37:21.0384 0x1694 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:37:21.0384 0x1694 AdobeARMservice - ok
11:37:21.0509 0x1694 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:37:21.0524 0x1694 AdobeFlashPlayerUpdateSvc - ok
11:37:21.0618 0x1694 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:37:21.0649 0x1694 adp94xx - ok
11:37:21.0696 0x1694 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:37:21.0727 0x1694 adpahci - ok
11:37:21.0821 0x1694 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:37:21.0836 0x1694 adpu320 - ok
11:37:21.0899 0x1694 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:37:21.0899 0x1694 AeLookupSvc - ok
11:37:21.0992 0x1694 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
11:37:22.0008 0x1694 AFD - ok
11:37:22.0070 0x1694 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:37:22.0070 0x1694 agp440 - ok
11:37:22.0164 0x1694 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:37:22.0179 0x1694 aic78xx - ok
11:37:22.0257 0x1694 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
11:37:22.0257 0x1694 ALG - ok
11:37:22.0304 0x1694 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
11:37:22.0320 0x1694 aliide - ok
11:37:22.0367 0x1694 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:37:22.0367 0x1694 amdagp - ok
11:37:22.0413 0x1694 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
11:37:22.0413 0x1694 amdide - ok
11:37:22.0460 0x1694 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:37:22.0476 0x1694 AmdK8 - ok
11:37:22.0491 0x1694 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:37:22.0507 0x1694 AmdPPM - ok
11:37:22.0538 0x1694 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:37:22.0538 0x1694 amdsata - ok
11:37:22.0601 0x1694 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:37:22.0601 0x1694 amdsbs - ok
11:37:22.0647 0x1694 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:37:22.0647 0x1694 amdxata - ok
11:37:22.0741 0x1694 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
11:37:22.0757 0x1694 androidusb - ok
11:37:22.0881 0x1694 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:37:22.0897 0x1694 AntiVirSchedulerService - ok
11:37:23.0006 0x1694 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:37:23.0022 0x1694 AntiVirService - ok
11:37:23.0100 0x1694 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
11:37:23.0100 0x1694 AppID - ok
11:37:23.0162 0x1694 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:37:23.0162 0x1694 AppIDSvc - ok
11:37:23.0256 0x1694 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
11:37:23.0256 0x1694 Appinfo - ok
11:37:23.0349 0x1694 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:37:23.0365 0x1694 arc - ok
11:37:23.0396 0x1694 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:37:23.0396 0x1694 arcsas - ok
11:37:23.0537 0x1694 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:37:23.0537 0x1694 aspnet_state - ok
11:37:23.0583 0x1694 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:37:23.0583 0x1694 AsyncMac - ok
11:37:23.0661 0x1694 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
11:37:23.0661 0x1694 atapi - ok
11:37:23.0786 0x1694 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:37:23.0817 0x1694 AudioEndpointBuilder - ok
11:37:23.0880 0x1694 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:37:23.0895 0x1694 Audiosrv - ok
11:37:24.0005 0x1694 [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:37:24.0020 0x1694 avgntflt - ok
11:37:24.0083 0x1694 [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:37:24.0098 0x1694 avipbb - ok
11:37:24.0161 0x1694 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:37:24.0161 0x1694 avkmgr - ok
11:37:24.0239 0x1694 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:37:24.0254 0x1694 AxInstSV - ok
11:37:24.0317 0x1694 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:37:24.0363 0x1694 b06bdrv - ok
11:37:24.0426 0x1694 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:37:24.0426 0x1694 b57nd60x - ok
11:37:24.0535 0x1694 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
11:37:24.0551 0x1694 BDESVC - ok
11:37:24.0597 0x1694 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
11:37:24.0597 0x1694 Beep - ok
11:37:24.0707 0x1694 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
11:37:24.0738 0x1694 BFE - ok
11:37:24.0878 0x1694 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
11:37:24.0925 0x1694 BITS - ok
11:37:24.0987 0x1694 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:37:24.0987 0x1694 blbdrive - ok
11:37:25.0065 0x1694 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:37:25.0065 0x1694 bowser - ok
11:37:25.0128 0x1694 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:37:25.0128 0x1694 BrFiltLo - ok
11:37:25.0175 0x1694 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:37:25.0175 0x1694 BrFiltUp - ok
11:37:25.0221 0x1694 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:37:25.0237 0x1694 BridgeMP - ok
11:37:25.0315 0x1694 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
11:37:25.0315 0x1694 Browser - ok
11:37:25.0362 0x1694 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:37:25.0377 0x1694 Brserid - ok
11:37:25.0440 0x1694 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:37:25.0440 0x1694 BrSerWdm - ok
11:37:25.0471 0x1694 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:37:25.0487 0x1694 BrUsbMdm - ok
11:37:25.0518 0x1694 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:37:25.0518 0x1694 BrUsbSer - ok
11:37:25.0580 0x1694 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:37:25.0596 0x1694 BthEnum - ok
11:37:25.0643 0x1694 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:37:25.0643 0x1694 BTHMODEM - ok
11:37:25.0674 0x1694 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:37:25.0689 0x1694 BthPan - ok
11:37:25.0752 0x1694 [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:37:25.0767 0x1694 BTHPORT - ok
11:37:25.0877 0x1694 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
11:37:25.0892 0x1694 bthserv - ok
11:37:25.0939 0x1694 [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:37:25.0939 0x1694 BTHUSB - ok
11:37:26.0001 0x1694 [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:37:26.0001 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: D57D29132EFE13A83133D9BD449E0CF1, sha256: 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB
11:37:26.0017 0x1694 btwaudio - detected LockedFile.Multi.Generic ( 1 )
11:37:29.0293 0x1694 Detect skipped due to KSN trusted
11:37:29.0293 0x1694 btwaudio - ok
11:37:29.0387 0x1694 [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:37:29.0402 0x1694 btwavdt - ok
11:37:29.0496 0x1694 [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:37:29.0527 0x1694 btwdins - ok
11:37:29.0574 0x1694 [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:37:29.0574 0x1694 btwl2cap - ok
11:37:29.0605 0x1694 [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:37:29.0605 0x1694 btwrchid - ok
11:37:29.0792 0x1694 catchme - ok
11:37:29.0855 0x1694 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:37:29.0855 0x1694 cdfs - ok
11:37:29.0917 0x1694 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:37:29.0933 0x1694 cdrom - ok
11:37:29.0995 0x1694 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
11:37:30.0011 0x1694 CertPropSvc - ok
11:37:30.0057 0x1694 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:37:30.0057 0x1694 circlass - ok
11:37:30.0135 0x1694 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
11:37:30.0135 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: 635181E0E9BBF16871BF5380D71DB02D, sha256: 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A
11:37:30.0182 0x1694 CLFS - detected LockedFile.Multi.Generic ( 1 )
11:37:33.0053 0x1694 Detect skipped due to KSN trusted
11:37:33.0053 0x1694 CLFS - ok
11:37:33.0240 0x1694 [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
11:37:33.0302 0x1694 ClickToRunSvc - ok
11:37:33.0396 0x1694 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:37:33.0411 0x1694 clr_optimization_v2.0.50727_32 - ok
11:37:33.0505 0x1694 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:37:33.0505 0x1694 clr_optimization_v4.0.30319_32 - ok
11:37:33.0552 0x1694 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:37:33.0552 0x1694 CmBatt - ok
11:37:33.0630 0x1694 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:37:33.0630 0x1694 cmdide - ok
11:37:33.0723 0x1694 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
11:37:33.0739 0x1694 CNG - ok
11:37:33.0801 0x1694 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:37:33.0801 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: A6023D3823C37043986713F118A89BEE, sha256: FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B
11:37:33.0817 0x1694 Compbatt - detected LockedFile.Multi.Generic ( 1 )
11:37:36.0687 0x1694 Detect skipped due to KSN trusted
11:37:36.0687 0x1694 Compbatt - ok
11:37:36.0797 0x1694 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:37:36.0797 0x1694 CompositeBus - ok
11:37:36.0843 0x1694 COMSysApp - ok
11:37:36.0890 0x1694 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:37:36.0890 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 2C4EBCFC84A9B44F209DFF6C6E6C61D1, sha256: 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6
11:37:36.0890 0x1694 crcdisk - detected LockedFile.Multi.Generic ( 1 )
11:37:39.0776 0x1694 Detect skipped due to KSN trusted
11:37:39.0776 0x1694 crcdisk - ok
11:37:39.0870 0x1694 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:37:39.0870 0x1694 CryptSvc - ok
11:37:39.0964 0x1694 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
11:37:40.0010 0x1694 DcomLaunch - ok
11:37:40.0088 0x1694 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
11:37:40.0104 0x1694 defragsvc - ok
11:37:40.0151 0x1694 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:37:40.0166 0x1694 DfsC - ok
11:37:40.0244 0x1694 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:37:40.0276 0x1694 Dhcp - ok
11:37:40.0322 0x1694 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
11:37:40.0322 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 1A050B0274BFB3890703D490F330C0DA, sha256: 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB
11:37:40.0354 0x1694 discache - detected LockedFile.Multi.Generic ( 1 )
11:37:43.0240 0x1694 Detect skipped due to KSN trusted
11:37:43.0240 0x1694 discache - ok
11:37:43.0380 0x1694 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:37:43.0380 0x1694 Disk - ok
11:37:43.0458 0x1694 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:37:43.0458 0x1694 Dnscache - ok
11:37:43.0536 0x1694 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
11:37:43.0536 0x1694 dot3svc - ok
11:37:43.0614 0x1694 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
11:37:43.0614 0x1694 DPS - ok
11:37:43.0692 0x1694 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:37:43.0692 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: B918E7C5F9BF77202F89E1A9539F2EB4, sha256: C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B
11:37:43.0723 0x1694 drmkaud - detected LockedFile.Multi.Generic ( 1 )
11:37:46.0609 0x1694 Detect skipped due to KSN trusted
11:37:46.0609 0x1694 drmkaud - ok
11:37:46.0765 0x1694 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:37:46.0765 0x1694 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 71BC35067CABC02C9453AEAA42B2E43E, sha256: 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619
11:37:46.0781 0x1694 DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
11:37:49.0651 0x1694 Detect skipped due to KSN trusted
11:37:49.0651 0x1694 DXGKrnl - ok
11:37:49.0760 0x1694 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
11:37:49.0760 0x1694 EapHost - ok
11:37:49.0979 0x1694 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:37:49.0979 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbdx.sys. md5: 024E1B5CAC09731E4D868E64DBFB4AB0, sha256: AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994
11:37:50.0010 0x1694 ebdrv - detected LockedFile.Multi.Generic ( 1 )
11:37:52.0880 0x1694 Detect skipped due to KSN trusted
11:37:52.0880 0x1694 ebdrv - ok
11:37:52.0990 0x1694 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
11:37:53.0005 0x1694 EFS - ok
11:37:53.0114 0x1694 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:37:53.0130 0x1694 ehRecvr - ok
11:37:53.0177 0x1694 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
11:37:53.0177 0x1694 ehSched - ok
11:37:53.0270 0x1694 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:37:53.0270 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0ED67910C8C326796FAA00B2BF6D9D3C, sha256: 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8
11:37:53.0302 0x1694 elxstor - detected LockedFile.Multi.Generic ( 1 )
11:37:56.0188 0x1694 Detect skipped due to KSN trusted
11:37:56.0188 0x1694 elxstor - ok
11:37:56.0297 0x1694 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:37:56.0297 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 8FC3208352DD3912C94367A206AB3F11, sha256: 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02
11:37:56.0297 0x1694 ErrDev - detected LockedFile.Multi.Generic ( 1 )
11:37:59.0183 0x1694 Detect skipped due to KSN trusted
11:37:59.0183 0x1694 ErrDev - ok
11:37:59.0370 0x1694 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
11:37:59.0386 0x1694 EventSystem - ok
11:37:59.0432 0x1694 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
11:37:59.0432 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: 2DC9108D74081149CC8B651D3A26207F, sha256: 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176
11:37:59.0464 0x1694 exfat - detected LockedFile.Multi.Generic ( 1 )
11:38:02.0381 0x1694 Detect skipped due to KSN trusted
11:38:02.0381 0x1694 exfat - ok
11:38:02.0428 0x1694 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:38:02.0428 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 7E0AB74553476622FB6AE36F73D97D35, sha256: 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947
11:38:02.0428 0x1694 fastfat - detected LockedFile.Multi.Generic ( 1 )
11:38:05.0314 0x1694 Detect skipped due to KSN trusted
11:38:05.0314 0x1694 fastfat - ok
11:38:05.0423 0x1694 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
11:38:05.0454 0x1694 Fax - ok
11:38:05.0501 0x1694 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:38:05.0516 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: E817A017F82DF2A1F8CFDBDA29388B29, sha256: 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837
11:38:05.0532 0x1694 fdc - detected LockedFile.Multi.Generic ( 1 )
11:38:08.0402 0x1694 Detect skipped due to KSN trusted
11:38:08.0402 0x1694 fdc - ok
11:38:08.0465 0x1694 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
11:38:08.0480 0x1694 fdPHost - ok
11:38:08.0527 0x1694 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
11:38:08.0527 0x1694 FDResPub - ok
11:38:08.0590 0x1694 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:38:08.0590 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 6CF00369C97F3CF563BE99BE983D13D8, sha256: F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33
11:38:08.0605 0x1694 FileInfo - detected LockedFile.Multi.Generic ( 1 )
11:38:11.0476 0x1694 Detect skipped due to KSN trusted
11:38:11.0476 0x1694 FileInfo - ok
11:38:11.0569 0x1694 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:38:11.0569 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 42C51DC94C91DA21CB9196EB64C45DB9, sha256: 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635
11:38:11.0585 0x1694 Filetrace - detected LockedFile.Multi.Generic ( 1 )
11:38:14.0596 0x1694 Detect skipped due to KSN trusted
11:38:14.0596 0x1694 Filetrace - ok
11:38:14.0674 0x1694 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:38:14.0674 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: 87907AA70CB3C56600F1C2FB8841579B, sha256: CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979
11:38:14.0689 0x1694 flpydisk - detected LockedFile.Multi.Generic ( 1 )
11:38:17.0560 0x1694 Detect skipped due to KSN trusted
11:38:17.0560 0x1694 flpydisk - ok
11:38:17.0638 0x1694 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:38:17.0638 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: 7520EC808E0C35E0EE6F841294316653, sha256: 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67
11:38:17.0653 0x1694 FltMgr - detected LockedFile.Multi.Generic ( 1 )
11:38:20.0695 0x1694 Detect skipped due to KSN trusted
11:38:20.0695 0x1694 FltMgr - ok
11:38:20.0914 0x1694 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
11:38:20.0976 0x1694 FontCache - ok
11:38:21.0070 0x1694 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:38:21.0070 0x1694 FontCache3.0.0.0 - ok
11:38:21.0132 0x1694 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:38:21.0132 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: 1A16B57943853E598CFF37FE2B8CBF1D, sha256: 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E
11:38:21.0163 0x1694 FsDepends - detected LockedFile.Multi.Generic ( 1 )
11:38:24.0034 0x1694 Detect skipped due to KSN trusted
11:38:24.0034 0x1694 FsDepends - ok
11:38:24.0096 0x1694 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:38:24.0096 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 7DAE5EBCC80E45D3253F4923DC424D05, sha256: 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A
11:38:24.0112 0x1694 Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
11:38:26.0982 0x1694 Detect skipped due to KSN trusted
11:38:26.0982 0x1694 Fs_Rec - ok
11:38:27.0076 0x1694 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:38:27.0076 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: E306A24D9694C724FA2491278BF50FDB, sha256: 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091
11:38:27.0076 0x1694 fvevol - detected LockedFile.Multi.Generic ( 1 )
11:38:29.0946 0x1694 Detect skipped due to KSN trusted
11:38:29.0946 0x1694 fvevol - ok
11:38:30.0040 0x1694 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:38:30.0040 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 65EE0C7A58B65E74AE05637418153938, sha256: 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF
11:38:30.0055 0x1694 gagp30kx - detected LockedFile.Multi.Generic ( 1 )
11:38:32.0941 0x1694 Detect skipped due to KSN trusted
11:38:32.0941 0x1694 gagp30kx - ok
11:38:33.0082 0x1694 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
11:38:33.0113 0x1694 gpsvc - ok
11:38:33.0238 0x1694 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:38:33.0238 0x1694 gupdate - ok
11:38:33.0284 0x1694 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:38:33.0284 0x1694 gupdatem - ok
11:38:33.0331 0x1694 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:38:33.0331 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: C44E3C2BAB6837DB337DDEE7544736DB, sha256: 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D
11:38:33.0347 0x1694 hcw85cir - detected LockedFile.Multi.Generic ( 1 )
11:38:36.0233 0x1694 Detect skipped due to KSN trusted
11:38:36.0233 0x1694 hcw85cir - ok
11:38:36.0358 0x1694 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:38:36.0358 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: A5EF29D5315111C80A5C1ABAD14C8972, sha256: A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A
11:38:36.0358 0x1694 HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
11:38:39.0244 0x1694 Detect skipped due to KSN trusted
11:38:39.0244 0x1694 HdAudAddService - ok
11:38:39.0337 0x1694 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:38:39.0337 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 9036377B8A6C15DC2EEC53E489D159B5, sha256: 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B
11:38:39.0353 0x1694 HDAudBus - detected LockedFile.Multi.Generic ( 1 )
11:38:42.0239 0x1694 Detect skipped due to KSN trusted
11:38:42.0239 0x1694 HDAudBus - ok
11:38:42.0348 0x1694 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:38:42.0348 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 1D58A7F3E11A9731D0EAAAA8405ACC36, sha256: 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215
11:38:42.0348 0x1694 HidBatt - detected LockedFile.Multi.Generic ( 1 )
11:38:45.0234 0x1694 Detect skipped due to KSN trusted
11:38:45.0234 0x1694 HidBatt - ok
11:38:45.0328 0x1694 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:38:45.0328 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 89448F40E6DF260C206A193A4683BA78, sha256: 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C
11:38:45.0343 0x1694 HidBth - detected LockedFile.Multi.Generic ( 1 )
11:38:49.0259 0x1694 Detect skipped due to KSN trusted
11:38:49.0259 0x1694 HidBth - ok
11:38:49.0430 0x1694 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:38:49.0430 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: CF50B4CF4A4F229B9F3C08351F99CA5E, sha256: B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F
11:38:49.0446 0x1694 HidIr - detected LockedFile.Multi.Generic ( 1 )
11:38:52.0332 0x1694 Detect skipped due to KSN trusted
11:38:52.0332 0x1694 HidIr - ok
11:38:52.0426 0x1694 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
11:38:52.0426 0x1694 hidserv - ok
11:38:52.0504 0x1694 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:38:52.0504 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 10C19F8290891AF023EAEC0832E1EB4D, sha256: E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853
11:38:52.0504 0x1694 HidUsb - detected LockedFile.Multi.Generic ( 1 )
11:38:55.0390 0x1694 Detect skipped due to KSN trusted
11:38:55.0390 0x1694 HidUsb - ok
11:38:55.0530 0x1694 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
11:38:55.0530 0x1694 hkmsvc - ok
11:38:55.0608 0x1694 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:38:55.0624 0x1694 HomeGroupListener - ok
11:38:55.0670 0x1694 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:38:55.0686 0x1694 HomeGroupProvider - ok
11:38:55.0733 0x1694 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:38:55.0733 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 295FDC419039090EB8B49FFDBB374549, sha256: 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7
11:38:55.0780 0x1694 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
11:38:58.0634 0x1694 Detect skipped due to KSN trusted
11:38:58.0634 0x1694 HpSAMD - ok
11:38:58.0775 0x1694 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:38:58.0775 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 871917B07A141BFF43D76D8844D48106, sha256: 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987
11:38:58.0806 0x1694 HTTP - detected LockedFile.Multi.Generic ( 1 )
11:39:01.0676 0x1694 Detect skipped due to KSN trusted
11:39:01.0676 0x1694 HTTP - ok
11:39:01.0770 0x1694 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:39:01.0770 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: 0C4E035C7F105F1299258C90886C64C5, sha256: CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4
11:39:01.0770 0x1694 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
11:39:04.0625 0x1694 Detect skipped due to KSN trusted
11:39:04.0625 0x1694 hwpolicy - ok
11:39:04.0750 0x1694 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:39:04.0750 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: F151F0BDC47F4A28B1B20A0818EA36D6, sha256: 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79
11:39:04.0750 0x1694 i8042prt - detected LockedFile.Multi.Generic ( 1 )
11:39:07.0636 0x1694 Detect skipped due to KSN trusted
11:39:07.0636 0x1694 i8042prt - ok
11:39:07.0745 0x1694 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:39:07.0745 0x1694 IAANTMON - ok
11:39:07.0870 0x1694 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:39:07.0870 0x1694 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: D483687EACE0C065EE772481A96E05F5, sha256: A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29
11:39:07.0916 0x1694 iaStor - detected LockedFile.Multi.Generic ( 1 )
11:39:11.0239 0x1694 Detect skipped due to KSN trusted
11:39:11.0239 0x1694 iaStor - ok
11:39:11.0317 0x1694 Scan was interrupted by user!
11:39:11.0317 0x1694 Waiting for KSN requests completion. In queue: 1
11:39:12.0331 0x1694 Waiting for KSN requests completion. In queue: 1
11:39:13.0345 0x1694 Waiting for KSN requests completion. In queue: 1
11:39:14.0437 0x1694 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
11:39:14.0453 0x1694 Win FW state via NFP2: enabled
11:39:17.0495 0x1694 ============================================================
11:39:17.0495 0x1694 Scan finished
11:39:17.0495 0x1694 ============================================================
11:39:17.0495 0x168c Detected object count: 1
11:39:17.0495 0x168c Actual detected object count: 1
11:39:23.0314 0x168c C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - copied to quarantine
11:39:23.0329 0x168c HKLM\SYSTEM\ControlSet001\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:39:23.0407 0x168c HKLM\SYSTEM\ControlSet002\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:39:23.0969 0x168c C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - will be deleted on reboot
11:39:23.0969 0x168c 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
11:39:24.0203 0x168c KLMD registered as C:\Windows\system32\drivers\19170952.sys
11:39:30.0178 0x161c Deinitialize success
|
|
09.07.2014, 13:58
| #8 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehrCode:
ATTFilter 11:39:37.0001 0x1398 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
11:39:40.0635 0x1398 ============================================================
11:39:40.0635 0x1398 Current date / time: 2014/07/08 11:39:40.0635
11:39:40.0635 0x1398 SystemInfo:
11:39:40.0635 0x1398
11:39:40.0635 0x1398 OS Version: 6.1.7601 ServicePack: 1.0
11:39:40.0635 0x1398 Product type: Workstation
11:39:40.0635 0x1398 ComputerName: *****-PC
11:39:40.0635 0x1398 UserName: *****
11:39:40.0635 0x1398 Windows directory: C:\Windows
11:39:40.0635 0x1398 System windows directory: C:\Windows
11:39:40.0635 0x1398 Processor architecture: Intel x86
11:39:40.0635 0x1398 Number of processors: 2
11:39:40.0635 0x1398 Page size: 0x1000
11:39:40.0635 0x1398 Boot type: Normal boot
11:39:40.0635 0x1398 ============================================================
11:39:41.0181 0x1398 KLMD registered as C:\Windows\system32\drivers\38680519.sys
11:39:46.0283 0x1398 System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
11:39:46.0829 0x1398 !crdlk
11:39:46.0969 0x1398 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
11:39:46.0985 0x1398 ============================================================
11:39:46.0985 0x1398 \Device\Harddisk0\DR0:
11:39:46.0985 0x1398 MBR partitions:
11:39:46.0985 0x1398 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:39:46.0985 0x1398 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
11:39:46.0985 0x1398 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
11:39:46.0985 0x1398 ============================================================
11:39:47.0016 0x1398 C: <-> \Device\Harddisk0\DR0\Partition2
11:39:47.0078 0x1398 D: <-> \Device\Harddisk0\DR0\Partition3
11:39:47.0078 0x1398 ============================================================
11:39:47.0078 0x1398 Initialize success
11:39:47.0078 0x1398 ============================================================
11:39:49.0949 0x1758 ============================================================
11:39:49.0949 0x1758 Scan started
11:39:49.0949 0x1758 Mode: Manual;
11:39:49.0949 0x1758 ============================================================
11:39:49.0949 0x1758 KSN ping started
11:39:52.0772 0x1758 KSN ping finished: true
11:39:53.0630 0x1758 ================ Scan system memory ========================
11:39:53.0630 0x1758 System memory - ok
11:39:53.0630 0x1758 ================ Scan services =============================
11:39:53.0911 0x1758 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:39:53.0911 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\1394ohci.sys. md5: 1B133875B8AA8AC48969BD3458AFE9F5, sha256: 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744
11:39:53.0958 0x1758 1394ohci - detected LockedFile.Multi.Generic ( 1 )
11:39:56.0875 0x1758 Detect skipped due to KSN trusted
11:39:56.0875 0x1758 1394ohci - ok
11:39:56.0937 0x1758 [ 4B2C07980CBD463DEE9F5CB0ADCDE862, A0D20F91EE6A13CA255033752B79CD90C89F3E95DB82D96EC6117E6B734775EF ] 75070223 C:\Windows\system32\drivers\19170952.sys
11:39:56.0953 0x1758 75070223 - ok
11:39:56.0969 0x1758 Suspicious service (NoAccess): 8a6a6eefe4cb1615
11:39:57.0015 0x1758 [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
11:39:57.0015 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
11:39:57.0062 0x1758 8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
11:40:00.0073 0x1758 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
11:40:00.0073 0x1758 Force sending object to P2P due to detect: 8a6a6eefe4cb1615
11:40:04.0082 0x1758 Object send P2P result: true
11:40:06.0999 0x1758 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:40:06.0999 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ACPI.sys. md5: CEA80C80BED809AA0DA6FEBC04733349, sha256: AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B
11:40:07.0015 0x1758 ACPI - detected LockedFile.Multi.Generic ( 1 )
11:40:09.0885 0x1758 Detect skipped due to KSN trusted
11:40:09.0885 0x1758 ACPI - ok
11:40:09.0963 0x1758 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:40:09.0963 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\acpipmi.sys. md5: 1EFBC664ABFF416D1D07DB115DCB264F, sha256: BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58
11:40:09.0979 0x1758 AcpiPmi - detected LockedFile.Multi.Generic ( 1 )
11:40:12.0849 0x1758 Detect skipped due to KSN trusted
11:40:12.0849 0x1758 AcpiPmi - ok
11:40:12.0974 0x1758 [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock C:\Windows\system32\DRIVERS\acsock.sys
11:40:12.0974 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\acsock.sys. md5: 9BC0D1B4D9CCEC2DC9F010E466738A38, sha256: FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB
11:40:12.0974 0x1758 acsock - detected LockedFile.Multi.Generic ( 1 )
11:40:15.0907 0x1758 Detect skipped due to KSN trusted
11:40:15.0907 0x1758 acsock - ok
11:40:16.0063 0x1758 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:40:16.0063 0x1758 AdobeARMservice - ok
11:40:16.0188 0x1758 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:40:16.0203 0x1758 AdobeFlashPlayerUpdateSvc - ok
11:40:16.0297 0x1758 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:40:16.0297 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adp94xx.sys. md5: 21E785EBD7DC90A06391141AAC7892FB, sha256: A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25
11:40:16.0328 0x1758 adp94xx - detected LockedFile.Multi.Generic ( 1 )
11:40:19.0199 0x1758 Detect skipped due to KSN trusted
11:40:19.0199 0x1758 adp94xx - ok
11:40:19.0292 0x1758 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:40:19.0292 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adpahci.sys. md5: 0C676BC278D5B59FF5ABD57BBE9123F2, sha256: 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB
11:40:19.0308 0x1758 adpahci - detected LockedFile.Multi.Generic ( 1 )
11:40:22.0194 0x1758 Detect skipped due to KSN trusted
11:40:22.0194 0x1758 adpahci - ok
11:40:22.0272 0x1758 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:40:22.0272 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adpu320.sys. md5: 7C7B5EE4B7B822EC85321FE23A27DB33, sha256: A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C
11:40:22.0287 0x1758 adpu320 - detected LockedFile.Multi.Generic ( 1 )
11:40:25.0158 0x1758 Detect skipped due to KSN trusted
11:40:25.0158 0x1758 adpu320 - ok
11:40:25.0267 0x1758 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:40:25.0283 0x1758 AeLookupSvc - ok
11:40:25.0376 0x1758 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
11:40:25.0376 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\afd.sys. md5: F81BB7E487EDCEAB630A7EE66CF23913, sha256: 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68
11:40:25.0407 0x1758 AFD - detected LockedFile.Multi.Generic ( 1 )
11:40:28.0278 0x1758 Detect skipped due to KSN trusted
11:40:28.0278 0x1758 AFD - ok
11:40:28.0387 0x1758 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:40:28.0387 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\agp440.sys. md5: 507812C3054C21CEF746B6EE3D04DD6E, sha256: D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E
11:40:28.0403 0x1758 agp440 - detected LockedFile.Multi.Generic ( 1 )
11:40:31.0289 0x1758 Detect skipped due to KSN trusted
11:40:31.0289 0x1758 agp440 - ok
11:40:31.0398 0x1758 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:40:31.0398 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\djsvs.sys. md5: 8B30250D573A8F6B4BD23195160D8707, sha256: 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D
11:40:31.0413 0x1758 aic78xx - detected LockedFile.Multi.Generic ( 1 )
11:40:34.0299 0x1758 Detect skipped due to KSN trusted
11:40:34.0299 0x1758 aic78xx - ok
11:40:34.0409 0x1758 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
11:40:34.0424 0x1758 ALG - ok
11:40:34.0471 0x1758 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
11:40:34.0471 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\aliide.sys. md5: 0D40BCF52EA90FC7DF2AEAB6503DEA44, sha256: 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6
11:40:34.0471 0x1758 aliide - detected LockedFile.Multi.Generic ( 1 )
11:40:37.0357 0x1758 Detect skipped due to KSN trusted
11:40:37.0357 0x1758 aliide - ok
11:40:37.0466 0x1758 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:40:37.0466 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdagp.sys. md5: 3C6600A0696E90A463771C7422E23AB5, sha256: 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7
11:40:37.0497 0x1758 amdagp - detected LockedFile.Multi.Generic ( 1 )
11:40:40.0368 0x1758 Detect skipped due to KSN trusted
11:40:40.0368 0x1758 amdagp - ok
11:40:40.0477 0x1758 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
11:40:40.0477 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdide.sys. md5: CD5914170297126B6266860198D1D4F0, sha256: 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60
11:40:40.0508 0x1758 amdide - detected LockedFile.Multi.Generic ( 1 )
11:40:43.0394 0x1758 Detect skipped due to KSN trusted
11:40:43.0394 0x1758 amdide - ok
11:40:43.0441 0x1758 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:40:43.0441 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdk8.sys. md5: 00DDA200D71BAC534BF56A9DB5DFD666, sha256: CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B
11:40:43.0457 0x1758 AmdK8 - detected LockedFile.Multi.Generic ( 1 )
11:40:46.0327 0x1758 Detect skipped due to KSN trusted
11:40:46.0327 0x1758 AmdK8 - ok
11:40:46.0421 0x1758 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:40:46.0421 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdppm.sys. md5: 3CBF30F5370FDA40DD3E87DF38EA53B6, sha256: 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC
11:40:46.0452 0x1758 AmdPPM - detected LockedFile.Multi.Generic ( 1 )
11:40:49.0322 0x1758 Detect skipped due to KSN trusted
11:40:49.0322 0x1758 AmdPPM - ok
11:40:49.0447 0x1758 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:40:49.0447 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdsata.sys. md5: D320BF87125326F996D4904FE24300FC, sha256: F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416
11:40:49.0478 0x1758 amdsata - detected LockedFile.Multi.Generic ( 1 )
11:40:52.0333 0x1758 Detect skipped due to KSN trusted
11:40:52.0333 0x1758 amdsata - ok
11:40:52.0427 0x1758 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:40:52.0427 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdsbs.sys. md5: EA43AF0C423FF267355F74E7A53BDABA, sha256: 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4
11:40:52.0442 0x1758 amdsbs - detected LockedFile.Multi.Generic ( 1 )
11:40:55.0328 0x1758 Detect skipped due to KSN trusted
11:40:55.0328 0x1758 amdsbs - ok
11:40:55.0453 0x1758 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:40:55.0453 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdxata.sys. md5: 46387FB17B086D16DEA267D5BE23A2F2, sha256: 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0
11:40:55.0484 0x1758 amdxata - detected LockedFile.Multi.Generic ( 1 )
11:40:58.0355 0x1758 Detect skipped due to KSN trusted
11:40:58.0355 0x1758 amdxata - ok
11:40:58.0417 0x1758 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
11:40:58.0417 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ssadadb.sys. md5: DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, sha256: 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4
11:40:58.0433 0x1758 androidusb - detected LockedFile.Multi.Generic ( 1 )
11:41:01.0303 0x1758 Detect skipped due to KSN trusted
11:41:01.0303 0x1758 androidusb - ok
11:41:01.0475 0x1758 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:41:01.0490 0x1758 AntiVirSchedulerService - ok
11:41:01.0599 0x1758 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:41:01.0615 0x1758 AntiVirService - ok
11:41:01.0677 0x1758 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
11:41:01.0677 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\appid.sys. md5: AEA177F783E20150ACE5383EE368DA19, sha256: 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F
11:41:01.0709 0x1758 AppID - detected LockedFile.Multi.Generic ( 1 )
11:41:04.0579 0x1758 Detect skipped due to KSN trusted
11:41:04.0579 0x1758 AppID - ok
11:41:04.0657 0x1758 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:41:04.0657 0x1758 AppIDSvc - ok
11:41:04.0735 0x1758 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
11:41:04.0751 0x1758 Appinfo - ok
11:41:04.0844 0x1758 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:41:04.0844 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arc.sys. md5: 2932004F49677BD84DBC72EDB754FFB3, sha256: 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8
11:41:04.0875 0x1758 arc - detected LockedFile.Multi.Generic ( 1 )
11:41:07.0746 0x1758 Detect skipped due to KSN trusted
11:41:07.0746 0x1758 arc - ok
11:41:07.0824 0x1758 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:41:07.0824 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 5D6F36C46FD283AE1B57BD2E9FEB0BC7, sha256: F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA
11:41:07.0839 0x1758 arcsas - detected LockedFile.Multi.Generic ( 1 )
11:41:10.0757 0x1758 Detect skipped due to KSN trusted
11:41:10.0757 0x1758 arcsas - ok
11:41:10.0991 0x1758 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:41:10.0991 0x1758 aspnet_state - ok
11:41:11.0037 0x1758 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:11.0037 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: ADD2ADE1C2B285AB8378D2DAAF991481, sha256: 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519
11:41:11.0069 0x1758 AsyncMac - detected LockedFile.Multi.Generic ( 1 )
11:41:13.0955 0x1758 Detect skipped due to KSN trusted
11:41:13.0955 0x1758 AsyncMac - ok
11:41:14.0157 0x1758 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
11:41:14.0157 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 338C86357871C167A96AB976519BF59E, sha256: F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6
11:41:14.0157 0x1758 atapi - detected LockedFile.Multi.Generic ( 1 )
11:41:17.0137 0x1758 Detect skipped due to KSN trusted
11:41:17.0137 0x1758 atapi - ok
11:41:17.0293 0x1758 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:41:17.0309 0x1758 AudioEndpointBuilder - ok
11:41:17.0371 0x1758 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:41:17.0387 0x1758 Audiosrv - ok
11:41:17.0480 0x1758 [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:41:17.0496 0x1758 avgntflt - ok
11:41:17.0574 0x1758 [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:41:17.0574 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\avipbb.sys. md5: 05AF7CBF0BDA1571BBADC36703EB9CA4, sha256: 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442
11:41:17.0589 0x1758 avipbb - detected LockedFile.Multi.Generic ( 1 )
11:41:20.0475 0x1758 Detect skipped due to KSN trusted
11:41:20.0475 0x1758 avipbb - ok
11:41:20.0585 0x1758 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:41:20.0585 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\avkmgr.sys. md5: D8C712305F73CD34D1B344810E522728, sha256: 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA
11:41:20.0585 0x1758 avkmgr - detected LockedFile.Multi.Generic ( 1 )
11:41:23.0471 0x1758 Detect skipped due to KSN trusted
11:41:23.0471 0x1758 avkmgr - ok
11:41:23.0580 0x1758 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:41:23.0595 0x1758 AxInstSV - ok
11:41:23.0673 0x1758 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:41:23.0673 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbdx.sys. md5: 1A231ABEC60FD316EC54C66715543CEC, sha256: 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E
11:41:23.0689 0x1758 b06bdrv - detected LockedFile.Multi.Generic ( 1 )
11:41:26.0560 0x1758 Detect skipped due to KSN trusted
11:41:26.0560 0x1758 b06bdrv - ok
11:41:26.0653 0x1758 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:41:26.0653 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60x.sys. md5: BD8869EB9CDE6BBE4508D869929869EE, sha256: F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543
11:41:26.0669 0x1758 b57nd60x - detected LockedFile.Multi.Generic ( 1 )
11:41:29.0602 0x1758 Detect skipped due to KSN trusted
11:41:29.0602 0x1758 b57nd60x - ok
11:41:29.0742 0x1758 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
11:41:29.0758 0x1758 BDESVC - ok
11:41:29.0804 0x1758 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
11:41:29.0804 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 505506526A9D467307B3C393DEDAF858, sha256: 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4
11:41:29.0820 0x1758 Beep - detected LockedFile.Multi.Generic ( 1 )
11:41:32.0800 0x1758 Detect skipped due to KSN trusted
11:41:32.0800 0x1758 Beep - ok
11:41:32.0940 0x1758 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
11:41:32.0971 0x1758 BFE - ok
11:41:33.0080 0x1758 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
11:41:33.0096 0x1758 BITS - ok
11:41:33.0174 0x1758 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:41:33.0174 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 2287078ED48FCFC477B05B20CF38F36F, sha256: 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521
11:41:33.0205 0x1758 blbdrive - detected LockedFile.Multi.Generic ( 1 )
11:41:36.0091 0x1758 Detect skipped due to KSN trusted
11:41:36.0091 0x1758 blbdrive - ok
11:41:36.0200 0x1758 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:41:36.0200 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 8F2DA3028D5FCBD1A060A3DE64CD6506, sha256: E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76
11:41:36.0200 0x1758 bowser - detected LockedFile.Multi.Generic ( 1 )
11:41:39.0086 0x1758 Detect skipped due to KSN trusted
11:41:39.0086 0x1758 bowser - ok
11:41:39.0180 0x1758 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:41:39.0180 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: 9F9ACC7F7CCDE8A15C282D3F88B43309, sha256: A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F
11:41:39.0196 0x1758 BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
11:41:42.0082 0x1758 Detect skipped due to KSN trusted
11:41:42.0082 0x1758 BrFiltLo - ok
11:41:42.0160 0x1758 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:41:42.0160 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: 56801AD62213A41F6497F96DEE83755A, sha256: 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361
11:41:42.0175 0x1758 BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
11:41:45.0014 0x1758 Detect skipped due to KSN trusted
11:41:45.0014 0x1758 BrFiltUp - ok
11:41:45.0124 0x1758 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:41:45.0124 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bridge.sys. md5: 77361D72A04F18809D0EFB6CCEB74D4B, sha256: 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64
11:41:45.0139 0x1758 BridgeMP - detected LockedFile.Multi.Generic ( 1 )
11:41:48.0368 0x1758 Detect skipped due to KSN trusted
11:41:48.0368 0x1758 BridgeMP - ok
11:41:48.0493 0x1758 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
11:41:48.0493 0x1758 Browser - ok
11:41:48.0540 0x1758 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:41:48.0540 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 845B8CE732E67F3B4133164868C666EA, sha256: 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F
11:41:48.0571 0x1758 Brserid - detected LockedFile.Multi.Generic ( 1 )
11:41:51.0442 0x1758 Detect skipped due to KSN trusted
11:41:51.0442 0x1758 Brserid - ok
11:41:51.0535 0x1758 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:51.0535 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: 203F0B1E73ADADBBB7B7B1FABD901F6B, sha256: 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D
11:41:51.0535 0x1758 BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
11:41:54.0406 0x1758 Detect skipped due to KSN trusted
11:41:54.0406 0x1758 BrSerWdm - ok
11:41:54.0484 0x1758 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:54.0484 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: BD456606156BA17E60A04E18016AE54B, sha256: DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D
11:41:54.0499 0x1758 BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
11:41:57.0370 0x1758 Detect skipped due to KSN trusted
11:41:57.0370 0x1758 BrUsbMdm - ok
11:41:57.0448 0x1758 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:57.0448 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: AF72ED54503F717A43268B3CC5FAEC2E, sha256: 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468
11:41:57.0448 0x1758 BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
11:42:00.0427 0x1758 Detect skipped due to KSN trusted
11:42:00.0427 0x1758 BrUsbSer - ok
11:42:00.0490 0x1758 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:42:00.0490 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BthEnum.sys. md5: 2865A5C8E98C70C605F417908CEBB3A4, sha256: B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935
11:42:00.0490 0x1758 BthEnum - detected LockedFile.Multi.Generic ( 1 )
11:42:03.0376 0x1758 Detect skipped due to KSN trusted
11:42:03.0376 0x1758 BthEnum - ok
11:42:03.0469 0x1758 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:42:03.0469 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: ED3DF7C56CE0084EB2034432FC56565A, sha256: B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B
11:42:03.0485 0x1758 BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
11:42:06.0355 0x1758 Detect skipped due to KSN trusted
11:42:06.0355 0x1758 BTHMODEM - ok
11:42:06.0464 0x1758 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:42:06.0464 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthpan.sys. md5: AD1872E5829E8A2C3B5B4B641C3EAB0E, sha256: 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39
11:42:06.0480 0x1758 BthPan - detected LockedFile.Multi.Generic ( 1 )
11:42:09.0350 0x1758 Detect skipped due to KSN trusted
11:42:09.0350 0x1758 BthPan - ok
11:42:09.0522 0x1758 [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:42:09.0522 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHport.sys. md5: 4A34888E13224678DD062466AFEC4240, sha256: B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940
11:42:09.0538 0x1758 BTHPORT - detected LockedFile.Multi.Generic ( 1 )
11:42:12.0470 0x1758 Detect skipped due to KSN trusted
11:42:12.0470 0x1758 BTHPORT - ok
11:42:12.0564 0x1758 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
11:42:12.0564 0x1758 bthserv - ok
11:42:12.0611 0x1758 [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:42:12.0611 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHUSB.sys. md5: FA04C63916FA221DBB91FCE153D07A55, sha256: 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7
11:42:12.0626 0x1758 BTHUSB - detected LockedFile.Multi.Generic ( 1 )
11:42:15.0512 0x1758 Detect skipped due to KSN trusted
11:42:15.0512 0x1758 BTHUSB - ok
11:42:15.0606 0x1758 [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:42:15.0606 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: D57D29132EFE13A83133D9BD449E0CF1, sha256: 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB
11:42:15.0622 0x1758 btwaudio - detected LockedFile.Multi.Generic ( 1 )
11:42:18.0586 0x1758 Detect skipped due to KSN trusted
11:42:18.0586 0x1758 btwaudio - ok
11:42:18.0710 0x1758 [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:42:18.0710 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwavdt.sys. md5: D282C14A69357D0E1BAFAECC2CA98C3A, sha256: 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9
11:42:18.0726 0x1758 btwavdt - detected LockedFile.Multi.Generic ( 1 )
11:42:21.0612 0x1758 Detect skipped due to KSN trusted
11:42:21.0612 0x1758 btwavdt - ok
11:42:21.0768 0x1758 [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:42:21.0784 0x1758 btwdins - ok
11:42:21.0830 0x1758 [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:42:21.0830 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwl2cap.sys. md5: AAFD7CB76BA61FBB08E302DA208C974A, sha256: 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C
11:42:21.0862 0x1758 btwl2cap - detected LockedFile.Multi.Generic ( 1 )
11:42:24.0748 0x1758 Detect skipped due to KSN trusted
11:42:24.0748 0x1758 btwl2cap - ok
11:42:24.0826 0x1758 [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:42:24.0826 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwrchid.sys. md5: 02EB4D2B05967DF2D32F29C84AB1FB17, sha256: 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288
11:42:24.0826 0x1758 btwrchid - detected LockedFile.Multi.Generic ( 1 )
11:42:27.0696 0x1758 Detect skipped due to KSN trusted
11:42:27.0696 0x1758 btwrchid - ok
11:42:27.0821 0x1758 catchme - ok
11:42:27.0883 0x1758 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:42:27.0883 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: 77EA11B065E0A8AB902D78145CA51E10, sha256: 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A
11:42:27.0914 0x1758 cdfs - detected LockedFile.Multi.Generic ( 1 )
11:42:30.0785 0x1758 Detect skipped due to KSN trusted
11:42:30.0785 0x1758 cdfs - ok
11:42:30.0925 0x1758 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:42:30.0925 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cdrom.sys. md5: BE167ED0FDB9C1FA1133953C18D5A6C9, sha256: E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C
11:42:30.0956 0x1758 cdrom - detected LockedFile.Multi.Generic ( 1 )
11:42:33.0842 0x1758 Detect skipped due to KSN trusted
11:42:33.0842 0x1758 cdrom - ok
11:42:33.0967 0x1758 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
11:42:33.0967 0x1758 CertPropSvc - ok
11:42:34.0014 0x1758 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:42:34.0014 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: 3FE3FE94A34DF6FB06E6418D0F6A0060, sha256: 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735
11:42:34.0045 0x1758 circlass - detected LockedFile.Multi.Generic ( 1 )
11:42:36.0916 0x1758 Detect skipped due to KSN trusted
11:42:36.0916 0x1758 circlass - ok
11:42:37.0040 0x1758 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
11:42:37.0040 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: 635181E0E9BBF16871BF5380D71DB02D, sha256: 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A
11:42:37.0056 0x1758 CLFS - detected LockedFile.Multi.Generic ( 1 )
11:42:39.0942 0x1758 Detect skipped due to KSN trusted
11:42:39.0942 0x1758 CLFS - ok
11:42:40.0176 0x1758 [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
11:42:40.0238 0x1758 ClickToRunSvc - ok
11:42:40.0332 0x1758 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:40.0332 0x1758 clr_optimization_v2.0.50727_32 - ok
11:42:40.0426 0x1758 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:40.0426 0x1758 clr_optimization_v4.0.30319_32 - ok
11:42:40.0472 0x1758 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:40.0472 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: DEA805815E587DAD1DD2C502220B5616, sha256: 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C
11:42:40.0504 0x1758 CmBatt - detected LockedFile.Multi.Generic ( 1 )
11:42:43.0390 0x1758 Detect skipped due to KSN trusted
11:42:43.0390 0x1758 CmBatt - ok
11:42:43.0483 0x1758 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:42:43.0483 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cmdide.sys. md5: C537B1DB64D495B9B4717B4D6D9EDBF2, sha256: 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B
11:42:43.0499 0x1758 cmdide - detected LockedFile.Multi.Generic ( 1 )
11:42:46.0369 0x1758 Detect skipped due to KSN trusted
11:42:46.0369 0x1758 cmdide - ok
11:42:46.0494 0x1758 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
11:42:46.0494 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: 85449EEBE8F8EBD6481EFBF0F352B4EB, sha256: E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC
11:42:46.0494 0x1758 CNG - detected LockedFile.Multi.Generic ( 1 )
11:42:49.0364 0x1758 Detect skipped due to KSN trusted
11:42:49.0364 0x1758 CNG - ok
11:42:49.0474 0x1758 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:42:49.0474 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: A6023D3823C37043986713F118A89BEE, sha256: FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B
11:42:49.0474 0x1758 Compbatt - detected LockedFile.Multi.Generic ( 1 )
11:42:52.0344 0x1758 Detect skipped due to KSN trusted
11:42:52.0344 0x1758 Compbatt - ok
11:42:52.0453 0x1758 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:42:52.0453 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CompositeBus.sys. md5: CBE8C58A8579CFE5FCCF809E6F114E89, sha256: AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF
11:42:52.0484 0x1758 CompositeBus - detected LockedFile.Multi.Generic ( 1 )
11:42:55.0355 0x1758 Detect skipped due to KSN trusted
11:42:55.0355 0x1758 CompositeBus - ok
11:42:55.0433 0x1758 COMSysApp - ok
11:42:55.0464 0x1758 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:42:55.0464 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 2C4EBCFC84A9B44F209DFF6C6E6C61D1, sha256: 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6
11:42:55.0480 0x1758 crcdisk - detected LockedFile.Multi.Generic ( 1 )
11:42:58.0350 0x1758 Detect skipped due to KSN trusted
11:42:58.0350 0x1758 crcdisk - ok
11:42:58.0475 0x1758 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:42:58.0490 0x1758 CryptSvc - ok
11:42:58.0584 0x1758 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
11:42:58.0615 0x1758 DcomLaunch - ok
11:42:58.0678 0x1758 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
11:42:58.0693 0x1758 defragsvc - ok
11:42:58.0740 0x1758 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:42:58.0740 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: F024449C97EC1E464AAFFDA18593DB88, sha256: 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2
11:42:58.0771 0x1758 DfsC - detected LockedFile.Multi.Generic ( 1 )
11:43:01.0657 0x1758 Detect skipped due to KSN trusted
11:43:01.0657 0x1758 DfsC - ok
11:43:01.0798 0x1758 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:43:01.0813 0x1758 Dhcp - ok
11:43:01.0860 0x1758 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
11:43:01.0860 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 1A050B0274BFB3890703D490F330C0DA, sha256: 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB
11:43:01.0860 0x1758 discache - detected LockedFile.Multi.Generic ( 1 )
11:43:04.0715 0x1758 Detect skipped due to KSN trusted
11:43:04.0715 0x1758 discache - ok
11:43:04.0840 0x1758 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:43:04.0840 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 565003F326F99802E68CA78F2A68E9FF, sha256: ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2
11:43:04.0840 0x1758 Disk - detected LockedFile.Multi.Generic ( 1 )
11:43:07.0710 0x1758 Detect skipped due to KSN trusted
11:43:07.0710 0x1758 Disk - ok
11:43:07.0928 0x1758 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:43:07.0944 0x1758 Dnscache - ok
11:43:08.0006 0x1758 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
11:43:08.0022 0x1758 dot3svc - ok
11:43:08.0100 0x1758 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
11:43:08.0100 0x1758 DPS - ok
11:43:08.0178 0x1758 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:43:08.0178 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: B918E7C5F9BF77202F89E1A9539F2EB4, sha256: C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B
11:43:08.0209 0x1758 drmkaud - detected LockedFile.Multi.Generic ( 1 )
11:43:11.0080 0x1758 Detect skipped due to KSN trusted
11:43:11.0080 0x1758 drmkaud - ok
11:43:11.0282 0x1758 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:43:11.0282 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 71BC35067CABC02C9453AEAA42B2E43E, sha256: 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619
11:43:11.0298 0x1758 DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
11:43:14.0168 0x1758 Detect skipped due to KSN trusted
11:43:14.0168 0x1758 DXGKrnl - ok
11:43:14.0278 0x1758 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
11:43:14.0278 0x1758 EapHost - ok
11:43:14.0480 0x1758 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:43:14.0480 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbdx.sys. md5: 024E1B5CAC09731E4D868E64DBFB4AB0, sha256: AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994
11:43:14.0512 0x1758 ebdrv - detected LockedFile.Multi.Generic ( 1 )
11:43:17.0382 0x1758 Detect skipped due to KSN trusted
11:43:17.0382 0x1758 ebdrv - ok
11:43:17.0491 0x1758 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
11:43:17.0491 0x1758 EFS - ok
11:43:17.0632 0x1758 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:43:17.0647 0x1758 ehRecvr - ok
11:43:17.0710 0x1758 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
11:43:17.0710 0x1758 ehSched - ok
11:43:17.0803 0x1758 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:43:17.0803 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0ED67910C8C326796FAA00B2BF6D9D3C, sha256: 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8
11:43:17.0834 0x1758 elxstor - detected LockedFile.Multi.Generic ( 1 )
11:43:20.0721 0x1758 Detect skipped due to KSN trusted
11:43:20.0721 0x1758 elxstor - ok
11:43:20.0830 0x1758 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:43:20.0830 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 8FC3208352DD3912C94367A206AB3F11, sha256: 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02
11:43:20.0830 0x1758 ErrDev - detected LockedFile.Multi.Generic ( 1 )
11:43:23.0716 0x1758 Detect skipped due to KSN trusted
11:43:23.0716 0x1758 ErrDev - ok
11:43:23.0919 0x1758 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
11:43:23.0919 0x1758 EventSystem - ok
11:43:23.0981 0x1758 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
11:43:23.0981 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: 2DC9108D74081149CC8B651D3A26207F, sha256: 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176
11:43:23.0997 0x1758 exfat - detected LockedFile.Multi.Generic ( 1 )
11:43:26.0883 0x1758 Detect skipped due to KSN trusted
11:43:26.0883 0x1758 exfat - ok
11:43:26.0961 0x1758 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:43:26.0961 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 7E0AB74553476622FB6AE36F73D97D35, sha256: 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947
11:43:26.0976 0x1758 fastfat - detected LockedFile.Multi.Generic ( 1 )
11:43:29.0847 0x1758 Detect skipped due to KSN trusted
11:43:29.0847 0x1758 fastfat - ok
11:43:29.0971 0x1758 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
11:43:29.0987 0x1758 Fax - ok
11:43:30.0049 0x1758 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:43:30.0049 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: E817A017F82DF2A1F8CFDBDA29388B29, sha256: 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837
11:43:30.0049 0x1758 fdc - detected LockedFile.Multi.Generic ( 1 )
11:43:32.0951 0x1758 Detect skipped due to KSN trusted
11:43:32.0951 0x1758 fdc - ok
11:43:33.0060 0x1758 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
11:43:33.0060 0x1758 fdPHost - ok
11:43:33.0107 0x1758 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
11:43:33.0123 0x1758 FDResPub - ok
11:43:33.0169 0x1758 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:43:33.0169 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 6CF00369C97F3CF563BE99BE983D13D8, sha256: F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33
11:43:33.0201 0x1758 FileInfo - detected LockedFile.Multi.Generic ( 1 )
11:43:36.0087 0x1758 Detect skipped due to KSN trusted
11:43:36.0087 0x1758 FileInfo - ok
11:43:36.0180 0x1758 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:43:36.0180 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 42C51DC94C91DA21CB9196EB64C45DB9, sha256: 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635
11:43:36.0196 0x1758 Filetrace - detected LockedFile.Multi.Generic ( 1 )
11:43:39.0082 0x1758 Detect skipped due to KSN trusted
11:43:39.0082 0x1758 Filetrace - ok
11:43:39.0175 0x1758 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:43:39.0175 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: 87907AA70CB3C56600F1C2FB8841579B, sha256: CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979
11:43:39.0191 0x1758 flpydisk - detected LockedFile.Multi.Generic ( 1 )
11:43:42.0046 0x1758 Detect skipped due to KSN trusted
11:43:42.0046 0x1758 flpydisk - ok
11:43:42.0139 0x1758 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:43:42.0139 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: 7520EC808E0C35E0EE6F841294316653, sha256: 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67
11:43:42.0155 0x1758 FltMgr - detected LockedFile.Multi.Generic ( 1 )
11:43:45.0135 0x1758 Detect skipped due to KSN trusted
11:43:45.0135 0x1758 FltMgr - ok
11:43:45.0322 0x1758 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
11:43:45.0353 0x1758 FontCache - ok
11:43:45.0431 0x1758 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:43:45.0431 0x1758 FontCache3.0.0.0 - ok
11:43:45.0493 0x1758 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:43:45.0493 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: 1A16B57943853E598CFF37FE2B8CBF1D, sha256: 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E
11:43:45.0525 0x1758 FsDepends - detected LockedFile.Multi.Generic ( 1 )
11:43:48.0395 0x1758 Detect skipped due to KSN trusted
11:43:48.0395 0x1758 FsDepends - ok
11:43:48.0504 0x1758 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:43:48.0504 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 7DAE5EBCC80E45D3253F4923DC424D05, sha256: 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A
11:43:48.0504 0x1758 Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
11:43:51.0390 0x1758 Detect skipped due to KSN trusted
11:43:51.0390 0x1758 Fs_Rec - ok
11:43:51.0515 0x1758 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:43:51.0515 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: E306A24D9694C724FA2491278BF50FDB, sha256: 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091
11:43:51.0546 0x1758 fvevol - detected LockedFile.Multi.Generic ( 1 )
11:43:54.0432 0x1758 Detect skipped due to KSN trusted
11:43:54.0432 0x1758 fvevol - ok
11:43:54.0541 0x1758 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:43:54.0541 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 65EE0C7A58B65E74AE05637418153938, sha256: 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF
11:43:54.0588 0x1758 gagp30kx - detected LockedFile.Multi.Generic ( 1 )
11:43:57.0474 0x1758 Detect skipped due to KSN trusted
11:43:57.0474 0x1758 gagp30kx - ok
11:43:57.0599 0x1758 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
11:43:57.0615 0x1758 gpsvc - ok
11:43:57.0802 0x1758 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:57.0802 0x1758 gupdate - ok
11:43:57.0927 0x1758 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:57.0927 0x1758 gupdatem - ok
11:43:58.0005 0x1758 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:43:58.0005 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: C44E3C2BAB6837DB337DDEE7544736DB, sha256: 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D
11:43:58.0098 0x1758 hcw85cir - detected LockedFile.Multi.Generic ( 1 )
11:44:01.0078 0x1758 Detect skipped due to KSN trusted
11:44:01.0078 0x1758 hcw85cir - ok
11:44:01.0156 0x1758 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:44:01.0156 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: A5EF29D5315111C80A5C1ABAD14C8972, sha256: A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A
11:44:01.0187 0x1758 HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
11:44:04.0073 0x1758 Detect skipped due to KSN trusted
11:44:04.0073 0x1758 HdAudAddService - ok
11:44:04.0151 0x1758 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:44:04.0151 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 9036377B8A6C15DC2EEC53E489D159B5, sha256: 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B
11:44:04.0182 0x1758 HDAudBus - detected LockedFile.Multi.Generic ( 1 )
11:44:07.0068 0x1758 Detect skipped due to KSN trusted
11:44:07.0068 0x1758 HDAudBus - ok
11:44:07.0177 0x1758 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:44:07.0177 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 1D58A7F3E11A9731D0EAAAA8405ACC36, sha256: 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215
11:44:07.0209 0x1758 HidBatt - detected LockedFile.Multi.Generic ( 1 )
11:44:10.0079 0x1758 Detect skipped due to KSN trusted
11:44:10.0079 0x1758 HidBatt - ok
11:44:10.0204 0x1758 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:44:10.0204 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 89448F40E6DF260C206A193A4683BA78, sha256: 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C
11:44:10.0282 0x1758 HidBth - detected LockedFile.Multi.Generic ( 1 )
11:44:13.0152 0x1758 Detect skipped due to KSN trusted
11:44:13.0152 0x1758 HidBth - ok
11:44:13.0277 0x1758 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:44:13.0277 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: CF50B4CF4A4F229B9F3C08351F99CA5E, sha256: B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F
11:44:13.0308 0x1758 HidIr - detected LockedFile.Multi.Generic ( 1 )
11:44:16.0194 0x1758 Detect skipped due to KSN trusted
11:44:16.0194 0x1758 HidIr - ok
11:44:16.0335 0x1758 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
11:44:16.0335 0x1758 hidserv - ok
11:44:16.0459 0x1758 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:44:16.0459 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 10C19F8290891AF023EAEC0832E1EB4D, sha256: E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853
11:44:16.0491 0x1758 HidUsb - detected LockedFile.Multi.Generic ( 1 )
11:44:19.0377 0x1758 Detect skipped due to KSN trusted
11:44:19.0377 0x1758 HidUsb - ok
11:44:19.0517 0x1758 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
11:44:19.0517 0x1758 hkmsvc - ok
11:44:19.0595 0x1758 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:44:19.0611 0x1758 HomeGroupListener - ok
11:44:19.0657 0x1758 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:44:19.0673 0x1758 HomeGroupProvider - ok
11:44:19.0735 0x1758 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:44:19.0735 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 295FDC419039090EB8B49FFDBB374549, sha256: 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7
11:44:19.0751 0x1758 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
11:44:22.0621 0x1758 Detect skipped due to KSN trusted
11:44:22.0621 0x1758 HpSAMD - ok
11:44:22.0715 0x1758 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:44:22.0715 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 871917B07A141BFF43D76D8844D48106, sha256: 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987
11:44:22.0746 0x1758 HTTP - detected LockedFile.Multi.Generic ( 1 )
11:44:25.0617 0x1758 Detect skipped due to KSN trusted
11:44:25.0617 0x1758 HTTP - ok
11:44:25.0726 0x1758 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:44:25.0726 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: 0C4E035C7F105F1299258C90886C64C5, sha256: CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4
11:44:25.0726 0x1758 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
11:44:28.0612 0x1758 Detect skipped due to KSN trusted
11:44:28.0612 0x1758 hwpolicy - ok
11:44:28.0674 0x1758 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:44:28.0674 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: F151F0BDC47F4A28B1B20A0818EA36D6, sha256: 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79
11:44:28.0674 0x1758 i8042prt - detected LockedFile.Multi.Generic ( 1 )
11:44:31.0560 0x1758 Detect skipped due to KSN trusted
11:44:31.0560 0x1758 i8042prt - ok
11:44:31.0701 0x1758 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:44:31.0716 0x1758 IAANTMON - ok
11:44:31.0825 0x1758 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:44:31.0825 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: D483687EACE0C065EE772481A96E05F5, sha256: A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29
11:44:31.0872 0x1758 iaStor - detected LockedFile.Multi.Generic ( 1 )
11:44:34.0743 0x1758 Detect skipped due to KSN trusted
11:44:34.0743 0x1758 iaStor - ok
11:44:34.0899 0x1758 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:44:34.0899 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 5CD5F9A5444E6CDCB0AC89BD62D8B76E, sha256: 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0
11:44:34.0914 0x1758 iaStorV - detected LockedFile.Multi.Generic ( 1 )
11:44:37.0800 0x1758 Detect skipped due to KSN trusted
11:44:37.0800 0x1758 iaStorV - ok
11:44:37.0925 0x1758 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:44:37.0972 0x1758 idsvc - ok
11:44:38.0065 0x1758 IEEtwCollectorService - ok
11:44:38.0565 0x1758 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
11:44:38.0565 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\igdkmd32.sys. md5: 8266AE06DF974E5BA047B3E9E9E70B3F, sha256: 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2
11:44:38.0643 0x1758 igfx - detected LockedFile.Multi.Generic ( 1 )
11:44:41.0529 0x1758 Detect skipped due to KSN trusted
11:44:41.0529 0x1758 igfx - ok
11:44:41.0638 0x1758 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:44:41.0638 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 4173FF5708F3236CF25195FECD742915, sha256: 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D
11:44:41.0653 0x1758 iirsp - detected LockedFile.Multi.Generic ( 1 )
11:44:44.0539 0x1758 Detect skipped due to KSN trusted
11:44:44.0539 0x1758 iirsp - ok
11:44:44.0695 0x1758 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
11:44:44.0742 0x1758 IKEEXT - ok
11:44:44.0961 0x1758 [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:44:44.0961 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHDA.sys. md5: B29E79C67F3779E70BA187E31B639EBC, sha256: 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232
11:44:44.0992 0x1758 IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
11:44:47.0878 0x1758 Detect skipped due to KSN trusted
11:44:47.0878 0x1758 IntcAzAudAddService - ok
11:44:47.0987 0x1758 [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:44:47.0987 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IntcHdmi.sys. md5: E63CD0D9AA8D406CABDE5AA718936F40, sha256: FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733
11:44:48.0003 0x1758 IntcHdmiAddService - detected LockedFile.Multi.Generic ( 1 )
11:44:50.0873 0x1758 Detect skipped due to KSN trusted
11:44:50.0873 0x1758 IntcHdmiAddService - ok
11:44:50.0982 0x1758 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
11:44:50.0982 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: A0F12F2C9BA6C72F3987CE780E77C130, sha256: 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034
11:44:50.0982 0x1758 intelide - detected LockedFile.Multi.Generic ( 1 )
11:44:53.0868 0x1758 Detect skipped due to KSN trusted
11:44:53.0868 0x1758 intelide - ok
11:44:53.0962 0x1758 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:44:53.0962 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: 3B514D27BFC4ACCB4037BC6685F766E0, sha256: F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A
11:44:53.0993 0x1758 intelppm - detected LockedFile.Multi.Generic ( 1 )
11:44:56.0879 0x1758 Detect skipped due to KSN trusted
11:44:56.0879 0x1758 intelppm - ok
11:44:56.0988 0x1758 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:44:57.0004 0x1758 IPBusEnum - ok
11:44:57.0051 0x1758 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:44:57.0051 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 709D1761D3B19A932FF0238EA6D50200, sha256: 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823
11:44:57.0082 0x1758 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
11:44:59.0968 0x1758 Detect skipped due to KSN trusted
11:44:59.0968 0x1758 IpFilterDriver - ok
11:45:00.0108 0x1758 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:45:00.0155 0x1758 iphlpsvc - ok
11:45:00.0217 0x1758 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:45:00.0217 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 4BD7134618C1D2A27466A099062547BF, sha256: 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964
11:45:00.0233 0x1758 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
11:45:03.0103 0x1758 Detect skipped due to KSN trusted
11:45:03.0103 0x1758 IPMIDRV - ok
11:45:03.0213 0x1758 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:45:03.0213 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: A5FA468D67ABCDAA36264E463A7BB0CD, sha256: EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63
11:45:03.0213 0x1758 IPNAT - detected LockedFile.Multi.Generic ( 1 )
11:45:06.0083 0x1758 Detect skipped due to KSN trusted
11:45:06.0083 0x1758 IPNAT - ok
11:45:06.0130 0x1758 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:45:06.0130 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 42996CFF20A3084A56017B7902307E9F, sha256: 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D
11:45:06.0145 0x1758 IRENUM - detected LockedFile.Multi.Generic ( 1 )
11:45:09.0016 0x1758 Detect skipped due to KSN trusted
11:45:09.0016 0x1758 IRENUM - ok
11:45:09.0125 0x1758 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:45:09.0125 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 1F32BB6B38F62F7DF1A7AB7292638A35, sha256: 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F
11:45:09.0141 0x1758 isapnp - detected LockedFile.Multi.Generic ( 1 )
11:45:12.0011 0x1758 Detect skipped due to KSN trusted
11:45:12.0011 0x1758 isapnp - ok
11:45:12.0120 0x1758 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:45:12.0120 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: EB34CE31FABD4DC4343FD2AD16D2CAF9, sha256: D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C
11:45:12.0136 0x1758 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
11:45:15.0006 0x1758 Detect skipped due to KSN trusted
11:45:15.0006 0x1758 iScsiPrt - ok
11:45:15.0069 0x1758 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:45:15.0069 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdclass.sys. md5: ADEF52CA1AEAE82B50DF86B56413107E, sha256: A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2
11:45:15.0084 0x1758 kbdclass - detected LockedFile.Multi.Generic ( 1 )
11:45:18.0048 0x1758 Detect skipped due to KSN trusted
11:45:18.0048 0x1758 kbdclass - ok
11:45:18.0158 0x1758 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:45:18.0158 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdhid.sys. md5: 9E3CED91863E6EE98C24794D05E27A71, sha256: 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F
11:45:18.0173 0x1758 kbdhid - detected LockedFile.Multi.Generic ( 1 )
11:45:21.0044 0x1758 Detect skipped due to KSN trusted
11:45:21.0044 0x1758 kbdhid - ok
11:45:21.0090 0x1758 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
11:45:21.0090 0x1758 KeyIso - ok
11:45:21.0153 0x1758 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:45:21.0153 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 4120DA10AA42A9996F4575DB9E3E6E6E, sha256: 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8
11:45:21.0184 0x1758 KSecDD - detected LockedFile.Multi.Generic ( 1 )
11:45:24.0132 0x1758 Detect skipped due to KSN trusted
11:45:24.0132 0x1758 KSecDD - ok
11:45:24.0273 0x1758 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:45:24.0273 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: D3964885F0A11ACF51DA3AAA776973B2, sha256: 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA
11:45:24.0288 0x1758 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
11:45:27.0159 0x1758 Detect skipped due to KSN trusted
11:45:27.0159 0x1758 KSecPkg - ok
11:45:27.0284 0x1758 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:45:27.0315 0x1758 KtmRm - ok
11:45:27.0393 0x1758 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:45:27.0393 0x1758 LanmanServer - ok
11:45:27.0471 0x1758 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:45:27.0471 0x1758 LanmanWorkstation - ok
11:45:27.0580 0x1758 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:45:27.0580 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: F7611EC07349979DA9B0AE1F18CCC7A6, sha256: 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E
11:45:27.0596 0x1758 lltdio - detected LockedFile.Multi.Generic ( 1 )
11:45:30.0575 0x1758 Detect skipped due to KSN trusted
11:45:30.0575 0x1758 lltdio - ok
11:45:30.0731 0x1758 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:45:30.0747 0x1758 lltdsvc - ok
11:45:30.0809 0x1758 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:45:30.0809 0x1758 lmhosts - ok
11:45:30.0872 0x1758 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:45:30.0872 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: EB119A53CCF2ACC000AC71B065B78FEF, sha256: 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9
11:45:30.0887 0x1758 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
11:45:33.0773 0x1758 Detect skipped due to KSN trusted
11:45:33.0773 0x1758 LSI_FC - ok
11:45:33.0851 0x1758 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:45:33.0851 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 8ADE1C877256A22E49B75D1CC9161F9C, sha256: 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7
11:45:33.0867 0x1758 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
11:45:36.0737 0x1758 Detect skipped due to KSN trusted
11:45:36.0737 0x1758 LSI_SAS - ok
11:45:36.0784 0x1758 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:45:36.0784 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: DC9DC3D3DAA0E276FD2EC262E38B11E9, sha256: A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC
11:45:36.0800 0x1758 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
11:45:39.0966 0x1758 Detect skipped due to KSN trusted
11:45:39.0966 0x1758 LSI_SAS2 - ok
11:45:40.0029 0x1758 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:45:40.0044 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0A036C7D7CAB643A7F07135AC47E0524, sha256: 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8
11:45:40.0044 0x1758 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
11:45:42.0930 0x1758 Detect skipped due to KSN trusted
11:45:42.0930 0x1758 LSI_SCSI - ok
11:45:43.0055 0x1758 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
11:45:43.0055 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 6703E366CC18D3B6E534F5CF7DF39CEE, sha256: 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4
11:45:43.0071 0x1758 luafv - detected LockedFile.Multi.Generic ( 1 )
11:45:45.0926 0x1758 Detect skipped due to KSN trusted
11:45:45.0926 0x1758 luafv - ok
11:45:46.0004 0x1758 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:45:46.0019 0x1758 Mcx2Svc - ok
11:45:46.0066 0x1758 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:45:46.0066 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: 0FFF5B045293002AB38EB1FD1FC2FB74, sha256: 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374
11:45:46.0097 0x1758 megasas - detected LockedFile.Multi.Generic ( 1 )
11:45:48.0968 0x1758 Detect skipped due to KSN trusted
11:45:48.0968 0x1758 megasas - ok
11:45:49.0046 0x1758 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:45:49.0046 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: DCBAB2920C75F390CAF1D29F675D03D6, sha256: 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB
11:45:49.0077 0x1758 MegaSR - detected LockedFile.Multi.Generic ( 1 )
11:45:51.0963 0x1758 Detect skipped due to KSN trusted
11:45:51.0963 0x1758 MegaSR - ok
11:45:52.0025 0x1758 [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
11:45:52.0041 0x1758 Micro Star SCM - ok
11:45:52.0119 0x1758 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
11:45:52.0119 0x1758 MMCSS - ok
11:45:52.0166 0x1758 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
11:45:52.0166 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: F001861E5700EE84E2D4E52C712F4964, sha256: F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE
11:45:52.0197 0x1758 Modem - detected LockedFile.Multi.Generic ( 1 )
11:45:55.0083 0x1758 Detect skipped due to KSN trusted
11:45:55.0083 0x1758 Modem - ok
11:45:55.0130 0x1758 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:45:55.0130 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: 79D10964DE86B292320E9DFE02282A23, sha256: 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72
11:45:55.0145 0x1758 monitor - detected LockedFile.Multi.Generic ( 1 )
11:45:58.0016 0x1758 Detect skipped due to KSN trusted
11:45:58.0016 0x1758 monitor - ok
11:45:58.0109 0x1758 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:45:58.0109 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mouclass.sys. md5: FB18CC1D4C2E716B6B903B0AC0CC0609, sha256: F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E
11:45:58.0125 0x1758 mouclass - detected LockedFile.Multi.Generic ( 1 )
11:46:00.0995 0x1758 Detect skipped due to KSN trusted
11:46:00.0995 0x1758 mouclass - ok
11:46:01.0026 0x1758 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:46:01.0026 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: 2C388D2CD01C9042596CF3C8F3C7B24D, sha256: B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703
11:46:01.0042 0x1758 mouhid - detected LockedFile.Multi.Generic ( 1 )
11:46:03.0912 0x1758 Detect skipped due to KSN trusted
11:46:03.0912 0x1758 mouhid - ok
11:46:04.0022 0x1758 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:46:04.0022 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: FC8771F45ECCCFD89684E38842539B9B, sha256: 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A
11:46:04.0037 0x1758 mountmgr - detected LockedFile.Multi.Generic ( 1 )
11:46:06.0908 0x1758 Detect skipped due to KSN trusted
11:46:06.0908 0x1758 mountmgr - ok
11:46:07.0017 0x1758 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
11:46:07.0017 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: 2D699FB6E89CE0D8DA14ECC03B3EDFE0, sha256: D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420
11:46:07.0032 0x1758 mpio - detected LockedFile.Multi.Generic ( 1 )
11:46:09.0887 0x1758 Detect skipped due to KSN trusted
11:46:09.0887 0x1758 mpio - ok
11:46:09.0981 0x1758 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:46:09.0981 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: AD2723A7B53DD1AACAE6AD8C0BFBF4D0, sha256: 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2
11:46:09.0996 0x1758 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
11:46:12.0882 0x1758 Detect skipped due to KSN trusted
11:46:12.0882 0x1758 mpsdrv - ok
11:46:13.0116 0x1758 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:46:13.0163 0x1758 MpsSvc - ok
11:46:13.0226 0x1758 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:46:13.0226 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 21F4B24ACFC79A483515BD986DD9043F, sha256: 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA
11:46:13.0272 0x1758 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
11:46:16.0221 0x1758 Detect skipped due to KSN trusted
11:46:16.0221 0x1758 MRxDAV - ok
11:46:16.0283 0x1758 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:46:16.0283 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 5D16C921E3671636C0EBA3BBAAC5FD25, sha256: 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C
11:46:16.0299 0x1758 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
11:46:19.0185 0x1758 Detect skipped due to KSN trusted
11:46:19.0185 0x1758 mrxsmb - ok
11:46:19.0247 0x1758 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:19.0247 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 6D17A4791ACA19328C685D256349FEFC, sha256: 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668
11:46:19.0247 0x1758 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
11:46:22.0133 0x1758 Detect skipped due to KSN trusted
11:46:22.0133 0x1758 mrxsmb10 - ok
11:46:22.0227 0x1758 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:22.0227 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: B81F204D146000BE76651A50670A5E9E, sha256: 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17
11:46:22.0258 0x1758 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
11:46:32.0273 0x1758 Object is SCO, delete is not allowed
11:46:32.0273 0x1758 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
11:46:32.0273 0x1758 Force sending object to P2P due to detect: mrxsmb20
11:46:36.0251 0x1758 Object send P2P result: true
11:46:39.0200 0x1758 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
11:46:39.0200 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: 012C5F4E9349E711E11E0F19A8589F0A, sha256: 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584
11:46:39.0215 0x1758 msahci - detected LockedFile.Multi.Generic ( 1 )
11:46:42.0257 0x1758 Detect skipped due to KSN trusted
11:46:42.0257 0x1758 msahci - ok
11:46:42.0351 0x1758 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:46:42.0351 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: 55055F8AD8BE27A64C831322A780A228, sha256: C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304
11:46:42.0366 0x1758 msdsm - detected LockedFile.Multi.Generic ( 1 )
11:46:45.0237 0x1758 Detect skipped due to KSN trusted
11:46:45.0237 0x1758 msdsm - ok
11:46:45.0346 0x1758 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
11:46:45.0362 0x1758 MSDTC - ok
11:46:45.0440 0x1758 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:46:45.0440 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: DAEFB28E3AF5A76ABCC2C3078C07327F, sha256: 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF
11:46:45.0455 0x1758 Msfs - detected LockedFile.Multi.Generic ( 1 )
11:46:48.0341 0x1758 Detect skipped due to KSN trusted
11:46:48.0341 0x1758 Msfs - ok
11:46:48.0388 0x1758 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:46:48.0388 0x1758 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: 3E1E5767043C5AF9367F0056295E9F84, sha256: B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70
11:46:48.0388 0x1758 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
11:46:51.0274 0x1758 Detect skipped due to KSN trusted
11:46:51.0274 0x1758 mshidkmdf - ok
11:46:51.0414 0x1758 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:46:51.0414 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: 0A4E5757AE09FA9622E3158CC1AEF114, sha256: ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54
11:46:51.0446 0x1758 msisadrv - detected LockedFile.Multi.Generic ( 1 )
11:46:54.0519 0x1758 Detect skipped due to KSN trusted
11:46:54.0519 0x1758 msisadrv - ok
11:46:54.0628 0x1758 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:46:54.0628 0x1758 MSiSCSI - ok
11:46:54.0675 0x1758 msiserver - ok
11:46:54.0737 0x1758 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:46:54.0737 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 8C0860D6366AAFFB6C5BB9DF9448E631, sha256: 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77
11:46:54.0768 0x1758 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
11:46:57.0639 0x1758 Detect skipped due to KSN trusted
11:46:57.0639 0x1758 MSKSSRV - ok
11:46:57.0717 0x1758 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:57.0717 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: 3EA8B949F963562CEDBB549EAC0C11CE, sha256: 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D
11:46:57.0717 0x1758 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
11:47:00.0603 0x1758 Detect skipped due to KSN trusted
11:47:00.0603 0x1758 MSPCLOCK - ok
11:47:00.0665 0x1758 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:47:00.0665 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: F456E973590D663B1073E9C463B40932, sha256: 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11
11:47:00.0681 0x1758 MSPQM - detected LockedFile.Multi.Generic ( 1 )
11:47:03.0551 0x1758 Detect skipped due to KSN trusted
11:47:03.0551 0x1758 MSPQM - ok
11:47:03.0660 0x1758 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:47:03.0660 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 0E008FC4819D238C51D7C93E7B41E560, sha256: 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2
11:47:03.0676 0x1758 MsRPC - detected LockedFile.Multi.Generic ( 1 )
11:47:06.0531 0x1758 Detect skipped due to KSN trusted
11:47:06.0531 0x1758 MsRPC - ok
11:47:06.0640 0x1758 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:47:06.0640 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: FC6B9FF600CC585EA38B12589BD4E246, sha256: F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A
11:47:06.0640 0x1758 mssmbios - detected LockedFile.Multi.Generic ( 1 )
11:47:09.0526 0x1758 Detect skipped due to KSN trusted
11:47:09.0526 0x1758 mssmbios - ok
11:47:09.0620 0x1758 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:47:09.0620 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: B42C6B921F61A6E55159B8BE6CD54A36, sha256: 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C
11:47:09.0635 0x1758 MSTEE - detected LockedFile.Multi.Generic ( 1 )
11:47:12.0506 0x1758 Detect skipped due to KSN trusted
11:47:12.0506 0x1758 MSTEE - ok
11:47:12.0599 0x1758 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:47:12.0599 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 33599130F44E1F34631CEA241DE8AC84, sha256: E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B
11:47:12.0615 0x1758 MTConfig - detected LockedFile.Multi.Generic ( 1 )
11:47:15.0485 0x1758 Detect skipped due to KSN trusted
11:47:15.0485 0x1758 MTConfig - ok
11:47:15.0595 0x1758 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
11:47:15.0595 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: 159FAD02F64E6381758C990F753BCC80, sha256: E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598
11:47:15.0610 0x1758 Mup - detected LockedFile.Multi.Generic ( 1 )
11:47:18.0683 0x1758 Detect skipped due to KSN trusted
11:47:18.0683 0x1758 Mup - ok
11:47:18.0824 0x1758 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
11:47:18.0855 0x1758 napagent - ok
11:47:18.0933 0x1758 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:47:18.0933 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 26384429FCD85D83746F63E798AB1480, sha256: 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB
11:47:18.0980 0x1758 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
11:47:21.0835 0x1758 Detect skipped due to KSN trusted
11:47:21.0835 0x1758 NativeWifiP - ok
11:47:21.0975 0x1758 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:47:21.0975 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 8C9C922D71F1CD4DEF73F186416B7896, sha256: 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7
11:47:21.0991 0x1758 NDIS - detected LockedFile.Multi.Generic ( 1 )
11:47:24.0877 0x1758 Detect skipped due to KSN trusted
11:47:24.0877 0x1758 NDIS - ok
11:47:24.0970 0x1758 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:47:24.0970 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 0E1787AA6C9191D3D319E8BAFE86F80C, sha256: F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278
11:47:25.0001 0x1758 NdisCap - detected LockedFile.Multi.Generic ( 1 )
11:47:27.0934 0x1758 Detect skipped due to KSN trusted
11:47:27.0934 0x1758 NdisCap - ok
11:47:28.0028 0x1758 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:28.0028 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: E4A8AEC125A2E43A9E32AFEEA7C9C888, sha256: 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55
11:47:28.0043 0x1758 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
11:47:30.0914 0x1758 Detect skipped due to KSN trusted
11:47:30.0914 0x1758 NdisTapi - ok
11:47:31.0023 0x1758 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:31.0023 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: D8A65DAFB3EB41CBB622745676FCD072, sha256: 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7
11:47:31.0039 0x1758 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
11:47:33.0925 0x1758 Detect skipped due to KSN trusted
11:47:33.0925 0x1758 Ndisuio - ok
11:47:34.0018 0x1758 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:34.0018 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 38FBE267E7E6983311179230FACB1017, sha256: CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14
11:47:34.0049 0x1758 NdisWan - detected LockedFile.Multi.Generic ( 1 )
11:47:36.0920 0x1758 Detect skipped due to KSN trusted
11:47:36.0920 0x1758 NdisWan - ok
11:47:37.0045 0x1758 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:47:37.0045 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: A4BDC541E69674FBFF1A8FF00BE913F2, sha256: 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA
11:47:37.0060 0x1758 NDProxy - detected LockedFile.Multi.Generic ( 1 )
11:47:39.0915 0x1758 Detect skipped due to KSN trusted
11:47:39.0915 0x1758 NDProxy - ok
11:47:39.0962 0x1758 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:47:39.0962 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 80B275B1CE3B0E79909DB7B39AF74D51, sha256: 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796
11:47:39.0977 0x1758 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
11:47:42.0957 0x1758 Detect skipped due to KSN trusted
11:47:42.0957 0x1758 NetBIOS - ok
11:47:43.0066 0x1758 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:47:43.0066 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 280122DDCF04B378EDD1AD54D71C1E54, sha256: F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0
11:47:43.0097 0x1758 NetBT - detected LockedFile.Multi.Generic ( 1 )
11:47:45.0968 0x1758 Detect skipped due to KSN trusted
11:47:45.0968 0x1758 NetBT - ok
11:47:46.0046 0x1758 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
11:47:46.0046 0x1758 Netlogon - ok
11:47:46.0139 0x1758 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
11:47:46.0155 0x1758 Netman - ok
11:47:46.0217 0x1758 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0233 0x1758 NetMsmqActivator - ok
11:47:46.0264 0x1758 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0280 0x1758 NetPipeActivator - ok
11:47:46.0358 0x1758 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
11:47:46.0405 0x1758 netprofm - ok
11:47:46.0436 0x1758 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0451 0x1758 NetTcpActivator - ok
11:47:46.0483 0x1758 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0498 0x1758 NetTcpPortSharing - ok
11:47:46.0545 0x1758 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:47:46.0545 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 1D85C4B390B0EE09C7A46B91EFB2C097, sha256: 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348
11:47:46.0576 0x1758 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
11:47:49.0447 0x1758 Detect skipped due to KSN trusted
11:47:49.0447 0x1758 nfrd960 - ok
11:47:49.0618 0x1758 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:47:49.0634 0x1758 NlaSvc - ok
11:47:49.0681 0x1758 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:47:49.0696 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1DB262A9F8C087E8153D89BEF3D2235F, sha256: A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101
11:47:49.0696 0x1758 Npfs - detected LockedFile.Multi.Generic ( 1 )
11:47:52.0582 0x1758 Detect skipped due to KSN trusted
11:47:52.0582 0x1758 Npfs - ok
11:47:52.0660 0x1758 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
11:47:52.0676 0x1758 nsi - ok
11:47:52.0707 0x1758 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:47:52.0707 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E9A0A4D07E53D8FEA2BB8387A3293C58, sha256: 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A
11:47:52.0723 0x1758 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
11:47:55.0577 0x1758 Detect skipped due to KSN trusted
11:47:55.0593 0x1758 nsiproxy - ok
11:47:55.0733 0x1758 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:47:55.0733 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: C8DFF8D07755A66C7A4A738930F0FEAC, sha256: A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA
11:47:55.0749 0x1758 Ntfs - detected LockedFile.Multi.Generic ( 1 )
11:47:58.0682 0x1758 Detect skipped due to KSN trusted
11:47:58.0682 0x1758 Ntfs - ok
11:47:58.0775 0x1758 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
11:47:58.0775 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: F9756A98D69098DCA8945D62858A812C, sha256: 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045
11:47:58.0775 0x1758 Null - detected LockedFile.Multi.Generic ( 1 )
11:48:01.0646 0x1758 Detect skipped due to KSN trusted
11:48:01.0646 0x1758 Null - ok
11:48:01.0755 0x1758 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:48:01.0755 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: B3E25EE28883877076E0E1FF877D02E0, sha256: 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C
11:48:01.0771 0x1758 nvraid - detected LockedFile.Multi.Generic ( 1 )
11:48:04.0657 0x1758 Detect skipped due to KSN trusted
11:48:04.0657 0x1758 nvraid - ok
11:48:04.0735 0x1758 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:48:04.0735 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: 4380E59A170D88C4F1022EFF6719A8A4, sha256: 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2
11:48:04.0750 0x1758 nvstor - detected LockedFile.Multi.Generic ( 1 )
11:48:07.0605 0x1758 Detect skipped due to KSN trusted
11:48:07.0605 0x1758 nvstor - ok
11:48:07.0683 0x1758 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:48:07.0683 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 5A0983915F02BAE73267CC2A041F717D, sha256: D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8
11:48:07.0683 0x1758 nv_agp - detected LockedFile.Multi.Generic ( 1 )
11:48:10.0553 0x1758 Detect skipped due to KSN trusted
11:48:10.0553 0x1758 nv_agp - ok
11:48:10.0631 0x1758 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:48:10.0631 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 08A70A1F2CDDE9BB49B885CB817A66EB, sha256: 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63
11:48:10.0631 0x1758 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
11:48:13.0502 0x1758 Detect skipped due to KSN trusted
11:48:13.0502 0x1758 ohci1394 - ok
11:48:13.0689 0x1758 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:13.0705 0x1758 ose - ok
11:48:14.0032 0x1758 [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:14.0282 0x1758 osppsvc - ok
11:48:14.0375 0x1758 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:48:14.0407 0x1758 p2pimsvc - ok
11:48:14.0469 0x1758 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
11:48:14.0500 0x1758 p2psvc - ok
11:48:14.0547 0x1758 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:48:14.0547 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 2EA877ED5DD9713C5AC74E8EA7348D14, sha256: 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE
11:48:14.0578 0x1758 Parport - detected LockedFile.Multi.Generic ( 1 )
11:48:17.0558 0x1758 Detect skipped due to KSN trusted
11:48:17.0558 0x1758 Parport - ok
11:48:17.0667 0x1758 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:48:17.0667 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 3F34A1B4C5F6475F320C275E63AFCE9B, sha256: 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B
11:48:17.0667 0x1758 partmgr - detected LockedFile.Multi.Generic ( 1 )
11:48:20.0553 0x1758 Detect skipped due to KSN trusted
11:48:20.0553 0x1758 partmgr - ok
11:48:20.0631 0x1758 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:48:20.0631 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parvdm.sys. md5: EB0A59F29C19B86479D36B35983DAADC, sha256: AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8
11:48:20.0631 0x1758 Parvdm - detected LockedFile.Multi.Generic ( 1 )
11:48:23.0501 0x1758 Detect skipped due to KSN trusted
11:48:23.0501 0x1758 Parvdm - ok
11:48:23.0595 0x1758 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
|
|
09.07.2014, 13:59
| #9 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr das ist die Fortsetzung vom zweiten Text Der war zu lang Code:
ATTFilter 11:48:23.0611 0x1758 PcaSvc - ok
11:48:23.0689 0x1758 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
11:48:23.0689 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 673E55C3498EB970088E812EA820AA8F, sha256: 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5
11:48:23.0689 0x1758 pci - detected LockedFile.Multi.Generic ( 1 )
11:48:26.0559 0x1758 Detect skipped due to KSN trusted
11:48:26.0559 0x1758 pci - ok
11:48:26.0684 0x1758 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
11:48:26.0684 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: AFE86F419014DB4E5593F69FFE26CE0A, sha256: CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00
11:48:26.0684 0x1758 pciide - detected LockedFile.Multi.Generic ( 1 )
11:48:29.0554 0x1758 Detect skipped due to KSN trusted
11:48:29.0554 0x1758 pciide - ok
11:48:29.0648 0x1758 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:48:29.0648 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: F396431B31693E71E8A80687EF523506, sha256: BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B
11:48:29.0648 0x1758 pcmcia - detected LockedFile.Multi.Generic ( 1 )
11:48:32.0518 0x1758 Detect skipped due to KSN trusted
11:48:32.0518 0x1758 pcmcia - ok
11:48:32.0627 0x1758 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
11:48:32.0627 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: 250F6B43D2B613172035C6747AEEB19F, sha256: A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9
11:48:32.0627 0x1758 pcw - detected LockedFile.Multi.Generic ( 1 )
11:48:35.0685 0x1758 Detect skipped due to KSN trusted
11:48:35.0685 0x1758 pcw - ok
11:48:35.0810 0x1758 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:48:35.0810 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 9E0104BA49F4E6973749A02BF41344ED, sha256: B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116
11:48:35.0841 0x1758 PEAUTH - detected LockedFile.Multi.Generic ( 1 )
11:48:38.0711 0x1758 Detect skipped due to KSN trusted
11:48:38.0711 0x1758 PEAUTH - ok
11:48:38.0945 0x1758 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
11:48:39.0039 0x1758 pla - ok
11:48:39.0117 0x1758 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:48:39.0148 0x1758 PlugPlay - ok
11:48:39.0226 0x1758 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:48:39.0226 0x1758 PNRPAutoReg - ok
11:48:39.0289 0x1758 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:48:39.0304 0x1758 PNRPsvc - ok
11:48:39.0398 0x1758 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:48:39.0429 0x1758 PolicyAgent - ok
11:48:39.0507 0x1758 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
11:48:39.0507 0x1758 Power - ok
11:48:39.0569 0x1758 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:48:39.0569 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 631E3E205AD6D86F2AED6A4A8E69F2DB, sha256: 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065
11:48:39.0585 0x1758 PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
11:48:42.0471 0x1758 Detect skipped due to KSN trusted
11:48:42.0471 0x1758 PptpMiniport - ok
11:48:42.0658 0x1758 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:48:42.0658 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 85B1E3A0C7585BC4AAE6899EC6FCF011, sha256: 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3
11:48:42.0658 0x1758 Processor - detected LockedFile.Multi.Generic ( 1 )
11:48:45.0529 0x1758 Detect skipped due to KSN trusted
11:48:45.0529 0x1758 Processor - ok
11:48:45.0653 0x1758 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:48:45.0669 0x1758 ProfSvc - ok
11:48:45.0716 0x1758 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:45.0716 0x1758 ProtectedStorage - ok
11:48:45.0778 0x1758 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:48:45.0778 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 6270CCAE2A86DE6D146529FE55B3246A, sha256: 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883
11:48:45.0809 0x1758 Psched - detected LockedFile.Multi.Generic ( 1 )
11:48:48.0695 0x1758 Detect skipped due to KSN trusted
11:48:48.0695 0x1758 Psched - ok
11:48:48.0820 0x1758 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:48:48.0820 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: AB95ECF1F6659A60DDC166D8315B0751, sha256: 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D
11:48:48.0851 0x1758 ql2300 - detected LockedFile.Multi.Generic ( 1 )
11:48:51.0737 0x1758 Detect skipped due to KSN trusted
11:48:51.0737 0x1758 ql2300 - ok
11:48:51.0847 0x1758 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:48:51.0847 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: B4DD51DD25182244B86737DC51AF2270, sha256: 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B
11:48:51.0862 0x1758 ql40xx - detected LockedFile.Multi.Generic ( 1 )
11:48:54.0717 0x1758 Detect skipped due to KSN trusted
11:48:54.0717 0x1758 ql40xx - ok
11:48:54.0811 0x1758 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
11:48:54.0842 0x1758 QWAVE - ok
11:48:54.0904 0x1758 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:48:54.0904 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 584078CA1B95CA72DF2A27C336F9719D, sha256: 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121
11:48:54.0920 0x1758 QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
11:48:57.0806 0x1758 Detect skipped due to KSN trusted
11:48:57.0806 0x1758 QWAVEdrv - ok
11:48:57.0993 0x1758 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:48:57.0993 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 30A81B53C766D0133BB86D234E5556AB, sha256: 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090
11:48:58.0009 0x1758 RasAcd - detected LockedFile.Multi.Generic ( 1 )
11:49:00.0879 0x1758 Detect skipped due to KSN trusted
11:49:00.0879 0x1758 RasAcd - ok
11:49:00.0973 0x1758 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:49:00.0973 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 57EC4AEF73660166074D8F7F31C0D4FD, sha256: C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF
11:49:00.0988 0x1758 RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
11:49:03.0859 0x1758 Detect skipped due to KSN trusted
11:49:03.0859 0x1758 RasAgileVpn - ok
11:49:03.0968 0x1758 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
11:49:03.0968 0x1758 RasAuto - ok
11:49:04.0015 0x1758 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:49:04.0015 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: D9F91EAFEC2815365CBE6D167E4E332A, sha256: 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C
11:49:04.0015 0x1758 Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
11:49:06.0901 0x1758 Detect skipped due to KSN trusted
11:49:06.0901 0x1758 Rasl2tp - ok
11:49:07.0041 0x1758 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
11:49:07.0057 0x1758 RasMan - ok
11:49:07.0104 0x1758 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:49:07.0104 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 0FE8B15916307A6AC12BFB6A63E45507, sha256: 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E
11:49:07.0135 0x1758 RasPppoe - detected LockedFile.Multi.Generic ( 1 )
11:49:10.0021 0x1758 Detect skipped due to KSN trusted
11:49:10.0021 0x1758 RasPppoe - ok
11:49:10.0099 0x1758 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:49:10.0099 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: 44101F495A83EA6401D886E7FD70096B, sha256: 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A
11:49:10.0099 0x1758 RasSstp - detected LockedFile.Multi.Generic ( 1 )
11:49:12.0985 0x1758 Detect skipped due to KSN trusted
11:49:12.0985 0x1758 RasSstp - ok
11:49:13.0125 0x1758 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:49:13.0125 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: D528BC58A489409BA40334EBF96A311B, sha256: C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61
11:49:13.0141 0x1758 rdbss - detected LockedFile.Multi.Generic ( 1 )
11:49:16.0027 0x1758 Detect skipped due to KSN trusted
11:49:16.0027 0x1758 rdbss - ok
11:49:16.0105 0x1758 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:49:16.0105 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 0D8F05481CB76E70E1DA06EE9F0DA9DF, sha256: 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB
11:49:16.0120 0x1758 rdpbus - detected LockedFile.Multi.Generic ( 1 )
11:49:19.0006 0x1758 Detect skipped due to KSN trusted
11:49:19.0006 0x1758 rdpbus - ok
11:49:19.0053 0x1758 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:49:19.0069 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 23DAE03F29D253AE74C44F99E515F9A1, sha256: 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430
11:49:19.0084 0x1758 RDPCDD - detected LockedFile.Multi.Generic ( 1 )
11:49:21.0955 0x1758 Detect skipped due to KSN trusted
11:49:21.0955 0x1758 RDPCDD - ok
11:49:22.0048 0x1758 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:49:22.0048 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: 5A53CA1598DD4156D44196D200C94B8A, sha256: 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4
11:49:22.0064 0x1758 RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
11:49:24.0950 0x1758 Detect skipped due to KSN trusted
11:49:24.0950 0x1758 RDPENCDD - ok
11:49:25.0028 0x1758 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:49:25.0028 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 44B0A53CD4F27D50ED461DAE0C0B4E1F, sha256: CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91
11:49:25.0044 0x1758 RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
11:49:28.0117 0x1758 Detect skipped due to KSN trusted
11:49:28.0117 0x1758 RDPREFMP - ok
11:49:28.0226 0x1758 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:49:28.0226 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: F031683E6D1FEA157ABB2FF260B51E61, sha256: 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3
11:49:28.0226 0x1758 RDPWD - detected LockedFile.Multi.Generic ( 1 )
11:49:31.0299 0x1758 Detect skipped due to KSN trusted
11:49:31.0299 0x1758 RDPWD - ok
11:49:31.0424 0x1758 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:49:31.0424 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 518395321DC96FE2C9F0E96AC743B656, sha256: 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776
11:49:31.0455 0x1758 rdyboost - detected LockedFile.Multi.Generic ( 1 )
11:49:34.0326 0x1758 Detect skipped due to KSN trusted
11:49:34.0326 0x1758 rdyboost - ok
11:49:34.0482 0x1758 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:49:34.0482 0x1758 RemoteAccess - ok
11:49:34.0544 0x1758 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:49:34.0560 0x1758 RemoteRegistry - ok
11:49:34.0638 0x1758 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:49:34.0638 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: CB928D9E6DAF51879DD6BA8D02F01321, sha256: DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12
11:49:34.0653 0x1758 RFCOMM - detected LockedFile.Multi.Generic ( 1 )
11:49:37.0602 0x1758 Detect skipped due to KSN trusted
11:49:37.0602 0x1758 RFCOMM - ok
11:49:37.0758 0x1758 [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
11:49:37.0758 0x1758 RichVideo - ok
11:49:37.0836 0x1758 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:49:37.0851 0x1758 RpcEptMapper - ok
11:49:37.0914 0x1758 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
11:49:37.0914 0x1758 RpcLocator - ok
11:49:37.0992 0x1758 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
11:49:38.0007 0x1758 RpcSs - ok
11:49:38.0070 0x1758 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:49:38.0070 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 032B0D36AD92B582D869879F5AF5B928, sha256: 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184
11:49:38.0101 0x1758 rspndr - detected LockedFile.Multi.Generic ( 1 )
11:49:40.0971 0x1758 Detect skipped due to KSN trusted
11:49:40.0971 0x1758 rspndr - ok
11:49:41.0096 0x1758 [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:49:41.0096 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 96F8DD546677AA5102150ACC140377B3, sha256: 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5
11:49:41.0112 0x1758 RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
11:49:43.0998 0x1758 Detect skipped due to KSN trusted
11:49:43.0998 0x1758 RSUSBSTOR - ok
11:49:44.0216 0x1758 [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
11:49:44.0216 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt86win7.sys. md5: 26A9D6227D12B9D9DA5A81BB9B55D810, sha256: 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9
11:49:44.0232 0x1758 RTL8167 - detected LockedFile.Multi.Generic ( 1 )
11:49:47.0102 0x1758 Detect skipped due to KSN trusted
11:49:47.0102 0x1758 RTL8167 - ok
11:49:47.0242 0x1758 [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
11:49:47.0242 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rtl8192se.sys. md5: B5E9979FBB26FC059BD87A81F763D5DA, sha256: 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D
11:49:47.0258 0x1758 rtl8192se - detected LockedFile.Multi.Generic ( 1 )
11:49:50.0238 0x1758 Detect skipped due to KSN trusted
11:49:50.0238 0x1758 rtl8192se - ok
11:49:50.0316 0x1758 RtsUIR - ok
11:49:50.0378 0x1758 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
11:49:50.0378 0x1758 SamSs - ok
11:49:50.0440 0x1758 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:49:50.0440 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: 05D860DA1040F111503AC416CCEF2BCA, sha256: DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E
11:49:50.0472 0x1758 sbp2port - detected LockedFile.Multi.Generic ( 1 )
11:49:53.0342 0x1758 Detect skipped due to KSN trusted
11:49:53.0342 0x1758 sbp2port - ok
11:49:53.0467 0x1758 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:49:53.0482 0x1758 SCardSvr - ok
11:49:53.0529 0x1758 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:49:53.0529 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 0693B5EC673E34DC147E195779A4DCF6, sha256: AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670
11:49:53.0545 0x1758 scfilter - detected LockedFile.Multi.Generic ( 1 )
11:49:56.0431 0x1758 Detect skipped due to KSN trusted
11:49:56.0431 0x1758 scfilter - ok
11:49:56.0556 0x1758 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
11:49:56.0602 0x1758 Schedule - ok
11:49:56.0665 0x1758 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:49:56.0680 0x1758 SCPolicySvc - ok
11:49:56.0727 0x1758 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:49:56.0743 0x1758 SDRSVC - ok
11:49:56.0790 0x1758 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:49:56.0805 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 90A3935D05B494A5A39D37E71F09A677, sha256: F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952
11:49:56.0836 0x1758 secdrv - detected LockedFile.Multi.Generic ( 1 )
11:49:59.0816 0x1758 Detect skipped due to KSN trusted
11:49:59.0816 0x1758 secdrv - ok
11:49:59.0941 0x1758 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
11:49:59.0941 0x1758 seclogon - ok
11:49:59.0988 0x1758 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
11:49:59.0988 0x1758 SENS - ok
11:50:00.0050 0x1758 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:50:00.0050 0x1758 SensrSvc - ok
11:50:00.0097 0x1758 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:50:00.0097 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: 9AD8B8B515E3DF6ACD4212EF465DE2D1, sha256: E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86
11:50:00.0112 0x1758 Serenum - detected LockedFile.Multi.Generic ( 1 )
11:50:03.0778 0x1758 Detect skipped due to KSN trusted
11:50:03.0778 0x1758 Serenum - ok
11:50:03.0903 0x1758 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:50:03.0903 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: 5FB7FCEA0490D821F26F39CC5EA3D1E2, sha256: A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F
11:50:03.0919 0x1758 Serial - detected LockedFile.Multi.Generic ( 1 )
11:50:06.0789 0x1758 Detect skipped due to KSN trusted
11:50:06.0789 0x1758 Serial - ok
11:50:06.0930 0x1758 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:50:06.0930 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 79BFFB520327FF916A582DFEA17AA813, sha256: 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C
11:50:06.0930 0x1758 sermouse - detected LockedFile.Multi.Generic ( 1 )
11:50:10.0003 0x1758 Detect skipped due to KSN trusted
11:50:10.0003 0x1758 sermouse - ok
11:50:10.0221 0x1758 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
11:50:10.0237 0x1758 SessionEnv - ok
11:50:10.0284 0x1758 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:50:10.0284 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: 9F976E1EB233DF46FCE808D9DEA3EB9C, sha256: 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75
11:50:10.0315 0x1758 sffdisk - detected LockedFile.Multi.Generic ( 1 )
11:50:13.0216 0x1758 Detect skipped due to KSN trusted
11:50:13.0216 0x1758 sffdisk - ok
11:50:13.0450 0x1758 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:50:13.0450 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 932A68EE27833CFD57C1639D375F2731, sha256: 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3
11:50:13.0482 0x1758 sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
11:50:16.0368 0x1758 Detect skipped due to KSN trusted
11:50:16.0368 0x1758 sffp_mmc - ok
11:50:16.0477 0x1758 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:50:16.0477 0x1758 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: 6D4CCAEDC018F1CF52866BBBAA235982, sha256: AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131
11:50:16.0602 0x1758 sffp_sd - detected LockedFile.Multi.Generic ( 1 )
11:50:19.0488 0x1758 Detect skipped due to KSN trusted
11:50:19.0488 0x1758 sffp_sd - ok
11:50:19.0690 0x1758 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:50:19.0706 0x1758 sfloppy - ok
11:50:19.0893 0x1758 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:50:19.0909 0x1758 SharedAccess - ok
11:50:20.0190 0x1758 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:50:20.0205 0x1758 ShellHWDetection - ok
11:50:20.0330 0x1758 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:50:20.0330 0x1758 sisagp - ok
11:50:20.0439 0x1758 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:50:20.0439 0x1758 SiSRaid2 - ok
11:50:20.0517 0x1758 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:50:20.0533 0x1758 SiSRaid4 - ok
11:50:20.0595 0x1758 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:50:20.0595 0x1758 Smb - ok
11:50:20.0704 0x1758 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:50:20.0704 0x1758 SNMPTRAP - ok
11:50:20.0798 0x1758 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
11:50:20.0798 0x1758 spldr - ok
11:50:20.0876 0x1758 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
11:50:20.0907 0x1758 Spooler - ok
11:50:21.0172 0x1758 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
11:50:21.0282 0x1758 sppsvc - ok
11:50:21.0406 0x1758 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:50:21.0422 0x1758 sppuinotify - ok
11:50:21.0500 0x1758 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:50:21.0500 0x1758 srv - ok
11:50:21.0562 0x1758 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:50:21.0562 0x1758 srv2 - ok
11:50:21.0609 0x1758 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:50:21.0625 0x1758 srvnet - ok
11:50:21.0687 0x1758 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
11:50:21.0687 0x1758 ssadbus - ok
11:50:21.0765 0x1758 [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:50:21.0765 0x1758 ssadmdfl - ok
11:50:21.0812 0x1758 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
11:50:21.0828 0x1758 ssadmdm - ok
11:50:21.0874 0x1758 [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
11:50:21.0874 0x1758 ssadserd - ok
11:50:21.0952 0x1758 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:50:21.0968 0x1758 SSDPSRV - ok
11:50:22.0062 0x1758 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
11:50:22.0062 0x1758 ssmdrv - ok
11:50:22.0140 0x1758 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:50:22.0140 0x1758 SstpSvc - ok
11:50:22.0202 0x1758 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:50:22.0202 0x1758 stexstor - ok
11:50:22.0311 0x1758 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
11:50:22.0342 0x1758 StiSvc - ok
11:50:22.0405 0x1758 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
11:50:22.0405 0x1758 swenum - ok
11:50:22.0483 0x1758 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
11:50:22.0514 0x1758 swprv - ok
11:50:22.0592 0x1758 [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:50:22.0608 0x1758 SynTP - ok
11:50:22.0701 0x1758 [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32 C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
11:50:22.0701 0x1758 Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
11:50:22.0732 0x1758 syshost32 - detected LockedFile.Multi.Generic ( 1 )
11:50:25.0618 0x1758 Detect turned to UDS exact due to KSN untrusted
11:50:25.0618 0x1758 syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
11:50:25.0618 0x1758 Force sending object to P2P due to detect: syshost32
11:50:29.0643 0x1758 Object send P2P result: true
11:50:32.0888 0x1758 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
11:50:32.0966 0x1758 SysMain - ok
11:50:33.0044 0x1758 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
11:50:33.0044 0x1758 TabletInputService - ok
11:50:33.0169 0x1758 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
11:50:33.0200 0x1758 TapiSrv - ok
11:50:33.0294 0x1758 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
11:50:33.0294 0x1758 TBS - ok
11:50:33.0434 0x1758 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:50:33.0528 0x1758 Tcpip - ok
11:50:33.0652 0x1758 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:50:33.0699 0x1758 TCPIP6 - ok
11:50:33.0808 0x1758 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:50:33.0808 0x1758 tcpipreg - ok
11:50:33.0902 0x1758 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:50:33.0902 0x1758 TDPIPE - ok
11:50:33.0949 0x1758 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:50:33.0949 0x1758 TDTCP - ok
11:50:34.0011 0x1758 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:50:34.0027 0x1758 tdx - ok
11:50:34.0105 0x1758 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:50:34.0105 0x1758 TermDD - ok
11:50:34.0198 0x1758 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
11:50:34.0230 0x1758 TermService - ok
11:50:34.0308 0x1758 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
11:50:34.0308 0x1758 Themes - ok
11:50:34.0354 0x1758 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
11:50:34.0354 0x1758 THREADORDER - ok
11:50:34.0448 0x1758 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
11:50:34.0464 0x1758 TrkWks - ok
11:50:34.0573 0x1758 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:50:34.0588 0x1758 TrustedInstaller - ok
11:50:34.0651 0x1758 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:50:34.0651 0x1758 tssecsrv - ok
11:50:34.0729 0x1758 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:50:34.0744 0x1758 TsUsbFlt - ok
11:50:34.0807 0x1758 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:50:34.0822 0x1758 tunnel - ok
11:50:34.0869 0x1758 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:50:34.0869 0x1758 uagp35 - ok
11:50:34.0978 0x1758 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:50:34.0994 0x1758 udfs - ok
11:50:35.0103 0x1758 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:50:35.0103 0x1758 UI0Detect - ok
11:50:35.0150 0x1758 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:50:35.0166 0x1758 uliagpkx - ok
11:50:35.0228 0x1758 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
11:50:35.0228 0x1758 umbus - ok
11:50:35.0275 0x1758 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:50:35.0275 0x1758 UmPass - ok
11:50:35.0400 0x1758 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
11:50:35.0415 0x1758 upnphost - ok
11:50:35.0493 0x1758 [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:50:35.0493 0x1758 usbccgp - ok
11:50:35.0571 0x1758 USBCCID - ok
11:50:35.0649 0x1758 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:50:35.0665 0x1758 usbcir - ok
11:50:35.0712 0x1758 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:50:35.0727 0x1758 usbehci - ok
11:50:35.0805 0x1758 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:50:35.0821 0x1758 usbhub - ok
11:50:35.0899 0x1758 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:50:35.0899 0x1758 usbohci - ok
11:50:36.0008 0x1758 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:50:36.0008 0x1758 usbprint - ok
11:50:36.0070 0x1758 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
11:50:36.0070 0x1758 usbscan - ok
11:50:36.0148 0x1758 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:50:36.0148 0x1758 USBSTOR - ok
11:50:36.0242 0x1758 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:50:36.0242 0x1758 usbuhci - ok
11:50:36.0320 0x1758 [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:50:36.0320 0x1758 usbvideo - ok
11:50:36.0398 0x1758 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
11:50:36.0414 0x1758 UxSms - ok
11:50:36.0476 0x1758 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
11:50:36.0476 0x1758 VaultSvc - ok
11:50:36.0554 0x1758 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:50:36.0554 0x1758 vdrvroot - ok
11:50:36.0663 0x1758 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
11:50:36.0694 0x1758 vds - ok
11:50:36.0757 0x1758 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:50:36.0757 0x1758 vga - ok
11:50:36.0819 0x1758 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:50:36.0819 0x1758 VgaSave - ok
11:50:36.0913 0x1758 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:50:37.0334 0x1758 vhdmp - ok
11:50:39.0393 0x1758 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:50:39.0393 0x1758 viaagp - ok
11:50:40.0470 0x1758 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:50:40.0470 0x1758 ViaC7 - ok
11:50:42.0264 0x1758 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
11:50:42.0264 0x1758 viaide - ok
11:50:43.0090 0x1758 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:50:43.0090 0x1758 volmgr - ok
11:50:43.0418 0x1758 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:50:43.0434 0x1758 volmgrx - ok
11:50:44.0245 0x1758 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:50:44.0276 0x1758 volsnap - ok
11:50:44.0416 0x1758 [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:50:44.0448 0x1758 vpnagent - ok
11:50:44.0510 0x1758 [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
11:50:44.0510 0x1758 vpnva - ok
11:50:44.0588 0x1758 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:50:44.0588 0x1758 vsmraid - ok
11:50:44.0713 0x1758 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
11:50:44.0775 0x1758 VSS - ok
11:50:44.0838 0x1758 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:50:44.0853 0x1758 vwifibus - ok
11:50:44.0900 0x1758 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:50:44.0900 0x1758 vwififlt - ok
11:50:44.0947 0x1758 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:50:44.0947 0x1758 vwifimp - ok
11:50:45.0056 0x1758 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
11:50:45.0072 0x1758 W32Time - ok
11:50:45.0150 0x1758 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:50:45.0165 0x1758 WacomPen - ok
11:50:45.0228 0x1758 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:50:45.0243 0x1758 WANARP - ok
11:50:45.0274 0x1758 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:50:45.0274 0x1758 Wanarpv6 - ok
11:50:45.0415 0x1758 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:50:45.0477 0x1758 WatAdminSvc - ok
11:50:45.0602 0x1758 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
11:50:45.0680 0x1758 wbengine - ok
11:50:45.0758 0x1758 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:50:45.0774 0x1758 WbioSrvc - ok
11:50:45.0867 0x1758 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:50:45.0914 0x1758 wcncsvc - ok
11:50:46.0273 0x1758 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:50:46.0273 0x1758 WcsPlugInService - ok
11:50:46.0351 0x1758 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:50:46.0351 0x1758 Wd - ok
11:50:46.0429 0x1758 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:50:46.0460 0x1758 Wdf01000 - ok
11:50:46.0522 0x1758 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:50:46.0522 0x1758 WdiServiceHost - ok
11:50:46.0569 0x1758 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:50:46.0569 0x1758 WdiSystemHost - ok
11:50:46.0663 0x1758 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
11:50:46.0678 0x1758 WebClient - ok
11:50:46.0756 0x1758 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:50:46.0772 0x1758 Wecsvc - ok
11:50:46.0834 0x1758 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:50:46.0834 0x1758 wercplsupport - ok
11:50:46.0897 0x1758 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
11:50:46.0912 0x1758 WerSvc - ok
11:50:46.0959 0x1758 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:50:46.0959 0x1758 WfpLwf - ok
11:50:47.0037 0x1758 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:50:47.0037 0x1758 WIMMount - ok
11:50:47.0178 0x1758 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:50:47.0209 0x1758 WinDefend - ok
11:50:47.0318 0x1758 WinHttpAutoProxySvc - ok
11:50:47.0412 0x1758 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:50:47.0427 0x1758 Winmgmt - ok
11:50:47.0552 0x1758 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
11:50:47.0630 0x1758 WinRM - ok
11:50:47.0817 0x1758 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:50:47.0817 0x1758 WinUsb - ok
11:50:47.0942 0x1758 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:50:48.0098 0x1758 Wlansvc - ok
11:50:48.0363 0x1758 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:50:48.0379 0x1758 WmiAcpi - ok
11:50:48.0472 0x1758 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:50:48.0472 0x1758 wmiApSrv - ok
11:50:48.0644 0x1758 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:50:48.0706 0x1758 WMPNetworkSvc - ok
11:50:48.0816 0x1758 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:50:48.0816 0x1758 WPCSvc - ok
11:50:48.0878 0x1758 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:50:48.0894 0x1758 WPDBusEnum - ok
11:50:48.0987 0x1758 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:50:48.0987 0x1758 ws2ifsl - ok
11:50:49.0065 0x1758 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
11:50:49.0081 0x1758 wscsvc - ok
11:50:49.0159 0x1758 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:50:49.0159 0x1758 WSDPrintDevice - ok
11:50:49.0237 0x1758 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\Windows\system32\drivers\WSDScan.sys
11:50:49.0252 0x1758 WSDScan - ok
11:50:49.0284 0x1758 WSearch - ok
11:50:49.0502 0x1758 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
11:50:49.0627 0x1758 wuauserv - ok
11:50:49.0720 0x1758 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:50:49.0720 0x1758 WudfPf - ok
11:50:49.0783 0x1758 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:49.0783 0x1758 WUDFRd - ok
11:50:49.0923 0x1758 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:50:49.0939 0x1758 wudfsvc - ok
11:50:50.0235 0x1758 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
11:50:50.0251 0x1758 WwanSvc - ok
11:50:50.0391 0x1758 ================ Scan global ===============================
11:50:50.0454 0x1758 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
11:50:50.0500 0x1758 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:50:50.0532 0x1758 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:50:50.0578 0x1758 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
11:50:50.0610 0x1758 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
11:50:50.0641 0x1758 [ Global ] - ok
11:50:50.0641 0x1758 ================ Scan MBR ==================================
11:50:50.0656 0x1758 [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
11:50:56.0226 0x1758 \Device\Harddisk0\DR0 - ok
11:50:56.0226 0x1758 ================ Scan VBR ==================================
11:50:56.0226 0x1758 [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
11:50:56.0226 0x1758 \Device\Harddisk0\DR0\Partition1 - ok
11:50:56.0257 0x1758 [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
11:50:56.0257 0x1758 \Device\Harddisk0\DR0\Partition2 - ok
11:50:56.0273 0x1758 [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
11:50:56.0273 0x1758 \Device\Harddisk0\DR0\Partition3 - ok
11:50:56.0273 0x1758 ================ Scan generic autorun ======================
11:50:56.0335 0x1758 [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
11:50:56.0335 0x1758 IAAnotif - ok
11:50:56.0475 0x1758 [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
11:50:56.0585 0x1758 MGSysCtrl - ok
11:50:56.0709 0x1758 [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
11:50:56.0787 0x1758 SynTPEnh - ok
11:50:57.0224 0x1758 [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
11:50:57.0599 0x1758 RtHDVCpl - ok
11:50:57.0692 0x1758 [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
11:50:57.0692 0x1758 PDVD9LanguageShortcut - ok
11:50:57.0833 0x1758 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
11:50:57.0833 0x1758 UCam_Menu - ok
11:50:57.0879 0x1758 [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
11:50:57.0911 0x1758 YouCam Mirror Tray icon - ok
11:50:58.0067 0x1758 [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
11:50:58.0067 0x1758 IgfxTray - ok
11:50:58.0098 0x1758 [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
11:50:58.0098 0x1758 HotKeysCmds - ok
11:50:58.0129 0x1758 [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
11:50:58.0160 0x1758 Persistence - ok
11:50:58.0238 0x1758 [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
11:50:58.0269 0x1758 IJNetworkScannerSelectorEX - ok
11:50:58.0379 0x1758 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:50:58.0441 0x1758 Adobe ARM - ok
11:50:58.0488 0x1758 [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
11:50:58.0503 0x1758 SunJavaUpdateSched - ok
11:50:58.0597 0x1758 [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
11:50:58.0628 0x1758 avgnt - ok
11:50:58.0706 0x1758 [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
11:50:58.0722 0x1758 Cisco AnyConnect Secure Mobility Agent for Windows - ok
11:50:58.0847 0x1758 [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
11:50:58.0956 0x1758 MailCheck IE Broker - ok
11:50:58.0956 0x1758 {956AD994-B7CC-444F-8054-3F0EAE8F6791} - ok
11:50:58.0956 0x1758 Waiting for KSN requests completion. In queue: 16
11:50:59.0970 0x1758 Waiting for KSN requests completion. In queue: 16
11:51:00.0984 0x1758 Waiting for KSN requests completion. In queue: 16
11:51:02.0013 0x1758 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
11:51:02.0013 0x1758 Win FW state via NFP2: enabled
11:51:04.0868 0x1758 ============================================================
11:51:04.0868 0x1758 Scan finished
11:51:04.0868 0x1758 ============================================================
11:51:04.0884 0x178c Detected object count: 3
11:51:04.0884 0x178c Actual detected object count: 3
11:54:29.0353 0x178c C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - copied to quarantine
11:54:29.0416 0x178c HKLM\SYSTEM\ControlSet001\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:54:29.0494 0x178c HKLM\SYSTEM\ControlSet002\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:54:30.0102 0x178c C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - will be deleted on reboot
11:54:30.0102 0x178c 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
11:54:30.0102 0x178c mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
11:54:30.0102 0x178c mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
11:54:30.0102 0x178c syshost32 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
11:54:30.0118 0x178c syshost32 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
11:54:30.0320 0x178c KLMD registered as C:\Windows\system32\drivers\85219404.sys
11:54:40.0398 0x11a4 Deinitialize success
|
|
09.07.2014, 14:02
| #10 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Das hier ist der dritte Code:
ATTFilter 11:54:51.0014 0x1724 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
11:54:54.0555 0x1724 ============================================================
11:54:54.0555 0x1724 Current date / time: 2014/07/08 11:54:54.0555
11:54:54.0555 0x1724 SystemInfo:
11:54:54.0555 0x1724
11:54:54.0555 0x1724 OS Version: 6.1.7601 ServicePack: 1.0
11:54:54.0555 0x1724 Product type: Workstation
11:54:54.0555 0x1724 ComputerName: *****-PC
11:54:54.0555 0x1724 UserName: *****
11:54:54.0555 0x1724 Windows directory: C:\Windows
11:54:54.0555 0x1724 System windows directory: C:\Windows
11:54:54.0555 0x1724 Processor architecture: Intel x86
11:54:54.0555 0x1724 Number of processors: 2
11:54:54.0555 0x1724 Page size: 0x1000
11:54:54.0555 0x1724 Boot type: Normal boot
11:54:54.0555 0x1724 ============================================================
11:54:55.0132 0x1724 KLMD registered as C:\Windows\system32\drivers\91343349.sys
11:55:02.0917 0x1724 System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
11:55:03.0478 0x1724 !crdlk
11:55:03.0587 0x1724 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
11:55:03.0587 0x1724 ============================================================
11:55:03.0587 0x1724 \Device\Harddisk0\DR0:
11:55:03.0587 0x1724 MBR partitions:
11:55:03.0587 0x1724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:55:03.0587 0x1724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
11:55:03.0587 0x1724 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
11:55:03.0587 0x1724 ============================================================
11:55:03.0619 0x1724 C: <-> \Device\Harddisk0\DR0\Partition2
11:55:03.0681 0x1724 D: <-> \Device\Harddisk0\DR0\Partition3
11:55:03.0681 0x1724 ============================================================
11:55:03.0681 0x1724 Initialize success
11:55:03.0681 0x1724 ============================================================
11:55:38.0859 0x110c ============================================================
11:55:38.0859 0x110c Scan started
11:55:38.0859 0x110c Mode: Manual;
11:55:38.0859 0x110c ============================================================
11:55:38.0859 0x110c KSN ping started
11:55:41.0761 0x110c KSN ping finished: true
11:55:42.0899 0x110c ================ Scan system memory ========================
11:55:42.0899 0x110c System memory - ok
11:55:42.0899 0x110c ================ Scan services =============================
11:55:43.0165 0x110c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:55:43.0165 0x110c 1394ohci - ok
11:55:43.0274 0x110c [ 4B2C07980CBD463DEE9F5CB0ADCDE862, A0D20F91EE6A13CA255033752B79CD90C89F3E95DB82D96EC6117E6B734775EF ] 75070223 C:\Windows\system32\drivers\19170952.sys
11:55:43.0274 0x110c 75070223 - ok
11:55:43.0305 0x110c Suspicious service (NoAccess): 8a6a6eefe4cb1615
11:55:43.0336 0x110c [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
11:55:43.0336 0x110c Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
11:55:43.0383 0x110c 8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
11:55:46.0363 0x110c 8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
11:55:46.0363 0x110c Force sending object to P2P due to detect: 8a6a6eefe4cb1615
11:55:50.0731 0x110c Object send P2P result: true
11:55:53.0663 0x110c [ 4B2C07980CBD463DEE9F5CB0ADCDE862, A0D20F91EE6A13CA255033752B79CD90C89F3E95DB82D96EC6117E6B734775EF ] 93925963 C:\Windows\system32\drivers\85219404.sys
11:55:53.0663 0x110c 93925963 - ok
11:55:53.0741 0x110c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:55:53.0741 0x110c ACPI - ok
11:55:53.0804 0x110c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:55:53.0804 0x110c AcpiPmi - ok
11:55:53.0851 0x110c [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock C:\Windows\system32\DRIVERS\acsock.sys
11:55:53.0866 0x110c acsock - ok
11:55:54.0007 0x110c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:55:54.0007 0x110c AdobeARMservice - ok
11:55:54.0147 0x110c [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:55:54.0163 0x110c AdobeFlashPlayerUpdateSvc - ok
11:55:54.0256 0x110c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:55:54.0272 0x110c adp94xx - ok
11:55:54.0334 0x110c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:55:54.0350 0x110c adpahci - ok
11:55:54.0397 0x110c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:55:54.0397 0x110c adpu320 - ok
11:55:54.0475 0x110c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:55:54.0475 0x110c AeLookupSvc - ok
11:55:54.0553 0x110c [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
11:55:54.0568 0x110c AFD - ok
11:55:54.0631 0x110c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:55:54.0631 0x110c agp440 - ok
11:55:54.0724 0x110c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:55:54.0724 0x110c aic78xx - ok
11:55:54.0787 0x110c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
11:55:54.0787 0x110c ALG - ok
11:55:54.0833 0x110c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
11:55:54.0833 0x110c aliide - ok
11:55:54.0896 0x110c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:55:54.0896 0x110c amdagp - ok
11:55:54.0943 0x110c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
11:55:54.0943 0x110c amdide - ok
11:55:55.0005 0x110c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:55:55.0005 0x110c AmdK8 - ok
11:55:55.0036 0x110c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:55:55.0036 0x110c AmdPPM - ok
11:55:55.0114 0x110c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:55:55.0114 0x110c amdsata - ok
11:55:55.0177 0x110c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:55:55.0177 0x110c amdsbs - ok
11:55:55.0208 0x110c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:55:55.0208 0x110c amdxata - ok
11:55:55.0255 0x110c [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
11:55:55.0255 0x110c androidusb - ok
11:55:55.0395 0x110c [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:55:55.0411 0x110c AntiVirSchedulerService - ok
11:55:55.0520 0x110c [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:55:55.0535 0x110c AntiVirService - ok
11:55:55.0598 0x110c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
11:55:55.0598 0x110c AppID - ok
11:55:55.0676 0x110c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:55:55.0676 0x110c AppIDSvc - ok
11:55:55.0754 0x110c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
11:55:55.0754 0x110c Appinfo - ok
11:55:55.0847 0x110c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:55:55.0847 0x110c arc - ok
11:55:55.0894 0x110c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:55:55.0894 0x110c arcsas - ok
11:55:56.0035 0x110c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:55:56.0035 0x110c aspnet_state - ok
11:55:56.0081 0x110c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:55:56.0081 0x110c AsyncMac - ok
11:55:56.0144 0x110c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
11:55:56.0159 0x110c atapi - ok
11:55:56.0253 0x110c [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:55:56.0269 0x110c AudioEndpointBuilder - ok
11:55:56.0347 0x110c [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:55:56.0362 0x110c Audiosrv - ok
11:55:56.0456 0x110c [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:55:56.0456 0x110c avgntflt - ok
11:55:56.0534 0x110c [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:55:56.0549 0x110c avipbb - ok
11:55:56.0596 0x110c [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:55:56.0612 0x110c avkmgr - ok
11:55:56.0690 0x110c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:55:56.0690 0x110c AxInstSV - ok
11:55:56.0768 0x110c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:55:56.0783 0x110c b06bdrv - ok
11:55:56.0830 0x110c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:55:56.0846 0x110c b57nd60x - ok
11:55:56.0971 0x110c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
11:55:56.0971 0x110c BDESVC - ok
11:55:57.0017 0x110c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
11:55:57.0033 0x110c Beep - ok
11:55:57.0127 0x110c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
11:55:57.0142 0x110c BFE - ok
11:55:57.0236 0x110c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
11:55:57.0251 0x110c BITS - ok
11:55:57.0314 0x110c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:55:57.0314 0x110c blbdrive - ok
11:55:57.0392 0x110c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:55:57.0392 0x110c bowser - ok
11:55:57.0454 0x110c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:55:57.0454 0x110c BrFiltLo - ok
11:55:57.0501 0x110c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:55:57.0501 0x110c BrFiltUp - ok
11:55:57.0563 0x110c [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:55:57.0563 0x110c BridgeMP - ok
11:55:57.0641 0x110c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
11:55:57.0641 0x110c Browser - ok
11:55:57.0688 0x110c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:55:57.0704 0x110c Brserid - ok
11:55:57.0751 0x110c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:55:57.0751 0x110c BrSerWdm - ok
11:55:57.0813 0x110c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:55:57.0813 0x110c BrUsbMdm - ok
11:55:57.0844 0x110c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:55:57.0844 0x110c BrUsbSer - ok
11:55:57.0922 0x110c [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:55:57.0922 0x110c BthEnum - ok
11:55:57.0985 0x110c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:55:57.0985 0x110c BTHMODEM - ok
11:55:58.0031 0x110c [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:55:58.0031 0x110c BthPan - ok
11:55:58.0109 0x110c [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:55:58.0125 0x110c BTHPORT - ok
11:55:58.0203 0x110c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
11:55:58.0203 0x110c bthserv - ok
11:55:58.0234 0x110c [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:55:58.0250 0x110c BTHUSB - ok
11:55:58.0297 0x110c [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:55:58.0312 0x110c btwaudio - ok
11:55:58.0375 0x110c [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:55:58.0375 0x110c btwavdt - ok
11:55:58.0499 0x110c [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:55:58.0515 0x110c btwdins - ok
11:55:58.0562 0x110c [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:55:58.0562 0x110c btwl2cap - ok
11:55:58.0609 0x110c [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:55:58.0609 0x110c btwrchid - ok
11:55:58.0718 0x110c catchme - ok
11:55:58.0780 0x110c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:55:58.0780 0x110c cdfs - ok
11:55:58.0858 0x110c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:55:58.0858 0x110c cdrom - ok
11:55:58.0921 0x110c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
11:55:58.0936 0x110c CertPropSvc - ok
11:55:58.0983 0x110c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:55:58.0983 0x110c circlass - ok
11:55:59.0061 0x110c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
11:55:59.0077 0x110c CLFS - ok
11:55:59.0279 0x110c [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
11:55:59.0342 0x110c ClickToRunSvc - ok
11:55:59.0435 0x110c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:55:59.0435 0x110c clr_optimization_v2.0.50727_32 - ok
11:55:59.0529 0x110c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:55:59.0529 0x110c clr_optimization_v4.0.30319_32 - ok
11:55:59.0576 0x110c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:55:59.0576 0x110c CmBatt - ok
11:55:59.0638 0x110c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:55:59.0654 0x110c cmdide - ok
11:55:59.0716 0x110c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
11:55:59.0732 0x110c CNG - ok
11:55:59.0794 0x110c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:55:59.0794 0x110c Compbatt - ok
11:55:59.0872 0x110c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:55:59.0872 0x110c CompositeBus - ok
11:55:59.0903 0x110c COMSysApp - ok
11:55:59.0950 0x110c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:55:59.0950 0x110c crcdisk - ok
11:56:00.0028 0x110c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:56:00.0044 0x110c CryptSvc - ok
11:56:00.0153 0x110c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
11:56:00.0169 0x110c DcomLaunch - ok
11:56:00.0231 0x110c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
11:56:00.0247 0x110c defragsvc - ok
11:56:00.0293 0x110c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:56:00.0309 0x110c DfsC - ok
11:56:00.0403 0x110c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:56:00.0418 0x110c Dhcp - ok
11:56:00.0465 0x110c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
11:56:00.0481 0x110c discache - ok
11:56:00.0543 0x110c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:56:00.0543 0x110c Disk - ok
11:56:00.0621 0x110c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:56:00.0621 0x110c Dnscache - ok
11:56:00.0683 0x110c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
11:56:00.0699 0x110c dot3svc - ok
11:56:00.0777 0x110c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
11:56:00.0777 0x110c DPS - ok
11:56:00.0855 0x110c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:56:00.0855 0x110c drmkaud - ok
11:56:00.0980 0x110c [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:56:01.0027 0x110c DXGKrnl - ok
11:56:01.0105 0x110c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
11:56:01.0105 0x110c EapHost - ok
11:56:01.0307 0x110c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:56:01.0479 0x110c ebdrv - ok
11:56:01.0573 0x110c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
11:56:01.0573 0x110c EFS - ok
11:56:01.0697 0x110c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:56:01.0713 0x110c ehRecvr - ok
11:56:01.0760 0x110c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
11:56:01.0760 0x110c ehSched - ok
11:56:01.0853 0x110c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:56:01.0885 0x110c elxstor - ok
11:56:01.0947 0x110c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:56:01.0947 0x110c ErrDev - ok
11:56:02.0087 0x110c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
11:56:02.0103 0x110c EventSystem - ok
11:56:02.0150 0x110c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
11:56:02.0150 0x110c exfat - ok
11:56:02.0197 0x110c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:56:02.0212 0x110c fastfat - ok
11:56:02.0290 0x110c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
11:56:02.0321 0x110c Fax - ok
11:56:02.0353 0x110c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:56:02.0368 0x110c fdc - ok
11:56:02.0446 0x110c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
11:56:02.0446 0x110c fdPHost - ok
11:56:02.0493 0x110c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
11:56:02.0493 0x110c FDResPub - ok
11:56:02.0540 0x110c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:56:02.0540 0x110c FileInfo - ok
11:56:02.0602 0x110c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:56:02.0602 0x110c Filetrace - ok
11:56:02.0649 0x110c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:56:02.0665 0x110c flpydisk - ok
11:56:02.0711 0x110c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:56:02.0727 0x110c FltMgr - ok
11:56:02.0852 0x110c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
11:56:02.0883 0x110c FontCache - ok
11:56:02.0977 0x110c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:56:02.0977 0x110c FontCache3.0.0.0 - ok
11:56:03.0023 0x110c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:56:03.0023 0x110c FsDepends - ok
11:56:03.0086 0x110c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:56:03.0086 0x110c Fs_Rec - ok
11:56:03.0148 0x110c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:56:03.0164 0x110c fvevol - ok
11:56:03.0211 0x110c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:56:03.0226 0x110c gagp30kx - ok
11:56:03.0320 0x110c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
11:56:03.0351 0x110c gpsvc - ok
11:56:03.0476 0x110c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:03.0476 0x110c gupdate - ok
11:56:03.0523 0x110c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:03.0523 0x110c gupdatem - ok
11:56:03.0569 0x110c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:56:03.0569 0x110c hcw85cir - ok
11:56:03.0647 0x110c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:56:03.0663 0x110c HdAudAddService - ok
11:56:03.0725 0x110c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:56:03.0725 0x110c HDAudBus - ok
11:56:03.0772 0x110c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:56:03.0772 0x110c HidBatt - ok
11:56:03.0835 0x110c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:56:03.0835 0x110c HidBth - ok
11:56:03.0881 0x110c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:56:03.0897 0x110c HidIr - ok
11:56:03.0944 0x110c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
11:56:03.0944 0x110c hidserv - ok
11:56:04.0022 0x110c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:56:04.0022 0x110c HidUsb - ok
11:56:04.0084 0x110c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
11:56:04.0084 0x110c hkmsvc - ok
11:56:04.0162 0x110c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:56:04.0178 0x110c HomeGroupListener - ok
11:56:04.0240 0x110c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:56:04.0256 0x110c HomeGroupProvider - ok
11:56:04.0318 0x110c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:56:04.0318 0x110c HpSAMD - ok
11:56:04.0412 0x110c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:56:04.0443 0x110c HTTP - ok
11:56:04.0505 0x110c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:56:04.0505 0x110c hwpolicy - ok
11:56:04.0568 0x110c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:56:04.0583 0x110c i8042prt - ok
11:56:04.0693 0x110c [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:56:04.0708 0x110c IAANTMON - ok
11:56:04.0786 0x110c [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:56:04.0817 0x110c iaStor - ok
11:56:04.0895 0x110c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:56:04.0911 0x110c iaStorV - ok
11:56:05.0036 0x110c [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:56:05.0067 0x110c idsvc - ok
11:56:05.0145 0x110c IEEtwCollectorService - ok
11:56:05.0660 0x110c [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
11:56:06.0237 0x110c igfx - ok
11:56:06.0471 0x110c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:56:06.0471 0x110c iirsp - ok
11:56:06.0580 0x110c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
11:56:06.0611 0x110c IKEEXT - ok
11:56:06.0845 0x110c [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:56:06.0986 0x110c IntcAzAudAddService - ok
11:56:07.0048 0x110c [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:56:07.0064 0x110c IntcHdmiAddService - ok
11:56:07.0126 0x110c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
11:56:07.0126 0x110c intelide - ok
11:56:07.0189 0x110c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:56:07.0189 0x110c intelppm - ok
11:56:07.0282 0x110c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:56:07.0282 0x110c IPBusEnum - ok
11:56:07.0345 0x110c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:56:07.0345 0x110c IpFilterDriver - ok
11:56:07.0454 0x110c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:56:07.0469 0x110c iphlpsvc - ok
11:56:07.0516 0x110c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:56:07.0516 0x110c IPMIDRV - ok
11:56:07.0579 0x110c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:56:07.0579 0x110c IPNAT - ok
11:56:07.0625 0x110c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:56:07.0625 0x110c IRENUM - ok
11:56:07.0703 0x110c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:56:07.0703 0x110c isapnp - ok
11:56:07.0766 0x110c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:56:07.0781 0x110c iScsiPrt - ok
11:56:07.0844 0x110c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:56:07.0844 0x110c kbdclass - ok
11:56:07.0891 0x110c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:56:07.0891 0x110c kbdhid - ok
11:56:07.0937 0x110c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
11:56:07.0937 0x110c KeyIso - ok
11:56:08.0015 0x110c [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:56:08.0015 0x110c KSecDD - ok
11:56:08.0062 0x110c [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:56:08.0078 0x110c KSecPkg - ok
11:56:08.0156 0x110c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:56:08.0156 0x110c KtmRm - ok
11:56:08.0234 0x110c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:56:08.0249 0x110c LanmanServer - ok
11:56:08.0327 0x110c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:56:08.0343 0x110c LanmanWorkstation - ok
11:56:08.0437 0x110c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:56:08.0437 0x110c lltdio - ok
11:56:08.0499 0x110c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:56:08.0515 0x110c lltdsvc - ok
11:56:08.0593 0x110c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:56:08.0593 0x110c lmhosts - ok
11:56:08.0671 0x110c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:56:08.0686 0x110c LSI_FC - ok
11:56:08.0733 0x110c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:56:08.0733 0x110c LSI_SAS - ok
11:56:08.0780 0x110c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:56:08.0795 0x110c LSI_SAS2 - ok
11:56:08.0827 0x110c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:56:08.0842 0x110c LSI_SCSI - ok
11:56:08.0920 0x110c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
11:56:08.0936 0x110c luafv - ok
11:56:09.0014 0x110c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:56:09.0014 0x110c Mcx2Svc - ok
11:56:09.0061 0x110c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:56:09.0061 0x110c megasas - ok
11:56:09.0123 0x110c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:56:09.0154 0x110c MegaSR - ok
11:56:09.0217 0x110c [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
11:56:09.0232 0x110c Micro Star SCM - ok
11:56:09.0310 0x110c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
11:56:09.0310 0x110c MMCSS - ok
11:56:09.0357 0x110c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
11:56:09.0357 0x110c Modem - ok
11:56:09.0404 0x110c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:56:09.0404 0x110c monitor - ok
11:56:09.0466 0x110c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:56:09.0466 0x110c mouclass - ok
11:56:09.0497 0x110c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:56:09.0513 0x110c mouhid - ok
11:56:09.0575 0x110c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:56:09.0575 0x110c mountmgr - ok
11:56:09.0638 0x110c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
11:56:09.0638 0x110c mpio - ok
11:56:09.0700 0x110c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:56:09.0700 0x110c mpsdrv - ok
11:56:09.0825 0x110c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:56:09.0841 0x110c MpsSvc - ok
11:56:09.0919 0x110c [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:56:09.0934 0x110c MRxDAV - ok
11:56:09.0997 0x110c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:56:10.0012 0x110c mrxsmb - ok
11:56:10.0075 0x110c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:56:10.0090 0x110c mrxsmb10 - ok
11:56:10.0137 0x110c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:56:10.0137 0x110c mrxsmb20 - ok
11:56:10.0199 0x110c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
11:56:10.0199 0x110c msahci - ok
11:56:10.0262 0x110c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:56:10.0262 0x110c msdsm - ok
11:56:10.0309 0x110c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
11:56:10.0309 0x110c MSDTC - ok
11:56:10.0418 0x110c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:56:10.0418 0x110c Msfs - ok
11:56:10.0465 0x110c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:56:10.0465 0x110c mshidkmdf - ok
11:56:10.0527 0x110c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:56:10.0527 0x110c msisadrv - ok
11:56:10.0605 0x110c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:56:10.0621 0x110c MSiSCSI - ok
11:56:10.0652 0x110c msiserver - ok
11:56:10.0714 0x110c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:56:10.0714 0x110c MSKSSRV - ok
11:56:10.0761 0x110c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:56:10.0761 0x110c MSPCLOCK - ok
11:56:10.0792 0x110c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:56:10.0792 0x110c MSPQM - ok
11:56:10.0839 0x110c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:56:10.0855 0x110c MsRPC - ok
11:56:10.0933 0x110c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:56:10.0933 0x110c mssmbios - ok
11:56:10.0979 0x110c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:56:10.0979 0x110c MSTEE - ok
11:56:11.0026 0x110c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:56:11.0026 0x110c MTConfig - ok
11:56:11.0104 0x110c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
11:56:11.0104 0x110c Mup - ok
11:56:11.0182 0x110c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
11:56:11.0198 0x110c napagent - ok
11:56:11.0276 0x110c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:56:11.0291 0x110c NativeWifiP - ok
11:56:11.0385 0x110c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:56:11.0432 0x110c NDIS - ok
11:56:11.0479 0x110c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:56:11.0494 0x110c NdisCap - ok
11:56:11.0541 0x110c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:56:11.0541 0x110c NdisTapi - ok
11:56:11.0603 0x110c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:56:11.0619 0x110c Ndisuio - ok
11:56:11.0666 0x110c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:56:11.0681 0x110c NdisWan - ok
11:56:11.0728 0x110c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:56:11.0744 0x110c NDProxy - ok
11:56:11.0806 0x110c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:56:11.0806 0x110c NetBIOS - ok
11:56:11.0869 0x110c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:56:11.0884 0x110c NetBT - ok
11:56:11.0947 0x110c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
11:56:11.0947 0x110c Netlogon - ok
11:56:12.0040 0x110c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
11:56:12.0056 0x110c Netman - ok
11:56:12.0134 0x110c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0134 0x110c NetMsmqActivator - ok
11:56:12.0196 0x110c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0196 0x110c NetPipeActivator - ok
11:56:12.0274 0x110c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
11:56:12.0290 0x110c netprofm - ok
11:56:12.0352 0x110c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0352 0x110c NetTcpActivator - ok
11:56:12.0415 0x110c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0415 0x110c NetTcpPortSharing - ok
11:56:12.0477 0x110c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:56:12.0477 0x110c nfrd960 - ok
11:56:12.0571 0x110c [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:56:12.0586 0x110c NlaSvc - ok
11:56:12.0649 0x110c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:56:12.0649 0x110c Npfs - ok
11:56:12.0711 0x110c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
11:56:12.0711 0x110c nsi - ok
11:56:12.0758 0x110c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:56:12.0758 0x110c nsiproxy - ok
11:56:12.0883 0x110c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:56:12.0961 0x110c Ntfs - ok
11:56:13.0023 0x110c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
11:56:13.0023 0x110c Null - ok
11:56:13.0085 0x110c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:56:13.0085 0x110c nvraid - ok
11:56:13.0132 0x110c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:56:13.0148 0x110c nvstor - ok
11:56:13.0179 0x110c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:56:13.0195 0x110c nv_agp - ok
11:56:13.0226 0x110c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:56:13.0226 0x110c ohci1394 - ok
11:56:13.0304 0x110c [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:56:13.0319 0x110c ose - ok
11:56:13.0647 0x110c [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:56:13.0834 0x110c osppsvc - ok
11:56:14.0115 0x110c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:56:14.0115 0x110c p2pimsvc - ok
11:56:14.0193 0x110c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
11:56:14.0209 0x110c p2psvc - ok
11:56:14.0255 0x110c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:56:14.0255 0x110c Parport - ok
11:56:14.0333 0x110c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:56:14.0333 0x110c partmgr - ok
11:56:14.0380 0x110c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:56:14.0380 0x110c Parvdm - ok
11:56:14.0458 0x110c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:56:14.0458 0x110c PcaSvc - ok
11:56:14.0536 0x110c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
11:56:14.0552 0x110c pci - ok
11:56:14.0599 0x110c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
11:56:14.0599 0x110c pciide - ok
11:56:14.0645 0x110c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:56:14.0661 0x110c pcmcia - ok
11:56:14.0708 0x110c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
11:56:14.0723 0x110c pcw - ok
11:56:14.0801 0x110c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:56:14.0833 0x110c PEAUTH - ok
11:56:15.0035 0x110c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
11:56:15.0098 0x110c pla - ok
11:56:15.0176 0x110c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:56:15.0191 0x110c PlugPlay - ok
11:56:15.0269 0x110c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:56:15.0269 0x110c PNRPAutoReg - ok
11:56:15.0332 0x110c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:56:15.0347 0x110c PNRPsvc - ok
11:56:15.0441 0x110c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:56:15.0457 0x110c PolicyAgent - ok
11:56:15.0535 0x110c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
11:56:15.0550 0x110c Power - ok
11:56:15.0597 0x110c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:56:15.0597 0x110c PptpMiniport - ok
11:56:15.0659 0x110c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:56:15.0659 0x110c Processor - ok
11:56:15.0722 0x110c [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:56:15.0737 0x110c ProfSvc - ok
11:56:15.0784 0x110c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:56:15.0784 0x110c ProtectedStorage - ok
11:56:15.0847 0x110c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:56:15.0862 0x110c Psched - ok
11:56:15.0987 0x110c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:56:16.0081 0x110c ql2300 - ok
11:56:16.0143 0x110c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:56:16.0143 0x110c ql40xx - ok
11:56:16.0252 0x110c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
11:56:16.0252 0x110c QWAVE - ok
11:56:16.0315 0x110c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:56:16.0315 0x110c QWAVEdrv - ok
11:56:16.0377 0x110c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:56:16.0377 0x110c RasAcd - ok
11:56:16.0424 0x110c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:56:16.0424 0x110c RasAgileVpn - ok
11:56:16.0502 0x110c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
11:56:16.0517 0x110c RasAuto - ok
11:56:16.0549 0x110c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:56:16.0549 0x110c Rasl2tp - ok
11:56:16.0627 0x110c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
11:56:16.0642 0x110c RasMan - ok
11:56:16.0689 0x110c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:56:16.0689 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 0FE8B15916307A6AC12BFB6A63E45507, sha256: 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E
11:56:16.0705 0x110c RasPppoe - detected LockedFile.Multi.Generic ( 1 )
11:56:19.0871 0x110c Detect skipped due to KSN trusted
11:56:19.0871 0x110c RasPppoe - ok
11:56:19.0981 0x110c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:56:19.0981 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: 44101F495A83EA6401D886E7FD70096B, sha256: 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A
11:56:19.0981 0x110c RasSstp - detected LockedFile.Multi.Generic ( 1 )
11:56:22.0960 0x110c Detect skipped due to KSN trusted
11:56:22.0960 0x110c RasSstp - ok
11:56:23.0101 0x110c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:56:23.0101 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: D528BC58A489409BA40334EBF96A311B, sha256: C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61
11:56:23.0116 0x110c rdbss - detected LockedFile.Multi.Generic ( 1 )
11:56:26.0236 0x110c Detect skipped due to KSN trusted
11:56:26.0236 0x110c rdbss - ok
11:56:26.0330 0x110c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:56:26.0330 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 0D8F05481CB76E70E1DA06EE9F0DA9DF, sha256: 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB
11:56:26.0345 0x110c rdpbus - detected LockedFile.Multi.Generic ( 1 )
11:56:29.0231 0x110c Detect skipped due to KSN trusted
11:56:29.0231 0x110c rdpbus - ok
11:56:29.0341 0x110c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:56:29.0341 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 23DAE03F29D253AE74C44F99E515F9A1, sha256: 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430
11:56:29.0356 0x110c RDPCDD - detected LockedFile.Multi.Generic ( 1 )
11:56:32.0929 0x110c Detect skipped due to KSN trusted
11:56:32.0929 0x110c RDPCDD - ok
11:56:33.0053 0x110c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:56:33.0053 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: 5A53CA1598DD4156D44196D200C94B8A, sha256: 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4
11:56:33.0069 0x110c RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
11:56:35.0924 0x110c Detect skipped due to KSN trusted
11:56:35.0924 0x110c RDPENCDD - ok
11:56:36.0033 0x110c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:56:36.0033 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 44B0A53CD4F27D50ED461DAE0C0B4E1F, sha256: CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91
11:56:36.0049 0x110c RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
11:56:38.0935 0x110c Detect skipped due to KSN trusted
11:56:38.0935 0x110c RDPREFMP - ok
11:56:39.0028 0x110c [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:56:39.0028 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: F031683E6D1FEA157ABB2FF260B51E61, sha256: 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3
11:56:39.0044 0x110c RDPWD - detected LockedFile.Multi.Generic ( 1 )
11:56:42.0117 0x110c Detect skipped due to KSN trusted
11:56:42.0117 0x110c RDPWD - ok
11:56:42.0180 0x110c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:56:42.0180 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 518395321DC96FE2C9F0E96AC743B656, sha256: 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776
11:56:42.0226 0x110c rdyboost - detected LockedFile.Multi.Generic ( 1 )
11:56:45.0112 0x110c Detect skipped due to KSN trusted
11:56:45.0112 0x110c rdyboost - ok
11:56:45.0268 0x110c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:56:45.0268 0x110c RemoteAccess - ok
11:56:45.0331 0x110c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:56:45.0346 0x110c RemoteRegistry - ok
11:56:45.0424 0x110c [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:56:45.0424 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: CB928D9E6DAF51879DD6BA8D02F01321, sha256: DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12
11:56:45.0456 0x110c RFCOMM - detected LockedFile.Multi.Generic ( 1 )
11:56:48.0326 0x110c Detect skipped due to KSN trusted
11:56:48.0326 0x110c RFCOMM - ok
11:56:48.0482 0x110c [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
11:56:48.0498 0x110c RichVideo - ok
11:56:48.0576 0x110c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:56:48.0591 0x110c RpcEptMapper - ok
11:56:48.0654 0x110c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
11:56:48.0654 0x110c RpcLocator - ok
11:56:48.0732 0x110c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
11:56:48.0747 0x110c RpcSs - ok
11:56:48.0810 0x110c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:56:48.0810 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 032B0D36AD92B582D869879F5AF5B928, sha256: 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184
11:56:48.0841 0x110c rspndr - detected LockedFile.Multi.Generic ( 1 )
11:56:51.0789 0x110c Detect skipped due to KSN trusted
11:56:51.0789 0x110c rspndr - ok
11:56:51.0930 0x110c [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:56:51.0930 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 96F8DD546677AA5102150ACC140377B3, sha256: 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5
11:56:51.0961 0x110c RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
11:56:54.0816 0x110c Detect skipped due to KSN trusted
11:56:54.0816 0x110c RSUSBSTOR - ok
11:56:54.0940 0x110c [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
11:56:54.0940 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt86win7.sys. md5: 26A9D6227D12B9D9DA5A81BB9B55D810, sha256: 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9
11:56:54.0956 0x110c RTL8167 - detected LockedFile.Multi.Generic ( 1 )
11:56:57.0826 0x110c Detect skipped due to KSN trusted
11:56:57.0826 0x110c RTL8167 - ok
11:56:57.0920 0x110c [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
11:56:57.0920 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rtl8192se.sys. md5: B5E9979FBB26FC059BD87A81F763D5DA, sha256: 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D
11:56:57.0967 0x110c rtl8192se - detected LockedFile.Multi.Generic ( 1 )
11:57:00.0931 0x110c Detect skipped due to KSN trusted
11:57:00.0931 0x110c rtl8192se - ok
11:57:01.0009 0x110c RtsUIR - ok
11:57:01.0071 0x110c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
11:57:01.0071 0x110c SamSs - ok
11:57:01.0134 0x110c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:57:01.0134 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: 05D860DA1040F111503AC416CCEF2BCA, sha256: DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E
11:57:01.0149 0x110c sbp2port - detected LockedFile.Multi.Generic ( 1 )
11:57:04.0035 0x110c Detect skipped due to KSN trusted
11:57:04.0035 0x110c sbp2port - ok
11:57:04.0113 0x110c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:57:04.0129 0x110c SCardSvr - ok
11:57:04.0176 0x110c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:57:04.0191 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 0693B5EC673E34DC147E195779A4DCF6, sha256: AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670
11:57:04.0222 0x110c scfilter - detected LockedFile.Multi.Generic ( 1 )
11:57:07.0108 0x110c Detect skipped due to KSN trusted
11:57:07.0108 0x110c scfilter - ok
11:57:07.0249 0x110c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
11:57:07.0280 0x110c Schedule - ok
11:57:07.0342 0x110c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:57:07.0342 0x110c SCPolicySvc - ok
11:57:07.0405 0x110c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:57:07.0405 0x110c SDRSVC - ok
11:57:07.0467 0x110c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:57:07.0467 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 90A3935D05B494A5A39D37E71F09A677, sha256: F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952
11:57:07.0514 0x110c secdrv - detected LockedFile.Multi.Generic ( 1 )
11:57:10.0384 0x110c Detect skipped due to KSN trusted
11:57:10.0384 0x110c secdrv - ok
11:57:10.0462 0x110c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
11:57:10.0462 0x110c seclogon - ok
11:57:10.0525 0x110c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
11:57:10.0525 0x110c SENS - ok
11:57:10.0587 0x110c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:57:10.0587 0x110c SensrSvc - ok
11:57:10.0634 0x110c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:57:10.0634 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: 9AD8B8B515E3DF6ACD4212EF465DE2D1, sha256: E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86
11:57:10.0650 0x110c Serenum - detected LockedFile.Multi.Generic ( 1 )
11:57:13.0520 0x110c Detect skipped due to KSN trusted
11:57:13.0520 0x110c Serenum - ok
11:57:13.0676 0x110c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:57:13.0676 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: 5FB7FCEA0490D821F26F39CC5EA3D1E2, sha256: A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F
11:57:13.0676 0x110c Serial - detected LockedFile.Multi.Generic ( 1 )
11:57:16.0562 0x110c Detect skipped due to KSN trusted
11:57:16.0562 0x110c Serial - ok
11:57:16.0656 0x110c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:57:16.0656 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 79BFFB520327FF916A582DFEA17AA813, sha256: 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C
11:57:16.0671 0x110c sermouse - detected LockedFile.Multi.Generic ( 1 )
11:57:19.0557 0x110c Detect skipped due to KSN trusted
11:57:19.0557 0x110c sermouse - ok
11:57:19.0713 0x110c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
11:57:19.0713 0x110c SessionEnv - ok
11:57:19.0776 0x110c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:57:19.0776 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: 9F976E1EB233DF46FCE808D9DEA3EB9C, sha256: 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75
11:57:19.0791 0x110c sffdisk - detected LockedFile.Multi.Generic ( 1 )
11:57:22.0771 0x110c Detect skipped due to KSN trusted
11:57:22.0786 0x110c sffdisk - ok
11:57:22.0864 0x110c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:57:22.0864 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 932A68EE27833CFD57C1639D375F2731, sha256: 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3
11:57:22.0864 0x110c sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
11:57:25.0735 0x110c Detect skipped due to KSN trusted
11:57:25.0735 0x110c sffp_mmc - ok
11:57:25.0813 0x110c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:57:25.0813 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: 6D4CCAEDC018F1CF52866BBBAA235982, sha256: AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131
11:57:25.0813 0x110c sffp_sd - detected LockedFile.Multi.Generic ( 1 )
11:57:28.0886 0x110c Detect skipped due to KSN trusted
11:57:28.0886 0x110c sffp_sd - ok
11:57:28.0964 0x110c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:57:28.0964 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: DB96666CC8312EBC45032F30B007A547, sha256: C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7
11:57:28.0980 0x110c sfloppy - detected LockedFile.Multi.Generic ( 1 )
11:57:31.0850 0x110c Detect skipped due to KSN trusted
11:57:31.0850 0x110c sfloppy - ok
11:57:32.0053 0x110c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:57:32.0068 0x110c SharedAccess - ok
11:57:32.0146 0x110c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:57:32.0162 0x110c ShellHWDetection - ok
11:57:32.0224 0x110c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:57:32.0224 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sisagp.sys. md5: 2565CAC0DC9FE0371BDCE60832582B2E, sha256: 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D
11:57:32.0240 0x110c sisagp - detected LockedFile.Multi.Generic ( 1 )
11:57:35.0126 0x110c Detect skipped due to KSN trusted
11:57:35.0126 0x110c sisagp - ok
11:57:35.0235 0x110c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:57:35.0235 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: A9F0486851BECB6DDA1D89D381E71055, sha256: 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35
11:57:35.0251 0x110c SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
11:57:38.0121 0x110c Detect skipped due to KSN trusted
11:57:38.0121 0x110c SiSRaid2 - ok
11:57:38.0215 0x110c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:57:38.0215 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 3727097B55738E2F554972C3BE5BC1AA, sha256: 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566
11:57:38.0215 0x110c SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
11:57:41.0101 0x110c Detect skipped due to KSN trusted
11:57:41.0101 0x110c SiSRaid4 - ok
11:57:41.0210 0x110c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:57:41.0210 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 3E21C083B8A01CB70BA1F09303010FCE, sha256: 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197
11:57:41.0210 0x110c Smb - detected LockedFile.Multi.Generic ( 1 )
11:57:44.0190 0x110c Detect skipped due to KSN trusted
11:57:44.0190 0x110c Smb - ok
11:57:44.0439 0x110c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:57:44.0439 0x110c SNMPTRAP - ok
11:57:44.0486 0x110c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
11:57:44.0486 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: 95CF1AE7527FB70F7816563CBC09D942, sha256: CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65
11:57:44.0502 0x110c spldr - detected LockedFile.Multi.Generic ( 1 )
11:57:47.0528 0x110c Detect skipped due to KSN trusted
11:57:47.0528 0x110c spldr - ok
11:57:47.0637 0x110c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
11:57:47.0653 0x110c Spooler - ok
11:57:47.0871 0x110c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
11:57:47.0996 0x110c sppsvc - ok
11:57:48.0090 0x110c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:57:48.0090 0x110c sppuinotify - ok
11:57:48.0168 0x110c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:57:48.0168 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: E4C2764065D66EA1D2D3EBC28FE99C46, sha256: 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5
11:57:48.0214 0x110c srv - detected LockedFile.Multi.Generic ( 1 )
11:57:51.0069 0x110c Detect skipped due to KSN trusted
11:57:51.0069 0x110c srv - ok
11:57:51.0178 0x110c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:57:51.0178 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: 03F0545BD8D4C77FA0AE1CEEDFCC71AB, sha256: 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0
11:57:51.0194 0x110c srv2 - detected LockedFile.Multi.Generic ( 1 )
11:57:54.0080 0x110c Detect skipped due to KSN trusted
11:57:54.0080 0x110c srv2 - ok
11:57:54.0174 0x110c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:57:54.0174 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: BE6BD660CAA6F291AE06A718A4FA8ABC, sha256: CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59
11:57:54.0189 0x110c srvnet - detected LockedFile.Multi.Generic ( 1 )
11:57:57.0153 0x110c Detect skipped due to KSN trusted
11:57:57.0153 0x110c srvnet - ok
11:57:57.0247 0x110c [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
11:57:57.0247 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadbus.sys. md5: 64E44ACD8C238FCBBB78F0BA4BDC4B05, sha256: 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4
11:57:57.0278 0x110c ssadbus - detected LockedFile.Multi.Generic ( 1 )
|
|
09.07.2014, 14:03
| #11 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Das ist die Fortsetzung, war wieder zu lang Code:
ATTFilter 11:58:00.0164 0x110c Detect skipped due to KSN trusted
11:58:00.0164 0x110c ssadbus - ok
11:58:00.0273 0x110c [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:58:00.0273 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadmdfl.sys. md5: BB2C84A15C765DA89FD832B0E73F26CE, sha256: BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A
11:58:00.0273 0x110c ssadmdfl - detected LockedFile.Multi.Generic ( 1 )
11:58:03.0268 0x110c Detect skipped due to KSN trusted
11:58:03.0268 0x110c ssadmdfl - ok
11:58:03.0331 0x110c [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
11:58:03.0331 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadmdm.sys. md5: 6D0D132DDC6F43EDA00DCED6D8B1CA31, sha256: 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646
11:58:03.0331 0x110c ssadmdm - detected LockedFile.Multi.Generic ( 1 )
11:58:06.0217 0x110c Detect skipped due to KSN trusted
11:58:06.0217 0x110c ssadmdm - ok
11:58:06.0295 0x110c [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
11:58:06.0295 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadserd.sys. md5: 1A5A397BC459F346AB56492B61EF79F6, sha256: 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4
11:58:06.0310 0x110c ssadserd - detected LockedFile.Multi.Generic ( 1 )
11:58:09.0181 0x110c Detect skipped due to KSN trusted
11:58:09.0181 0x110c ssadserd - ok
11:58:09.0306 0x110c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:58:09.0321 0x110c SSDPSRV - ok
11:58:09.0415 0x110c [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
11:58:09.0415 0x110c ssmdrv - ok
11:58:09.0508 0x110c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:58:09.0508 0x110c SstpSvc - ok
11:58:09.0571 0x110c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:58:09.0571 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: DB32D325C192B801DF274BFD12A7E72B, sha256: F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA
11:58:09.0602 0x110c stexstor - detected LockedFile.Multi.Generic ( 1 )
11:58:12.0472 0x110c Detect skipped due to KSN trusted
11:58:12.0472 0x110c stexstor - ok
11:58:12.0550 0x110c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
11:58:12.0566 0x110c StiSvc - ok
11:58:12.0628 0x110c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
11:58:12.0628 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: E58C78A848ADD9610A4DB6D214AF5224, sha256: 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426
11:58:12.0660 0x110c swenum - detected LockedFile.Multi.Generic ( 1 )
11:58:15.0530 0x110c Detect skipped due to KSN trusted
11:58:15.0530 0x110c swenum - ok
11:58:15.0655 0x110c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
11:58:15.0670 0x110c swprv - ok
11:58:15.0733 0x110c [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:58:15.0733 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 7A9025D8F7852B06D6D08ED536135E7E, sha256: 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD
11:58:15.0748 0x110c SynTP - detected LockedFile.Multi.Generic ( 1 )
11:58:19.0633 0x110c Detect skipped due to KSN trusted
11:58:19.0633 0x110c SynTP - ok
11:58:19.0773 0x110c [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32 C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
11:58:19.0773 0x110c Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
11:58:19.0773 0x110c syshost32 - detected LockedFile.Multi.Generic ( 1 )
11:58:22.0659 0x110c Detect turned to UDS exact due to KSN untrusted
11:58:22.0659 0x110c syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
11:58:22.0659 0x110c Force sending object to P2P due to detect: syshost32
11:58:26.0653 0x110c Object send P2P result: true
11:58:29.0820 0x110c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
11:58:29.0851 0x110c SysMain - ok
11:58:29.0913 0x110c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
11:58:29.0929 0x110c TabletInputService - ok
11:58:30.0022 0x110c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
11:58:30.0038 0x110c TapiSrv - ok
11:58:30.0116 0x110c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
11:58:30.0116 0x110c TBS - ok
11:58:30.0241 0x110c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:58:30.0241 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
11:58:30.0303 0x110c Tcpip - detected LockedFile.Multi.Generic ( 1 )
11:58:33.0361 0x110c Detect skipped due to KSN trusted
11:58:33.0361 0x110c Tcpip - ok
11:58:33.0533 0x110c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:58:33.0533 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
11:58:33.0564 0x110c TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
11:58:33.0564 0x110c Detect skipped due to KSN trusted
11:58:33.0564 0x110c TCPIP6 - ok
11:58:33.0642 0x110c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:58:33.0642 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 3EEBD3BD93DA46A26E89893C7AB2FF3B, sha256: 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E
11:58:33.0657 0x110c tcpipreg - detected LockedFile.Multi.Generic ( 1 )
11:58:36.0512 0x110c Detect skipped due to KSN trusted
11:58:36.0512 0x110c tcpipreg - ok
11:58:36.0653 0x110c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:58:36.0653 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 1CB91B2BD8F6DD367DFC2EF26FD751B2, sha256: 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954
11:58:36.0653 0x110c TDPIPE - detected LockedFile.Multi.Generic ( 1 )
11:58:39.0523 0x110c Detect skipped due to KSN trusted
11:58:39.0523 0x110c TDPIPE - ok
11:58:39.0570 0x110c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:58:39.0570 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 2C2C5AFE7EE4F620D69C23C0617651A8, sha256: E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103
11:58:39.0585 0x110c TDTCP - detected LockedFile.Multi.Generic ( 1 )
11:58:42.0471 0x110c Detect skipped due to KSN trusted
11:58:42.0471 0x110c TDTCP - ok
11:58:42.0565 0x110c [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:58:42.0565 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: B459575348C20E8121D6039DA063C704, sha256: 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347
11:58:42.0581 0x110c tdx - detected LockedFile.Multi.Generic ( 1 )
11:58:45.0685 0x110c Detect skipped due to KSN trusted
11:58:45.0685 0x110c tdx - ok
11:58:45.0747 0x110c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:58:45.0747 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 04DBF4B01EA4BF25A9A3E84AFFAC9B20, sha256: 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663
11:58:45.0747 0x110c TermDD - detected LockedFile.Multi.Generic ( 1 )
11:58:48.0633 0x110c Detect skipped due to KSN trusted
11:58:48.0633 0x110c TermDD - ok
11:58:48.0727 0x110c [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
11:58:48.0758 0x110c TermService - ok
11:58:48.0836 0x110c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
11:58:48.0836 0x110c Themes - ok
11:58:48.0883 0x110c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
11:58:48.0883 0x110c THREADORDER - ok
11:58:48.0930 0x110c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
11:58:48.0945 0x110c TrkWks - ok
11:58:49.0039 0x110c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:58:49.0055 0x110c TrustedInstaller - ok
11:58:49.0117 0x110c [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:58:49.0117 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: B37B08F2E5EEB1A37E448E09BACE1101, sha256: 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C
11:58:49.0148 0x110c tssecsrv - detected LockedFile.Multi.Generic ( 1 )
11:58:52.0034 0x110c Detect skipped due to KSN trusted
11:58:52.0034 0x110c tssecsrv - ok
11:58:52.0143 0x110c [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:58:52.0143 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: FD1D6C73E6333BE727CBCC6054247654, sha256: 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E
11:58:52.0159 0x110c TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
11:58:55.0029 0x110c Detect skipped due to KSN trusted
11:58:55.0029 0x110c TsUsbFlt - ok
11:58:55.0107 0x110c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:58:55.0107 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: B2FA25D9B17A68BB93D58B0556E8C90D, sha256: 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE
11:58:55.0123 0x110c tunnel - detected LockedFile.Multi.Generic ( 1 )
11:58:57.0993 0x110c Detect skipped due to KSN trusted
11:58:57.0993 0x110c tunnel - ok
11:58:58.0087 0x110c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:58:58.0087 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: 750FBCB269F4D7DD2E420C56B795DB6D, sha256: E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7
11:58:58.0103 0x110c uagp35 - detected LockedFile.Multi.Generic ( 1 )
11:59:00.0973 0x110c Detect skipped due to KSN trusted
11:59:00.0973 0x110c uagp35 - ok
11:59:01.0082 0x110c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:59:01.0082 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: EE43346C7E4B5E63E54F927BABBB32FF, sha256: BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9
11:59:01.0098 0x110c udfs - detected LockedFile.Multi.Generic ( 1 )
11:59:03.0968 0x110c Detect skipped due to KSN trusted
11:59:03.0968 0x110c udfs - ok
11:59:04.0077 0x110c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:59:04.0077 0x110c UI0Detect - ok
11:59:04.0140 0x110c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:59:04.0140 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 44E8048ACE47BEFBFDC2E9BE4CBC8880, sha256: 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C
11:59:04.0140 0x110c uliagpkx - detected LockedFile.Multi.Generic ( 1 )
11:59:07.0026 0x110c Detect skipped due to KSN trusted
11:59:07.0026 0x110c uliagpkx - ok
11:59:07.0119 0x110c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
11:59:07.0135 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: D295BED4B898F0FD999FCFA9B32B071B, sha256: D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2
11:59:07.0166 0x110c umbus - detected LockedFile.Multi.Generic ( 1 )
11:59:10.0037 0x110c Detect skipped due to KSN trusted
11:59:10.0037 0x110c umbus - ok
11:59:10.0146 0x110c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:59:10.0146 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: 7550AD0C6998BA1CB4843E920EE0FEAC, sha256: 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D
11:59:10.0146 0x110c UmPass - detected LockedFile.Multi.Generic ( 1 )
11:59:13.0016 0x110c Detect skipped due to KSN trusted
11:59:13.0016 0x110c UmPass - ok
11:59:13.0141 0x110c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
11:59:13.0157 0x110c upnphost - ok
11:59:13.0219 0x110c [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:59:13.0219 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 8455C4ED038EFD09E99327F9D2D48FFA, sha256: D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30
11:59:13.0235 0x110c usbccgp - detected LockedFile.Multi.Generic ( 1 )
11:59:16.0121 0x110c Detect skipped due to KSN trusted
11:59:16.0121 0x110c usbccgp - ok
11:59:16.0214 0x110c USBCCID - ok
11:59:16.0292 0x110c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:59:16.0292 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 2352AB5F9F8F097BF9D41D5A4718A041, sha256: 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C
11:59:16.0308 0x110c usbcir - detected LockedFile.Multi.Generic ( 1 )
11:59:19.0194 0x110c Detect skipped due to KSN trusted
11:59:19.0194 0x110c usbcir - ok
11:59:19.0287 0x110c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:59:19.0287 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: D40855F89B69305140BBD7E9A3BA2DA6, sha256: 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C
11:59:19.0303 0x110c usbehci - detected LockedFile.Multi.Generic ( 1 )
11:59:22.0173 0x110c Detect skipped due to KSN trusted
11:59:22.0173 0x110c usbehci - ok
11:59:22.0314 0x110c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:59:22.0314 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: EDF2DF71C4F1E13A6AC75F5224DE655A, sha256: 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C
11:59:22.0329 0x110c usbhub - detected LockedFile.Multi.Generic ( 1 )
11:59:25.0200 0x110c Detect skipped due to KSN trusted
11:59:25.0200 0x110c usbhub - ok
11:59:25.0309 0x110c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:59:25.0309 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 9828C8D14CC2676421778F0DE638CF97, sha256: 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453
11:59:25.0309 0x110c usbohci - detected LockedFile.Multi.Generic ( 1 )
11:59:28.0195 0x110c Detect skipped due to KSN trusted
11:59:28.0195 0x110c usbohci - ok
11:59:28.0289 0x110c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:59:28.0289 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 797D862FE0875E75C7CC4C1AD7B30252, sha256: 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069
11:59:28.0304 0x110c usbprint - detected LockedFile.Multi.Generic ( 1 )
11:59:31.0175 0x110c Detect skipped due to KSN trusted
11:59:31.0175 0x110c usbprint - ok
11:59:31.0237 0x110c [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
11:59:31.0237 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbscan.sys. md5: FC6B21DB4B5B398AB93DBE59CBF11036, sha256: A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374
11:59:31.0237 0x110c usbscan - detected LockedFile.Multi.Generic ( 1 )
11:59:34.0107 0x110c Detect skipped due to KSN trusted
11:59:34.0107 0x110c usbscan - ok
11:59:34.0201 0x110c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:59:34.0201 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: F991AB9CC6B908DB552166768176896A, sha256: AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026
11:59:34.0201 0x110c USBSTOR - detected LockedFile.Multi.Generic ( 1 )
11:59:37.0071 0x110c Detect skipped due to KSN trusted
11:59:37.0071 0x110c USBSTOR - ok
11:59:37.0196 0x110c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:59:37.0196 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 800AABFD625EEFF899F7E5496BDE37AB, sha256: 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2
11:59:37.0196 0x110c usbuhci - detected LockedFile.Multi.Generic ( 1 )
11:59:40.0269 0x110c Detect skipped due to KSN trusted
11:59:40.0269 0x110c usbuhci - ok
11:59:40.0472 0x110c [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:59:40.0472 0x110c Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: F642A7E4BF78CFA359CCA0A3557C28D7, sha256: 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061
11:59:40.0488 0x110c usbvideo - detected LockedFile.Multi.Generic ( 1 )
11:59:43.0467 0x110c Detect skipped due to KSN trusted
11:59:43.0467 0x110c usbvideo - ok
11:59:43.0592 0x110c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
11:59:43.0592 0x110c UxSms - ok
11:59:43.0655 0x110c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
11:59:43.0655 0x110c VaultSvc - ok
11:59:43.0701 0x110c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:59:43.0701 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: A059C4C3EDB09E07D21A8E5C0AABD3CB, sha256: BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07
11:59:43.0748 0x110c vdrvroot - detected LockedFile.Multi.Generic ( 1 )
11:59:46.0759 0x110c Detect skipped due to KSN trusted
11:59:46.0759 0x110c vdrvroot - ok
11:59:46.0884 0x110c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
11:59:46.0915 0x110c vds - ok
11:59:46.0962 0x110c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:59:46.0962 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 17C408214EA61696CEC9C66E388B14F3, sha256: 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97
11:59:46.0993 0x110c vga - detected LockedFile.Multi.Generic ( 1 )
11:59:49.0863 0x110c Detect skipped due to KSN trusted
11:59:49.0863 0x110c vga - ok
11:59:50.0004 0x110c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:59:50.0004 0x110c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 8E38096AD5C8570A6F1570A61E251561, sha256: 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39
11:59:50.0019 0x110c VgaSave - detected LockedFile.Multi.Generic ( 1 )
11:59:52.0890 0x110c Detect skipped due to KSN trusted
11:59:52.0890 0x110c VgaSave - ok
11:59:52.0968 0x110c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:59:52.0968 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 5461686CCA2FDA57B024547733AB42E3, sha256: 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84
11:59:52.0983 0x110c vhdmp - detected LockedFile.Multi.Generic ( 1 )
11:59:55.0854 0x110c Detect skipped due to KSN trusted
11:59:55.0854 0x110c vhdmp - ok
11:59:55.0947 0x110c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:59:55.0947 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaagp.sys. md5: C829317A37B4BEA8F39735D4B076E923, sha256: 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497
11:59:55.0963 0x110c viaagp - detected LockedFile.Multi.Generic ( 1 )
11:59:58.0802 0x110c Detect skipped due to KSN trusted
11:59:58.0802 0x110c viaagp - ok
11:59:58.0911 0x110c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:59:58.0911 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viac7.sys. md5: E02F079A6AA107F06B16549C6E5C7B74, sha256: B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788
11:59:58.0927 0x110c ViaC7 - detected LockedFile.Multi.Generic ( 1 )
12:00:01.0813 0x110c Detect skipped due to KSN trusted
12:00:01.0813 0x110c ViaC7 - ok
12:00:01.0938 0x110c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
12:00:01.0938 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E43574F6A56A0EE11809B48C09E4FD3C, sha256: 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9
12:00:01.0969 0x110c viaide - detected LockedFile.Multi.Generic ( 1 )
12:00:04.0824 0x110c Detect skipped due to KSN trusted
12:00:04.0824 0x110c viaide - ok
12:00:04.0917 0x110c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:00:04.0917 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: 4C63E00F2F4B5F86AB48A58CD990F212, sha256: 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035
12:00:04.0933 0x110c volmgr - detected LockedFile.Multi.Generic ( 1 )
12:00:07.0959 0x110c Detect skipped due to KSN trusted
12:00:07.0959 0x110c volmgr - ok
12:00:08.0084 0x110c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:00:08.0084 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: B5BB72067DDDDBBFB04B2F89FF8C3C87, sha256: 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC
12:00:08.0084 0x110c volmgrx - detected LockedFile.Multi.Generic ( 1 )
12:00:10.0970 0x110c Detect skipped due to KSN trusted
12:00:10.0970 0x110c volmgrx - ok
12:00:11.0079 0x110c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:00:11.0079 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: F497F67932C6FA693D7DE2780631CFE7, sha256: DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6
12:00:11.0095 0x110c volsnap - detected LockedFile.Multi.Generic ( 1 )
12:00:14.0059 0x110c Detect skipped due to KSN trusted
12:00:14.0059 0x110c volsnap - ok
12:00:14.0199 0x110c [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:00:14.0231 0x110c vpnagent - ok
12:00:14.0277 0x110c [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
12:00:14.0277 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpnva.sys. md5: FDDAFA1C89B0B07494AF5879F7ECE857, sha256: C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301
12:00:14.0309 0x110c vpnva - detected LockedFile.Multi.Generic ( 1 )
12:00:17.0179 0x110c Detect skipped due to KSN trusted
12:00:17.0179 0x110c vpnva - ok
12:00:17.0288 0x110c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:00:17.0288 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 9DFA0CC2F8855A04816729651175B631, sha256: 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3
12:00:17.0304 0x110c vsmraid - detected LockedFile.Multi.Generic ( 1 )
12:00:20.0190 0x110c Detect skipped due to KSN trusted
12:00:20.0190 0x110c vsmraid - ok
12:00:20.0361 0x110c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
12:00:20.0393 0x110c VSS - ok
12:00:20.0455 0x110c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:00:20.0455 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 90567B1E658001E79D7C8BBD3DDE5AA6, sha256: EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557
12:00:20.0502 0x110c vwifibus - detected LockedFile.Multi.Generic ( 1 )
12:00:23.0372 0x110c Detect skipped due to KSN trusted
12:00:23.0372 0x110c vwifibus - ok
12:00:23.0466 0x110c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:00:23.0466 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 7090D3436EEB4E7DA3373090A23448F7, sha256: 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2
12:00:23.0497 0x110c vwififlt - detected LockedFile.Multi.Generic ( 1 )
12:00:26.0368 0x110c Detect skipped due to KSN trusted
12:00:26.0368 0x110c vwififlt - ok
12:00:26.0446 0x110c [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:00:26.0446 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: A3F04CBEA6C2A10E6CB01F8B47611882, sha256: 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3
12:00:26.0461 0x110c vwifimp - detected LockedFile.Multi.Generic ( 1 )
12:00:29.0332 0x110c Detect skipped due to KSN trusted
12:00:29.0332 0x110c vwifimp - ok
12:00:29.0441 0x110c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
12:00:29.0456 0x110c W32Time - ok
12:00:29.0534 0x110c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:00:29.0534 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: DE3721E89C653AA281428C8A69745D90, sha256: 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516
12:00:29.0566 0x110c WacomPen - detected LockedFile.Multi.Generic ( 1 )
12:00:32.0452 0x110c Detect skipped due to KSN trusted
12:00:32.0452 0x110c WacomPen - ok
12:00:32.0639 0x110c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:00:32.0639 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
12:00:32.0857 0x110c WANARP - detected LockedFile.Multi.Generic ( 1 )
12:00:35.0728 0x110c Detect skipped due to KSN trusted
12:00:35.0728 0x110c WANARP - ok
12:00:35.0806 0x110c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:00:35.0806 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
12:00:35.0806 0x110c Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
12:00:35.0806 0x110c Detect skipped due to KSN trusted
12:00:35.0806 0x110c Wanarpv6 - ok
12:00:35.0946 0x110c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:00:35.0993 0x110c WatAdminSvc - ok
12:00:36.0102 0x110c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
12:00:36.0149 0x110c wbengine - ok
12:00:36.0227 0x110c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:00:36.0242 0x110c WbioSrvc - ok
12:00:36.0320 0x110c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:00:36.0336 0x110c wcncsvc - ok
12:00:36.0383 0x110c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:00:36.0383 0x110c WcsPlugInService - ok
12:00:36.0445 0x110c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:00:36.0445 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 1112A9BADACB47B7C0BB0392E3158DFF, sha256: 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4
12:00:36.0476 0x110c Wd - detected LockedFile.Multi.Generic ( 1 )
12:00:39.0347 0x110c Detect skipped due to KSN trusted
12:00:39.0347 0x110c Wd - ok
12:00:39.0440 0x110c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:00:39.0440 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 25944D2CC49E0A6C581D02A74B7D6645, sha256: AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE
12:00:39.0440 0x110c Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
12:00:42.0326 0x110c Detect skipped due to KSN trusted
12:00:42.0326 0x110c Wdf01000 - ok
12:00:42.0404 0x110c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:00:42.0404 0x110c WdiServiceHost - ok
12:00:42.0467 0x110c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:00:42.0467 0x110c WdiSystemHost - ok
12:00:42.0545 0x110c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
12:00:42.0560 0x110c WebClient - ok
12:00:42.0638 0x110c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:00:42.0654 0x110c Wecsvc - ok
12:00:42.0701 0x110c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:00:42.0701 0x110c wercplsupport - ok
12:00:42.0748 0x110c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
12:00:42.0763 0x110c WerSvc - ok
12:00:42.0810 0x110c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:00:42.0810 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8B9A943F3B53861F2BFAF6C186168F79, sha256: 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713
12:00:42.0841 0x110c WfpLwf - detected LockedFile.Multi.Generic ( 1 )
12:00:45.0727 0x110c Detect skipped due to KSN trusted
12:00:45.0727 0x110c WfpLwf - ok
12:00:45.0821 0x110c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:00:45.0821 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 5CF95B35E59E2A38023836FFF31BE64C, sha256: CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D
12:00:45.0836 0x110c WIMMount - detected LockedFile.Multi.Generic ( 1 )
12:00:48.0707 0x110c Detect skipped due to KSN trusted
12:00:48.0707 0x110c WIMMount - ok
12:00:48.0832 0x110c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:00:48.0863 0x110c WinDefend - ok
12:00:48.0988 0x110c WinHttpAutoProxySvc - ok
12:00:49.0066 0x110c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:00:49.0081 0x110c Winmgmt - ok
12:00:49.0206 0x110c [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
12:00:49.0253 0x110c WinRM - ok
12:00:49.0409 0x110c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:00:49.0409 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: A67E5F9A400F3BD1BE3D80613B45F708, sha256: E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367
12:00:49.0424 0x110c WinUsb - detected LockedFile.Multi.Generic ( 1 )
12:00:52.0295 0x110c Detect skipped due to KSN trusted
12:00:52.0295 0x110c WinUsb - ok
12:00:52.0466 0x110c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:00:52.0513 0x110c Wlansvc - ok
12:00:52.0560 0x110c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:00:52.0560 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: 0217679B8FCA58714C3BF2726D2CA84E, sha256: 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A
12:00:52.0591 0x110c WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
12:00:55.0477 0x110c Detect skipped due to KSN trusted
12:00:55.0477 0x110c WmiAcpi - ok
12:00:55.0618 0x110c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:00:55.0618 0x110c wmiApSrv - ok
12:00:55.0742 0x110c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:00:55.0789 0x110c WMPNetworkSvc - ok
12:00:55.0836 0x110c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:00:55.0852 0x110c WPCSvc - ok
12:00:55.0914 0x110c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:00:55.0914 0x110c WPDBusEnum - ok
12:00:55.0976 0x110c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:00:55.0976 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6DB3276587B853BF886B69528FDB048C, sha256: 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C
12:00:56.0008 0x110c ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
12:00:58.0862 0x110c Detect skipped due to KSN trusted
12:00:58.0862 0x110c ws2ifsl - ok
12:00:58.0987 0x110c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
12:00:58.0987 0x110c wscsvc - ok
12:00:59.0065 0x110c [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:00:59.0065 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 553F6CCD7C58EB98D4A8FBDAF283D7A9, sha256: 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560
12:00:59.0081 0x110c WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
12:01:01.0967 0x110c Detect skipped due to KSN trusted
12:01:01.0967 0x110c WSDPrintDevice - ok
12:01:02.0060 0x110c [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\Windows\system32\drivers\WSDScan.sys
12:01:02.0076 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WSDScan.sys. md5: 7DC0270CFD4A05B4112E3EBBF083B595, sha256: DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137
12:01:02.0076 0x110c WSDScan - detected LockedFile.Multi.Generic ( 1 )
12:01:04.0946 0x110c Detect skipped due to KSN trusted
12:01:04.0946 0x110c WSDScan - ok
12:01:04.0978 0x110c WSearch - ok
12:01:05.0165 0x110c [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
12:01:05.0227 0x110c wuauserv - ok
12:01:05.0321 0x110c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:01:05.0321 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 06E6F32C8D0A3F66D956F57B43A2E070, sha256: 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943
12:01:05.0336 0x110c WudfPf - detected LockedFile.Multi.Generic ( 1 )
12:01:08.0222 0x110c Detect skipped due to KSN trusted
12:01:08.0222 0x110c WudfPf - ok
12:01:08.0394 0x110c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:08.0394 0x110c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 867C301E8B790040AE9CF6486E8041DF, sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
12:01:08.0410 0x110c WUDFRd - detected LockedFile.Multi.Generic ( 1 )
12:01:11.0327 0x110c Detect skipped due to KSN trusted
12:01:11.0327 0x110c WUDFRd - ok
12:01:11.0436 0x110c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:01:11.0436 0x110c wudfsvc - ok
12:01:11.0514 0x110c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
12:01:11.0514 0x110c WwanSvc - ok
12:01:11.0623 0x110c ================ Scan global ===============================
12:01:11.0701 0x110c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
12:01:11.0732 0x110c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:01:11.0779 0x110c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:01:11.0810 0x110c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:01:11.0842 0x110c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:01:11.0857 0x110c [ Global ] - ok
12:01:11.0857 0x110c ================ Scan MBR ==================================
12:01:11.0857 0x110c [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
12:01:17.0333 0x110c \Device\Harddisk0\DR0 - ok
12:01:17.0333 0x110c ================ Scan VBR ==================================
12:01:17.0333 0x110c [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
12:01:17.0348 0x110c \Device\Harddisk0\DR0\Partition1 - ok
12:01:17.0411 0x110c [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
12:01:17.0411 0x110c \Device\Harddisk0\DR0\Partition2 - ok
12:01:17.0411 0x110c [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
12:01:17.0411 0x110c \Device\Harddisk0\DR0\Partition3 - ok
12:01:17.0426 0x110c ================ Scan generic autorun ======================
12:01:17.0489 0x110c [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
12:01:17.0489 0x110c IAAnotif - ok
12:01:17.0629 0x110c [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
12:01:17.0707 0x110c MGSysCtrl - ok
12:01:17.0832 0x110c [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
12:01:17.0879 0x110c SynTPEnh - ok
12:01:18.0331 0x110c [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
12:01:18.0596 0x110c RtHDVCpl - ok
12:01:18.0721 0x110c [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
12:01:18.0721 0x110c PDVD9LanguageShortcut - ok
12:01:18.0784 0x110c [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
12:01:18.0799 0x110c UCam_Menu - ok
12:01:18.0830 0x110c [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
12:01:18.0846 0x110c YouCam Mirror Tray icon - ok
12:01:18.0862 0x110c [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
12:01:18.0877 0x110c IgfxTray - ok
12:01:18.0893 0x110c [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
12:01:18.0908 0x110c HotKeysCmds - ok
12:01:18.0924 0x110c [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
12:01:18.0940 0x110c Persistence - ok
12:01:19.0018 0x110c [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
12:01:19.0033 0x110c IJNetworkScannerSelectorEX - ok
12:01:19.0142 0x110c [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:01:19.0174 0x110c Adobe ARM - ok
12:01:19.0236 0x110c [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
12:01:19.0236 0x110c SunJavaUpdateSched - ok
12:01:19.0345 0x110c [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
12:01:19.0376 0x110c avgnt - ok
12:01:19.0439 0x110c [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
12:01:19.0454 0x110c Cisco AnyConnect Secure Mobility Agent for Windows - ok
12:01:19.0579 0x110c [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
12:01:19.0642 0x110c MailCheck IE Broker - ok
12:01:19.0657 0x110c {956AD994-B7CC-444F-8054-3F0EAE8F6791} - ok
12:01:19.0657 0x110c {18E8313B-5A67-490D-9B0D-BCBA5F82ED24} - ok
12:01:19.0657 0x110c Waiting for KSN requests completion. In queue: 16
12:01:20.0671 0x110c Waiting for KSN requests completion. In queue: 16
12:01:21.0685 0x110c Waiting for KSN requests completion. In queue: 16
12:01:22.0715 0x110c AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x42000 ( disabled : updated )
12:01:22.0715 0x110c Win FW state via NFP2: enabled
12:01:25.0554 0x110c ============================================================
12:01:25.0554 0x110c Scan finished
12:01:25.0554 0x110c ============================================================
12:01:25.0570 0x0fbc Detected object count: 2
12:01:25.0570 0x0fbc Actual detected object count: 2
|
|
09.07.2014, 14:05
| #12 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Und das ist der von heute, der heute nach dem Durchsuchen erzeugt worden ist Code:
ATTFilter 14:12:26.0947 0x0c70 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
14:12:31.0003 0x0c70 ============================================================
14:12:31.0003 0x0c70 Current date / time: 2014/07/09 14:12:31.0003
14:12:31.0003 0x0c70 SystemInfo:
14:12:31.0003 0x0c70
14:12:31.0003 0x0c70 OS Version: 6.1.7601 ServicePack: 1.0
14:12:31.0003 0x0c70 Product type: Workstation
14:12:31.0003 0x0c70 ComputerName: *****-PC
14:12:31.0003 0x0c70 UserName: *****
14:12:31.0003 0x0c70 Windows directory: C:\Windows
14:12:31.0003 0x0c70 System windows directory: C:\Windows
14:12:31.0003 0x0c70 Processor architecture: Intel x86
14:12:31.0003 0x0c70 Number of processors: 2
14:12:31.0003 0x0c70 Page size: 0x1000
14:12:31.0003 0x0c70 Boot type: Normal boot
14:12:31.0003 0x0c70 ============================================================
14:12:31.0003 0x0c70 BG loaded
14:12:31.0424 0x0c70 System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
14:12:32.0594 0x0c70 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:12:32.0609 0x0c70 ============================================================
14:12:32.0609 0x0c70 \Device\Harddisk0\DR0:
14:12:32.0609 0x0c70 MBR partitions:
14:12:32.0609 0x0c70 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:12:32.0609 0x0c70 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
14:12:32.0609 0x0c70 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
14:12:32.0609 0x0c70 ============================================================
14:12:32.0641 0x0c70 C: <-> \Device\Harddisk0\DR0\Partition2
14:12:32.0703 0x0c70 D: <-> \Device\Harddisk0\DR0\Partition3
14:12:32.0703 0x0c70 ============================================================
14:12:32.0703 0x0c70 Initialize success
14:12:32.0703 0x0c70 ============================================================
14:12:38.0693 0x0970 ============================================================
14:12:38.0693 0x0970 Scan started
14:12:38.0693 0x0970 Mode: Manual;
14:12:38.0693 0x0970 ============================================================
14:12:38.0693 0x0970 KSN ping started
14:12:38.0771 0x0970 KSN ping finished: false
14:12:40.0300 0x0970 ================ Scan system memory ========================
14:12:40.0300 0x0970 System memory - ok
14:12:40.0300 0x0970 ================ Scan services =============================
14:12:40.0487 0x0970 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:12:40.0503 0x0970 1394ohci - ok
14:12:40.0597 0x0970 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:12:40.0612 0x0970 ACPI - ok
14:12:40.0643 0x0970 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:12:40.0643 0x0970 AcpiPmi - ok
14:12:40.0690 0x0970 [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock C:\Windows\system32\DRIVERS\acsock.sys
14:12:40.0706 0x0970 acsock - ok
14:12:40.0831 0x0970 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:12:40.0846 0x0970 AdobeARMservice - ok
14:12:40.0955 0x0970 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:12:40.0971 0x0970 AdobeFlashPlayerUpdateSvc - ok
14:12:41.0033 0x0970 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:12:41.0096 0x0970 adp94xx - ok
14:12:41.0127 0x0970 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:12:41.0189 0x0970 adpahci - ok
14:12:41.0221 0x0970 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:12:41.0236 0x0970 adpu320 - ok
14:12:41.0283 0x0970 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:12:41.0283 0x0970 AeLookupSvc - ok
14:12:41.0345 0x0970 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
14:12:41.0423 0x0970 AFD - ok
14:12:41.0455 0x0970 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:12:41.0470 0x0970 agp440 - ok
14:12:41.0517 0x0970 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:12:41.0533 0x0970 aic78xx - ok
14:12:41.0564 0x0970 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
14:12:41.0595 0x0970 ALG - ok
14:12:41.0657 0x0970 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
14:12:41.0704 0x0970 aliide - ok
14:12:41.0751 0x0970 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:12:41.0751 0x0970 amdagp - ok
14:12:41.0782 0x0970 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
14:12:41.0798 0x0970 amdide - ok
14:12:41.0845 0x0970 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:12:41.0876 0x0970 AmdK8 - ok
14:12:41.0907 0x0970 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:12:41.0923 0x0970 AmdPPM - ok
14:12:41.0954 0x0970 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:12:42.0001 0x0970 amdsata - ok
14:12:42.0047 0x0970 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:12:42.0094 0x0970 amdsbs - ok
14:12:42.0125 0x0970 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:12:42.0157 0x0970 amdxata - ok
14:12:42.0219 0x0970 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
14:12:42.0219 0x0970 androidusb - ok
14:12:42.0313 0x0970 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:12:42.0328 0x0970 AntiVirSchedulerService - ok
14:12:42.0391 0x0970 [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:12:42.0406 0x0970 AntiVirService - ok
14:12:42.0453 0x0970 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
14:12:42.0469 0x0970 AppID - ok
14:12:42.0500 0x0970 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:12:42.0531 0x0970 AppIDSvc - ok
14:12:42.0578 0x0970 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
14:12:42.0593 0x0970 Appinfo - ok
14:12:42.0640 0x0970 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:12:42.0656 0x0970 arc - ok
14:12:42.0671 0x0970 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:12:42.0718 0x0970 arcsas - ok
14:12:42.0843 0x0970 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:12:42.0859 0x0970 aspnet_state - ok
14:12:42.0890 0x0970 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:12:42.0890 0x0970 AsyncMac - ok
14:12:42.0952 0x0970 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
14:12:42.0983 0x0970 atapi - ok
14:12:43.0046 0x0970 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:12:43.0077 0x0970 AudioEndpointBuilder - ok
14:12:43.0124 0x0970 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:12:43.0139 0x0970 Audiosrv - ok
14:12:43.0233 0x0970 [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:12:43.0264 0x0970 avgntflt - ok
14:12:43.0342 0x0970 [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:12:43.0389 0x0970 avipbb - ok
14:12:43.0420 0x0970 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:12:43.0436 0x0970 avkmgr - ok
14:12:43.0483 0x0970 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:12:43.0498 0x0970 AxInstSV - ok
14:12:43.0545 0x0970 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:12:43.0607 0x0970 b06bdrv - ok
14:12:43.0654 0x0970 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:12:43.0685 0x0970 b57nd60x - ok
14:12:43.0732 0x0970 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
14:12:43.0748 0x0970 BDESVC - ok
14:12:43.0779 0x0970 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
14:12:43.0779 0x0970 Beep - ok
14:12:43.0857 0x0970 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
14:12:43.0888 0x0970 BFE - ok
14:12:43.0951 0x0970 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
14:12:43.0997 0x0970 BITS - ok
14:12:44.0029 0x0970 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:12:44.0060 0x0970 blbdrive - ok
14:12:44.0107 0x0970 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:12:44.0153 0x0970 bowser - ok
14:12:44.0185 0x0970 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:12:44.0216 0x0970 BrFiltLo - ok
14:12:44.0247 0x0970 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:12:44.0278 0x0970 BrFiltUp - ok
14:12:44.0325 0x0970 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:12:44.0341 0x0970 BridgeMP - ok
14:12:44.0372 0x0970 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
14:12:44.0387 0x0970 Browser - ok
14:12:44.0419 0x0970 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:12:44.0481 0x0970 Brserid - ok
14:12:44.0528 0x0970 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:12:44.0559 0x0970 BrSerWdm - ok
14:12:44.0590 0x0970 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:12:44.0606 0x0970 BrUsbMdm - ok
14:12:44.0621 0x0970 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:12:44.0637 0x0970 BrUsbSer - ok
14:12:44.0684 0x0970 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:12:44.0684 0x0970 BthEnum - ok
14:12:44.0715 0x0970 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:12:44.0731 0x0970 BTHMODEM - ok
14:12:44.0762 0x0970 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:12:44.0762 0x0970 BthPan - ok
14:12:44.0809 0x0970 [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:12:44.0871 0x0970 BTHPORT - ok
14:12:44.0933 0x0970 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
14:12:44.0933 0x0970 bthserv - ok
14:12:44.0949 0x0970 [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:12:44.0980 0x0970 BTHUSB - ok
14:12:45.0027 0x0970 [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:12:45.0043 0x0970 btwaudio - ok
14:12:45.0089 0x0970 [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:12:45.0105 0x0970 btwavdt - ok
14:12:45.0214 0x0970 [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:12:45.0245 0x0970 btwdins - ok
14:12:45.0261 0x0970 [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:12:45.0277 0x0970 btwl2cap - ok
14:12:45.0308 0x0970 [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:12:45.0308 0x0970 btwrchid - ok
14:12:45.0386 0x0970 catchme - ok
14:12:45.0417 0x0970 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:12:45.0433 0x0970 cdfs - ok
14:12:45.0495 0x0970 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:12:45.0511 0x0970 cdrom - ok
14:12:45.0557 0x0970 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
14:12:45.0557 0x0970 CertPropSvc - ok
14:12:45.0589 0x0970 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:12:45.0635 0x0970 circlass - ok
14:12:45.0682 0x0970 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
14:12:45.0698 0x0970 CLFS - ok
14:12:45.0854 0x0970 [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
14:12:45.0932 0x0970 ClickToRunSvc - ok
14:12:45.0994 0x0970 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:46.0041 0x0970 clr_optimization_v2.0.50727_32 - ok
14:12:46.0103 0x0970 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:12:46.0119 0x0970 clr_optimization_v4.0.30319_32 - ok
14:12:46.0150 0x0970 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:12:46.0150 0x0970 CmBatt - ok
14:12:46.0181 0x0970 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:12:46.0197 0x0970 cmdide - ok
14:12:46.0244 0x0970 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
14:12:46.0291 0x0970 CNG - ok
14:12:46.0322 0x0970 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:12:46.0353 0x0970 Compbatt - ok
14:12:46.0415 0x0970 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:12:46.0462 0x0970 CompositeBus - ok
14:12:46.0493 0x0970 COMSysApp - ok
14:12:46.0525 0x0970 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:12:46.0525 0x0970 crcdisk - ok
14:12:46.0571 0x0970 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:12:46.0587 0x0970 CryptSvc - ok
14:12:46.0634 0x0970 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
14:12:46.0665 0x0970 DcomLaunch - ok
14:12:46.0712 0x0970 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
14:12:46.0743 0x0970 defragsvc - ok
14:12:46.0774 0x0970 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:12:46.0790 0x0970 DfsC - ok
14:12:46.0852 0x0970 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:12:46.0868 0x0970 Dhcp - ok
14:12:46.0899 0x0970 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
14:12:46.0899 0x0970 discache - ok
14:12:46.0946 0x0970 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:12:46.0977 0x0970 Disk - ok
14:12:47.0024 0x0970 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:12:47.0039 0x0970 Dnscache - ok
14:12:47.0071 0x0970 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
14:12:47.0117 0x0970 dot3svc - ok
14:12:47.0180 0x0970 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
14:12:47.0195 0x0970 DPS - ok
14:12:47.0242 0x0970 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:12:47.0273 0x0970 drmkaud - ok
14:12:47.0351 0x0970 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:12:47.0492 0x0970 DXGKrnl - ok
14:12:47.0539 0x0970 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
14:12:47.0554 0x0970 EapHost - ok
14:12:47.0726 0x0970 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:12:47.0929 0x0970 ebdrv - ok
14:12:47.0975 0x0970 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
14:12:47.0975 0x0970 EFS - ok
14:12:48.0053 0x0970 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:12:48.0131 0x0970 ehRecvr - ok
14:12:48.0178 0x0970 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
14:12:48.0178 0x0970 ehSched - ok
14:12:48.0241 0x0970 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:12:48.0287 0x0970 elxstor - ok
14:12:48.0319 0x0970 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:12:48.0319 0x0970 ErrDev - ok
14:12:48.0381 0x0970 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
14:12:48.0397 0x0970 EventSystem - ok
14:12:48.0428 0x0970 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
14:12:48.0443 0x0970 exfat - ok
14:12:48.0475 0x0970 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:12:48.0490 0x0970 fastfat - ok
14:12:48.0568 0x0970 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
14:12:48.0584 0x0970 Fax - ok
14:12:48.0615 0x0970 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:12:48.0646 0x0970 fdc - ok
14:12:48.0693 0x0970 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
14:12:48.0693 0x0970 fdPHost - ok
14:12:48.0709 0x0970 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
14:12:48.0709 0x0970 FDResPub - ok
14:12:48.0740 0x0970 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:12:48.0771 0x0970 FileInfo - ok
14:12:48.0802 0x0970 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:12:48.0833 0x0970 Filetrace - ok
14:12:48.0865 0x0970 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:12:48.0896 0x0970 flpydisk - ok
14:12:48.0927 0x0970 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:12:48.0989 0x0970 FltMgr - ok
14:12:49.0083 0x0970 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
14:12:49.0145 0x0970 FontCache - ok
14:12:49.0208 0x0970 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:49.0223 0x0970 FontCache3.0.0.0 - ok
14:12:49.0239 0x0970 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:12:49.0270 0x0970 FsDepends - ok
14:12:49.0301 0x0970 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:12:49.0333 0x0970 Fs_Rec - ok
14:12:49.0395 0x0970 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:12:49.0426 0x0970 fvevol - ok
14:12:49.0457 0x0970 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:12:49.0504 0x0970 gagp30kx - ok
14:12:49.0551 0x0970 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
14:12:49.0598 0x0970 gpsvc - ok
14:12:49.0691 0x0970 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:49.0707 0x0970 gupdate - ok
14:12:49.0723 0x0970 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:49.0738 0x0970 gupdatem - ok
14:12:49.0754 0x0970 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:12:49.0769 0x0970 hcw85cir - ok
14:12:49.0832 0x0970 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:12:49.0863 0x0970 HdAudAddService - ok
14:12:49.0910 0x0970 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:12:49.0910 0x0970 HDAudBus - ok
14:12:49.0941 0x0970 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:12:49.0941 0x0970 HidBatt - ok
14:12:49.0972 0x0970 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:12:50.0003 0x0970 HidBth - ok
14:12:50.0050 0x0970 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:12:50.0066 0x0970 HidIr - ok
14:12:50.0097 0x0970 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
14:12:50.0097 0x0970 hidserv - ok
14:12:50.0144 0x0970 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:12:50.0175 0x0970 HidUsb - ok
14:12:50.0222 0x0970 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
14:12:50.0222 0x0970 hkmsvc - ok
14:12:50.0253 0x0970 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:12:50.0284 0x0970 HomeGroupListener - ok
14:12:50.0315 0x0970 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:12:50.0331 0x0970 HomeGroupProvider - ok
14:12:50.0378 0x0970 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:12:50.0409 0x0970 HpSAMD - ok
14:12:50.0471 0x0970 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:12:50.0549 0x0970 HTTP - ok
14:12:50.0596 0x0970 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:12:50.0627 0x0970 hwpolicy - ok
14:12:50.0674 0x0970 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:12:50.0690 0x0970 i8042prt - ok
14:12:50.0768 0x0970 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:12:50.0815 0x0970 IAANTMON - ok
14:12:50.0861 0x0970 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:12:50.0877 0x0970 iaStor - ok
14:12:50.0924 0x0970 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:12:51.0002 0x0970 iaStorV - ok
14:12:51.0080 0x0970 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:51.0189 0x0970 idsvc - ok
14:12:51.0220 0x0970 IEEtwCollectorService - ok
14:12:51.0719 0x0970 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:12:52.0234 0x0970 igfx - ok
14:12:52.0359 0x0970 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:12:52.0375 0x0970 iirsp - ok
14:12:52.0437 0x0970 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
14:12:52.0468 0x0970 IKEEXT - ok
14:12:52.0687 0x0970 [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:12:52.0921 0x0970 IntcAzAudAddService - ok
14:12:52.0967 0x0970 [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
14:12:52.0983 0x0970 IntcHdmiAddService - ok
14:12:53.0014 0x0970 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
14:12:53.0061 0x0970 intelide - ok
14:12:53.0108 0x0970 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:12:53.0108 0x0970 intelppm - ok
14:12:53.0155 0x0970 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:12:53.0186 0x0970 IPBusEnum - ok
14:12:53.0248 0x0970 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:12:53.0279 0x0970 IpFilterDriver - ok
14:12:53.0373 0x0970 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:12:53.0404 0x0970 iphlpsvc - ok
14:12:53.0435 0x0970 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:12:53.0451 0x0970 IPMIDRV - ok
14:12:53.0747 0x0970 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:12:53.0779 0x0970 IPNAT - ok
14:12:53.0810 0x0970 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:12:53.0841 0x0970 IRENUM - ok
14:12:53.0888 0x0970 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:12:53.0935 0x0970 isapnp - ok
14:12:54.0013 0x0970 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:12:54.0059 0x0970 iScsiPrt - ok
14:12:54.0122 0x0970 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:12:54.0169 0x0970 kbdclass - ok
14:12:54.0231 0x0970 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:12:54.0262 0x0970 kbdhid - ok
14:12:54.0278 0x0970 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
14:12:54.0278 0x0970 KeyIso - ok
14:12:54.0325 0x0970 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:12:54.0340 0x0970 KSecDD - ok
14:12:54.0403 0x0970 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:12:54.0449 0x0970 KSecPkg - ok
14:12:54.0527 0x0970 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:12:54.0574 0x0970 KtmRm - ok
14:12:54.0637 0x0970 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:12:54.0652 0x0970 LanmanServer - ok
14:12:54.0699 0x0970 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:12:54.0715 0x0970 LanmanWorkstation - ok
14:12:54.0761 0x0970 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:12:54.0777 0x0970 lltdio - ok
14:12:54.0824 0x0970 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:12:54.0855 0x0970 lltdsvc - ok
14:12:54.0886 0x0970 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:12:54.0917 0x0970 lmhosts - ok
14:12:54.0980 0x0970 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:12:55.0027 0x0970 LSI_FC - ok
14:12:55.0089 0x0970 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:12:55.0120 0x0970 LSI_SAS - ok
14:12:55.0183 0x0970 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:12:55.0183 0x0970 LSI_SAS2 - ok
14:12:55.0229 0x0970 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:12:55.0261 0x0970 LSI_SCSI - ok
14:12:55.0323 0x0970 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
14:12:55.0370 0x0970 luafv - ok
14:12:55.0432 0x0970 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:12:55.0479 0x0970 Mcx2Svc - ok
14:12:55.0526 0x0970 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:12:55.0557 0x0970 megasas - ok
14:12:55.0619 0x0970 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:12:55.0682 0x0970 MegaSR - ok
14:12:55.0744 0x0970 [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
14:12:55.0775 0x0970 Micro Star SCM - ok
14:12:55.0822 0x0970 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
14:12:55.0822 0x0970 MMCSS - ok
14:12:55.0869 0x0970 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
14:12:55.0900 0x0970 Modem - ok
14:12:55.0947 0x0970 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:12:55.0947 0x0970 monitor - ok
14:12:55.0978 0x0970 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:12:56.0009 0x0970 mouclass - ok
14:12:56.0041 0x0970 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:12:56.0041 0x0970 mouhid - ok
14:12:56.0087 0x0970 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:12:56.0119 0x0970 mountmgr - ok
14:12:56.0181 0x0970 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
14:12:56.0212 0x0970 mpio - ok
14:12:56.0306 0x0970 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:12:56.0337 0x0970 mpsdrv - ok
14:12:56.0415 0x0970 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:12:56.0446 0x0970 MpsSvc - ok
14:12:56.0493 0x0970 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:12:56.0509 0x0970 MRxDAV - ok
14:12:56.0571 0x0970 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:12:56.0602 0x0970 mrxsmb - ok
14:12:56.0665 0x0970 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:12:56.0711 0x0970 mrxsmb10 - ok
14:12:56.0758 0x0970 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:12:56.0789 0x0970 mrxsmb20 - ok
14:12:56.0836 0x0970 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
14:12:56.0867 0x0970 msahci - ok
14:12:56.0899 0x0970 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:12:56.0961 0x0970 msdsm - ok
14:12:56.0992 0x0970 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
14:12:57.0039 0x0970 MSDTC - ok
14:12:57.0101 0x0970 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:12:57.0133 0x0970 Msfs - ok
14:12:57.0164 0x0970 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:12:57.0195 0x0970 mshidkmdf - ok
14:12:57.0257 0x0970 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:12:57.0320 0x0970 msisadrv - ok
14:12:57.0351 0x0970 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:12:57.0398 0x0970 MSiSCSI - ok
14:12:57.0413 0x0970 msiserver - ok
14:12:57.0460 0x0970 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:12:57.0476 0x0970 MSKSSRV - ok
14:12:57.0491 0x0970 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:12:57.0523 0x0970 MSPCLOCK - ok
14:12:57.0554 0x0970 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:12:57.0569 0x0970 MSPQM - ok
14:12:57.0601 0x0970 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:12:57.0632 0x0970 MsRPC - ok
14:12:57.0694 0x0970 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:12:57.0694 0x0970 mssmbios - ok
14:12:57.0741 0x0970 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:12:57.0741 0x0970 MSTEE - ok
14:12:57.0772 0x0970 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:12:57.0772 0x0970 MTConfig - ok
14:12:57.0850 0x0970 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
14:12:57.0881 0x0970 Mup - ok
14:12:57.0975 0x0970 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
14:12:58.0006 0x0970 napagent - ok
14:12:58.0100 0x0970 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:12:58.0209 0x0970 NativeWifiP - ok
14:12:58.0318 0x0970 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:12:58.0381 0x0970 NDIS - ok
14:12:58.0443 0x0970 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:12:58.0474 0x0970 NdisCap - ok
14:12:58.0537 0x0970 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:12:58.0568 0x0970 NdisTapi - ok
14:12:58.0630 0x0970 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:12:58.0677 0x0970 Ndisuio - ok
14:12:58.0708 0x0970 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:12:58.0755 0x0970 NdisWan - ok
14:12:58.0786 0x0970 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:12:58.0802 0x0970 NDProxy - ok
14:12:58.0849 0x0970 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:12:58.0880 0x0970 NetBIOS - ok
14:12:58.0958 0x0970 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:12:59.0005 0x0970 NetBT - ok
14:12:59.0036 0x0970 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
14:12:59.0036 0x0970 Netlogon - ok
14:12:59.0083 0x0970 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
14:12:59.0098 0x0970 Netman - ok
14:12:59.0192 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0239 0x0970 NetMsmqActivator - ok
14:12:59.0301 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0301 0x0970 NetPipeActivator - ok
14:12:59.0348 0x0970 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
14:12:59.0379 0x0970 netprofm - ok
14:12:59.0395 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0395 0x0970 NetTcpActivator - ok
14:12:59.0410 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0426 0x0970 NetTcpPortSharing - ok
14:12:59.0457 0x0970 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:12:59.0488 0x0970 nfrd960 - ok
14:12:59.0535 0x0970 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:12:59.0566 0x0970 NlaSvc - ok
14:12:59.0597 0x0970 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:12:59.0613 0x0970 Npfs - ok
14:12:59.0644 0x0970 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
14:12:59.0660 0x0970 nsi - ok
14:12:59.0675 0x0970 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:12:59.0691 0x0970 nsiproxy - ok
14:12:59.0800 0x0970 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:12:59.0925 0x0970 Ntfs - ok
14:12:59.0972 0x0970 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
14:13:00.0003 0x0970 Null - ok
14:13:00.0034 0x0970 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:13:00.0065 0x0970 nvraid - ok
14:13:00.0112 0x0970 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:13:00.0159 0x0970 nvstor - ok
14:13:00.0190 0x0970 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:13:00.0206 0x0970 nv_agp - ok
14:13:00.0237 0x0970 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:13:00.0253 0x0970 ohci1394 - ok
14:13:00.0315 0x0970 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:13:00.0362 0x0970 ose - ok
14:13:00.0689 0x0970 [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:13:01.0064 0x0970 osppsvc - ok
14:13:01.0126 0x0970 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:13:01.0142 0x0970 p2pimsvc - ok
14:13:01.0173 0x0970 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
14:13:01.0235 0x0970 p2psvc - ok
14:13:01.0282 0x0970 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:13:01.0313 0x0970 Parport - ok
14:13:01.0360 0x0970 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:13:01.0391 0x0970 partmgr - ok
14:13:01.0423 0x0970 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:13:01.0438 0x0970 Parvdm - ok
14:13:01.0469 0x0970 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:13:01.0485 0x0970 PcaSvc - ok
14:13:01.0516 0x0970 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
14:13:01.0547 0x0970 pci - ok
14:13:01.0579 0x0970 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
14:13:01.0610 0x0970 pciide - ok
14:13:01.0641 0x0970 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:13:01.0688 0x0970 pcmcia - ok
14:13:01.0719 0x0970 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
14:13:01.0766 0x0970 pcw - ok
14:13:01.0813 0x0970 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:13:01.0906 0x0970 PEAUTH - ok
14:13:02.0031 0x0970 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
14:13:02.0203 0x0970 pla - ok
14:13:02.0265 0x0970 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:13:02.0296 0x0970 PlugPlay - ok
14:13:02.0327 0x0970 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:13:02.0343 0x0970 PNRPAutoReg - ok
14:13:02.0390 0x0970 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:13:02.0405 0x0970 PNRPsvc - ok
14:13:02.0468 0x0970 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:13:02.0483 0x0970 PolicyAgent - ok
14:13:02.0530 0x0970 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
14:13:02.0530 0x0970 Power - ok
14:13:02.0577 0x0970 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:13:02.0608 0x0970 PptpMiniport - ok
14:13:02.0655 0x0970 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:13:02.0686 0x0970 Processor - ok
14:13:02.0749 0x0970 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:13:02.0749 0x0970 ProfSvc - ok
14:13:02.0780 0x0970 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:13:02.0780 0x0970 ProtectedStorage - ok
14:13:02.0827 0x0970 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:13:02.0827 0x0970 Psched - ok
14:13:02.0920 0x0970 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:13:03.0076 0x0970 ql2300 - ok
14:13:03.0107 0x0970 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:13:03.0139 0x0970 ql40xx - ok
14:13:03.0185 0x0970 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
14:13:03.0217 0x0970 QWAVE - ok
14:13:03.0248 0x0970 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:13:03.0279 0x0970 QWAVEdrv - ok
14:13:03.0310 0x0970 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:13:03.0341 0x0970 RasAcd - ok
14:13:03.0373 0x0970 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:13:03.0388 0x0970 RasAgileVpn - ok
14:13:03.0419 0x0970 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
14:13:03.0435 0x0970 RasAuto - ok
14:13:03.0466 0x0970 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:13:03.0497 0x0970 Rasl2tp - ok
14:13:03.0560 0x0970 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
14:13:03.0591 0x0970 RasMan - ok
14:13:03.0622 0x0970 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:13:03.0653 0x0970 RasPppoe - ok
14:13:03.0685 0x0970 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:13:03.0700 0x0970 RasSstp - ok
14:13:03.0747 0x0970 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:13:03.0778 0x0970 rdbss - ok
14:13:03.0809 0x0970 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:13:03.0825 0x0970 rdpbus - ok
14:13:03.0872 0x0970 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:13:03.0903 0x0970 RDPCDD - ok
14:13:03.0965 0x0970 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:13:03.0981 0x0970 RDPENCDD - ok
14:13:04.0012 0x0970 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:13:04.0043 0x0970 RDPREFMP - ok
14:13:04.0106 0x0970 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:13:04.0153 0x0970 RDPWD - ok
14:13:04.0215 0x0970 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:13:04.0262 0x0970 rdyboost - ok
14:13:04.0309 0x0970 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:13:04.0340 0x0970 RemoteAccess - ok
14:13:04.0387 0x0970 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:13:04.0418 0x0970 RemoteRegistry - ok
14:13:04.0465 0x0970 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:13:04.0480 0x0970 RFCOMM - ok
14:13:04.0574 0x0970 [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
14:13:04.0636 0x0970 RichVideo - ok
14:13:04.0683 0x0970 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:13:04.0683 0x0970 RpcEptMapper - ok
14:13:04.0714 0x0970 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
14:13:04.0730 0x0970 RpcLocator - ok
14:13:04.0761 0x0970 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
14:13:04.0777 0x0970 RpcSs - ok
14:13:04.0823 0x0970 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:13:04.0855 0x0970 rspndr - ok
14:13:04.0933 0x0970 [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:13:04.0964 0x0970 RSUSBSTOR - ok
14:13:05.0011 0x0970 [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:13:05.0057 0x0970 RTL8167 - ok
14:13:05.0151 0x0970 [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
14:13:05.0276 0x0970 rtl8192se - ok
14:13:05.0291 0x0970 RtsUIR - ok
14:13:05.0307 0x0970 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
14:13:05.0307 0x0970 SamSs - ok
14:13:05.0338 0x0970 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:13:05.0385 0x0970 sbp2port - ok
14:13:05.0447 0x0970 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:13:05.0479 0x0970 SCardSvr - ok
14:13:05.0525 0x0970 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:13:05.0557 0x0970 scfilter - ok
14:13:05.0650 0x0970 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
14:13:05.0697 0x0970 Schedule - ok
14:13:05.0728 0x0970 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:13:05.0728 0x0970 SCPolicySvc - ok
14:13:05.0759 0x0970 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:13:05.0759 0x0970 SDRSVC - ok
14:13:05.0791 0x0970 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:13:05.0806 0x0970 secdrv - ok
14:13:05.0822 0x0970 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
14:13:05.0853 0x0970 seclogon - ok
14:13:05.0884 0x0970 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
14:13:05.0900 0x0970 SENS - ok
14:13:05.0931 0x0970 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:13:05.0947 0x0970 SensrSvc - ok
14:13:05.0962 0x0970 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:13:05.0993 0x0970 Serenum - ok
14:13:06.0040 0x0970 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:13:06.0056 0x0970 Serial - ok
14:13:06.0087 0x0970 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:13:06.0103 0x0970 sermouse - ok
14:13:06.0134 0x0970 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
14:13:06.0149 0x0970 SessionEnv - ok
14:13:06.0181 0x0970 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:13:06.0181 0x0970 sffdisk - ok
14:13:06.0212 0x0970 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:13:06.0212 0x0970 sffp_mmc - ok
14:13:06.0227 0x0970 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:13:06.0259 0x0970 sffp_sd - ok
14:13:06.0290 0x0970 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:13:06.0321 0x0970 sfloppy - ok
14:13:06.0383 0x0970 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:13:06.0430 0x0970 SharedAccess - ok
14:13:06.0477 0x0970 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:13:06.0493 0x0970 ShellHWDetection - ok
14:13:06.0524 0x0970 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:13:06.0555 0x0970 sisagp - ok
14:13:06.0602 0x0970 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:13:06.0617 0x0970 SiSRaid2 - ok
14:13:06.0649 0x0970 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:13:06.0680 0x0970 SiSRaid4 - ok
14:13:06.0727 0x0970 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:13:06.0773 0x0970 Smb - ok
14:13:06.0836 0x0970 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:13:06.0867 0x0970 SNMPTRAP - ok
14:13:06.0898 0x0970 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
14:13:06.0914 0x0970 spldr - ok
14:13:06.0976 0x0970 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
14:13:07.0007 0x0970 Spooler - ok
14:13:07.0195 0x0970 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
14:13:07.0366 0x0970 sppsvc - ok
14:13:07.0429 0x0970 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:13:07.0475 0x0970 sppuinotify - ok
14:13:07.0538 0x0970 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:13:07.0600 0x0970 srv - ok
14:13:07.0631 0x0970 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:13:07.0663 0x0970 srv2 - ok
14:13:07.0709 0x0970 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:13:07.0725 0x0970 srvnet - ok
14:13:07.0772 0x0970 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
14:13:07.0803 0x0970 ssadbus - ok
14:13:07.0850 0x0970 [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:13:07.0881 0x0970 ssadmdfl - ok
14:13:07.0912 0x0970 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
14:13:07.0928 0x0970 ssadmdm - ok
14:13:07.0959 0x0970 [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
14:13:08.0006 0x0970 ssadserd - ok
14:13:08.0053 0x0970 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:13:08.0053 0x0970 SSDPSRV - ok
14:13:08.0099 0x0970 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:13:08.0131 0x0970 ssmdrv - ok
14:13:08.0177 0x0970 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:13:08.0177 0x0970 SstpSvc - ok
14:13:08.0209 0x0970 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:13:08.0209 0x0970 stexstor - ok
14:13:08.0271 0x0970 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
14:13:08.0349 0x0970 StiSvc - ok
14:13:08.0380 0x0970 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
14:13:08.0411 0x0970 swenum - ok
14:13:08.0458 0x0970 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
14:13:08.0489 0x0970 swprv - ok
14:13:08.0552 0x0970 [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:13:08.0567 0x0970 SynTP - ok
14:13:08.0661 0x0970 [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32 C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
14:13:23.0278 0x0970 Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
14:13:23.0278 0x0970 syshost32 - detected LockedFile.Multi.Generic ( 1 )
14:13:23.0419 0x0970 syshost32 ( LockedFile.Multi.Generic ) - warning
14:13:23.0419 0x0970 Force sending object to P2P due to detect: syshost32
14:13:23.0419 0x0970 Object send P2P result: false
14:13:23.0497 0x0970 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
14:13:23.0559 0x0970 SysMain - ok
14:13:23.0606 0x0970 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:13:23.0621 0x0970 TabletInputService - ok
14:13:23.0637 0x0970 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
14:13:23.0684 0x0970 TapiSrv - ok
14:13:23.0715 0x0970 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
14:13:23.0731 0x0970 TBS - ok
14:13:23.0809 0x0970 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:13:34.0151 0x0970 Tcpip - ok
14:13:34.0245 0x0970 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:13:34.0307 0x0970 TCPIP6 - ok
14:13:34.0354 0x0970 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:13:34.0401 0x0970 tcpipreg - ok
14:13:34.0448 0x0970 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:13:34.0479 0x0970 TDPIPE - ok
14:13:34.0510 0x0970 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:13:34.0526 0x0970 TDTCP - ok
14:13:34.0573 0x0970 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:13:34.0635 0x0970 tdx - ok
14:13:34.0682 0x0970 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:13:34.0727 0x0970 TermDD - ok
14:13:34.0807 0x0970 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
14:13:34.0843 0x0970 TermService - ok
14:13:34.0890 0x0970 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
14:13:34.0890 0x0970 Themes - ok
14:13:34.0905 0x0970 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
14:13:34.0921 0x0970 THREADORDER - ok
14:13:34.0952 0x0970 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
14:13:34.0952 0x0970 TrkWks - ok
14:13:35.0021 0x0970 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:13:35.0031 0x0970 TrustedInstaller - ok
14:13:35.0088 0x0970 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:13:35.0119 0x0970 tssecsrv - ok
14:13:35.0203 0x0970 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:13:35.0255 0x0970 TsUsbFlt - ok
14:13:35.0333 0x0970 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:13:35.0412 0x0970 tunnel - ok
14:13:35.0443 0x0970 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:13:35.0459 0x0970 uagp35 - ok
14:13:35.0508 0x0970 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:13:35.0568 0x0970 udfs - ok
14:13:35.0603 0x0970 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:13:35.0650 0x0970 UI0Detect - ok
14:13:35.0698 0x0970 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:13:35.0729 0x0970 uliagpkx - ok
14:13:35.0760 0x0970 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
14:13:35.0807 0x0970 umbus - ok
14:13:35.0838 0x0970 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:13:35.0885 0x0970 UmPass - ok
14:13:35.0932 0x0970 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
14:13:35.0947 0x0970 upnphost - ok
14:13:35.0963 0x0970 [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:13:36.0010 0x0970 usbccgp - ok
14:13:36.0025 0x0970 USBCCID - ok
14:13:36.0072 0x0970 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:13:36.0119 0x0970 usbcir - ok
14:13:36.0150 0x0970 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:13:36.0197 0x0970 usbehci - ok
14:13:36.0259 0x0970 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:13:36.0322 0x0970 usbhub - ok
14:13:36.0369 0x0970 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:13:36.0400 0x0970 usbohci - ok
14:13:36.0447 0x0970 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:13:36.0478 0x0970 usbprint - ok
14:13:36.0525 0x0970 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
14:13:36.0556 0x0970 usbscan - ok
14:13:36.0603 0x0970 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:13:36.0649 0x0970 USBSTOR - ok
14:13:36.0696 0x0970 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:13:36.0712 0x0970 usbuhci - ok
14:13:36.0759 0x0970 [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:13:36.0774 0x0970 usbvideo - ok
14:13:36.0805 0x0970 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
14:13:36.0821 0x0970 UxSms - ok
14:13:36.0821 0x0970 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
14:13:36.0837 0x0970 VaultSvc - ok
14:13:36.0852 0x0970 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:13:36.0899 0x0970 vdrvroot - ok
14:13:36.0977 0x0970 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
14:13:37.0055 0x0970 vds - ok
14:13:37.0086 0x0970 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:13:37.0102 0x0970 vga - ok
14:13:37.0117 0x0970 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:13:37.0149 0x0970 VgaSave - ok
14:13:37.0195 0x0970 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:13:37.0211 0x0970 vhdmp - ok
14:13:37.0242 0x0970 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:13:37.0289 0x0970 viaagp - ok
14:13:37.0320 0x0970 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:13:37.0336 0x0970 ViaC7 - ok
14:13:37.0351 0x0970 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
14:13:37.0383 0x0970 viaide - ok
14:13:37.0429 0x0970 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:13:37.0461 0x0970 volmgr - ok
14:13:37.0507 0x0970 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:13:37.0570 0x0970 volmgrx - ok
14:13:37.0632 0x0970 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:13:37.0663 0x0970 volsnap - ok
14:13:37.0741 0x0970 [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
14:13:37.0788 0x0970 vpnagent - ok
14:13:37.0835 0x0970 [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
14:13:37.0866 0x0970 vpnva - ok
14:13:37.0913 0x0970 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:13:37.0960 0x0970 vsmraid - ok
14:13:38.0038 0x0970 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
14:13:38.0100 0x0970 VSS - ok
14:13:38.0147 0x0970 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:13:38.0178 0x0970 vwifibus - ok
14:13:38.0225 0x0970 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:13:38.0256 0x0970 vwififlt - ok
14:13:38.0272 0x0970 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:13:38.0319 0x0970 vwifimp - ok
14:13:38.0365 0x0970 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
14:13:38.0397 0x0970 W32Time - ok
14:13:38.0412 0x0970 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:13:38.0443 0x0970 WacomPen - ok
14:13:38.0490 0x0970 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:13:38.0537 0x0970 WANARP - ok
14:13:38.0537 0x0970 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:13:38.0553 0x0970 Wanarpv6 - ok
14:13:38.0693 0x0970 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:13:38.0740 0x0970 WatAdminSvc - ok
14:13:38.0833 0x0970 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
14:13:38.0974 0x0970 wbengine - ok
14:13:39.0005 0x0970 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:13:39.0052 0x0970 WbioSrvc - ok
14:13:39.0083 0x0970 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:13:39.0145 0x0970 wcncsvc - ok
14:13:39.0161 0x0970 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:13:39.0192 0x0970 WcsPlugInService - ok
14:13:39.0223 0x0970 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:13:39.0270 0x0970 Wd - ok
14:13:39.0333 0x0970 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:13:39.0395 0x0970 Wdf01000 - ok
14:13:39.0411 0x0970 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:13:39.0411 0x0970 WdiServiceHost - ok
14:13:39.0442 0x0970 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:13:39.0442 0x0970 WdiSystemHost - ok
14:13:39.0489 0x0970 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
14:13:39.0504 0x0970 WebClient - ok
14:13:39.0551 0x0970 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:13:39.0582 0x0970 Wecsvc - ok
14:13:39.0598 0x0970 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:13:39.0598 0x0970 wercplsupport - ok
14:13:39.0629 0x0970 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
14:13:39.0629 0x0970 WerSvc - ok
14:13:39.0660 0x0970 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:13:39.0691 0x0970 WfpLwf - ok
14:13:39.0707 0x0970 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:13:39.0723 0x0970 WIMMount - ok
14:13:39.0801 0x0970 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:13:39.0894 0x0970 WinDefend - ok
14:13:39.0925 0x0970 WinHttpAutoProxySvc - ok
14:13:39.0972 0x0970 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:13:39.0988 0x0970 Winmgmt - ok
14:13:40.0081 0x0970 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
14:13:40.0159 0x0970 WinRM - ok
14:13:40.0206 0x0970 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:13:40.0237 0x0970 WinUsb - ok
14:13:40.0300 0x0970 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:13:40.0362 0x0970 Wlansvc - ok
14:13:40.0409 0x0970 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:13:40.0409 0x0970 WmiAcpi - ok
14:13:40.0456 0x0970 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:13:40.0503 0x0970 wmiApSrv - ok
14:13:40.0612 0x0970 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:13:40.0674 0x0970 WMPNetworkSvc - ok
14:13:40.0705 0x0970 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:13:40.0737 0x0970 WPCSvc - ok
14:13:40.0768 0x0970 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:13:40.0783 0x0970 WPDBusEnum - ok
14:13:40.0799 0x0970 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:13:40.0830 0x0970 ws2ifsl - ok
14:13:40.0893 0x0970 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
14:13:40.0893 0x0970 wscsvc - ok
14:13:40.0939 0x0970 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:13:40.0971 0x0970 WSDPrintDevice - ok
14:13:41.0033 0x0970 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\Windows\system32\drivers\WSDScan.sys
14:13:41.0033 0x0970 WSDScan - ok
14:13:41.0049 0x0970 WSearch - ok
14:13:41.0189 0x0970 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
14:13:41.0251 0x0970 wuauserv - ok
14:13:41.0298 0x0970 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:13:41.0345 0x0970 WudfPf - ok
14:13:41.0376 0x0970 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:13:41.0423 0x0970 WUDFRd - ok
14:13:41.0454 0x0970 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:13:41.0470 0x0970 wudfsvc - ok
14:13:41.0501 0x0970 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
14:13:41.0548 0x0970 WwanSvc - ok
14:13:41.0610 0x0970 ================ Scan global ===============================
14:13:41.0657 0x0970 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:13:41.0704 0x0970 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:13:41.0735 0x0970 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:13:41.0782 0x0970 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:13:41.0798 0x0970 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:13:41.0829 0x0970 [ Global ] - ok
14:13:41.0829 0x0970 ================ Scan MBR ==================================
14:13:41.0844 0x0970 [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
14:13:47.0180 0x0970 \Device\Harddisk0\DR0 - ok
14:13:47.0180 0x0970 ================ Scan VBR ==================================
14:13:47.0195 0x0970 [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
14:13:47.0195 0x0970 \Device\Harddisk0\DR0\Partition1 - ok
14:13:47.0367 0x0970 [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
14:13:47.0382 0x0970 \Device\Harddisk0\DR0\Partition2 - ok
14:13:47.0398 0x0970 [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
14:13:47.0398 0x0970 \Device\Harddisk0\DR0\Partition3 - ok
14:13:47.0398 0x0970 ================ Scan generic autorun ======================
14:13:47.0460 0x0970 [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
14:13:47.0460 0x0970 IAAnotif - ok
14:13:47.0601 0x0970 [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
14:13:47.0679 0x0970 MGSysCtrl - ok
14:13:47.0804 0x0970 [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
14:13:47.0850 0x0970 SynTPEnh - ok
14:13:48.0287 0x0970 [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
14:13:48.0552 0x0970 RtHDVCpl - ok
14:13:48.0677 0x0970 [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
14:13:48.0677 0x0970 PDVD9LanguageShortcut - ok
14:13:48.0755 0x0970 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
14:13:48.0771 0x0970 UCam_Menu - ok
14:13:48.0802 0x0970 [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
14:13:48.0802 0x0970 YouCam Mirror Tray icon - ok
14:13:48.0849 0x0970 [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
14:13:48.0849 0x0970 IgfxTray - ok
14:13:48.0880 0x0970 [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
14:13:48.0896 0x0970 HotKeysCmds - ok
14:13:48.0911 0x0970 [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
14:13:48.0927 0x0970 Persistence - ok
14:13:49.0005 0x0970 [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
14:13:49.0020 0x0970 IJNetworkScannerSelectorEX - ok
14:13:49.0114 0x0970 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:13:49.0145 0x0970 Adobe ARM - ok
14:13:49.0208 0x0970 [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
14:13:49.0223 0x0970 SunJavaUpdateSched - ok
14:13:49.0317 0x0970 [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
14:13:49.0348 0x0970 avgnt - ok
14:13:49.0395 0x0970 [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
14:13:49.0426 0x0970 Cisco AnyConnect Secure Mobility Agent for Windows - ok
14:13:49.0566 0x0970 [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
14:13:49.0629 0x0970 MailCheck IE Broker - ok
14:13:49.0754 0x0970 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x41000 ( enabled : updated )
14:13:49.0785 0x0970 Win FW state via NFP2: enabled
14:13:49.0785 0x0970 ============================================================
14:13:49.0785 0x0970 Scan finished
14:13:49.0785 0x0970 ============================================================
14:13:49.0816 0x0f50 Detected object count: 1
14:13:49.0816 0x0f50 Actual detected object count: 1
14:14:23.0652 0x0f50 C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe - copied to quarantine
14:14:23.0668 0x0f50 HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
14:14:23.0699 0x0f50 HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
14:14:23.0824 0x0f50 C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe - will be deleted on reboot
14:14:23.0824 0x0f50 syshost32 ( LockedFile.Multi.Generic ) - User select action: Delete
14:14:24.0027 0x0f50 KLMD registered as C:\Windows\system32\drivers\94758064.sys
14:16:43.0536 0x05cc Deinitialize success
|
|
10.07.2014, 11:47
| #13 |
| /// the machine /// TB-Ausbilder | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Ehm, jetzt blick ich nimmer durch. Stelle sicher dass Du überall Delete wählst. Dann rebooten. Mach bitte einen frischen Scan mit TDSSKiller und poste das log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.07.2014, 18:57
| #14 |
| | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Hallo Schrauber, habe noch mal einen scan durchgeführt. Dabei wurde nichts entdeckt. Somit konnte ich auch nichts entfernen oder rebooten. Es wurde auch kein neues log erzeugt. D. h. der letzte Bericht den ich habe, ist der vor deiner Nachricht, von gestern halt. Kann es gern noch mal posten, aber steht ja eigentlich direkt vor deiner Nachricht. Die anderen drei wurden vom Programm einen Tag vorher erstellt. Gruß |
|
11.07.2014, 13:42
| #15 |
| /// the machine /// TB-Ausbilder | Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Wenn nix mehr gefunden wurde passt das. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr |
| 0x80004005, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivirus, avira, browser, canon, computer, device driver, dxgkrnl, entfernen, fehler, flash player, funktioniert nicht mehr, google, home, internet, monitor, mozilla, office 365, problem, realtek, registry, rootkit, rundll, scan, security, services.exe, software, svchost.exe, tv wizard, viren, windows, wscript.exe, ändern |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
