| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: G data blockiert , keine Systemwiederherstellung möglich , Taskmanager funktioniert nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.03.2015, 11:53
| #7 |
 |  G data blockiert , keine Systemwiederherstellung möglich , Taskmanager funktioniert nicht Hallo, es sind 3 Log Dateien gespeichert . Die größte ist aber zu groß um sie zu posten?? Steffen [CODE12:27:16.0173 0x0628 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 12:27:20.0369 0x0628 ============================================================ 12:27:20.0369 0x0628 Current date / time: 2015/03/31 12:27:20.0369 12:27:20.0369 0x0628 SystemInfo: 12:27:20.0369 0x0628 12:27:20.0369 0x0628 OS Version: 6.1.7601 ServicePack: 1.0 12:27:20.0369 0x0628 Product type: Workstation 12:27:20.0369 0x0628 ComputerName: STEFFEN-PC 12:27:20.0369 0x0628 UserName: Steffen 12:27:20.0369 0x0628 Windows directory: C:\Windows 12:27:20.0369 0x0628 System windows directory: C:\Windows 12:27:20.0369 0x0628 Processor architecture: Intel x86 12:27:20.0369 0x0628 Number of processors: 2 12:27:20.0369 0x0628 Page size: 0x1000 12:27:20.0369 0x0628 Boot type: Normal boot 12:27:20.0369 0x0628 ============================================================ 12:27:22.0148 0x0628 KLMD registered as C:\Windows\system32\drivers\69785960.sys 12:28:56.0746 0x0628 Raw registry subsystem init failed! 12:28:56.0793 0x0628 System UUID: {46E0A9DE-26BC-4181-AEFA-41A238A50B07} 12:28:57.0152 0x0628 !crdlk 12:28:57.0152 0x0628 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A' 12:28:57.0152 0x0628 ============================================================ 12:28:57.0152 0x0628 \Device\Harddisk0\DR0: 12:28:57.0152 0x0628 MBR partitions: 12:28:57.0152 0x0628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:28:57.0152 0x0628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800 12:28:57.0152 0x0628 ============================================================ 12:28:57.0183 0x0628 C: <-> \Device\Harddisk0\DR0\Partition2 12:28:57.0214 0x0628 E: <-> \Device\Harddisk0\DR0\Partition1 12:28:57.0214 0x0628 ============================================================ 12:28:57.0214 0x0628 Initialize success 12:28:57.0214 0x0628 ============================================================ 12:29:13.0984 0x1600 ============================================================ 12:29:13.0984 0x1600 Scan started 12:29:13.0984 0x1600 Mode: Manual; 12:29:13.0984 0x1600 ============================================================ 12:29:13.0984 0x1600 KSN ping started 12:29:27.0462 0x1600 KSN ping finished: true 12:29:27.0462 0x1600 ================ Scan system memory ======================== 12:29:27.0462 0x1600 Scan was interrupted by user! 12:29:27.0525 0x1600 AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41010 ( enabled : outofdate ) 12:29:27.0525 0x1600 FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled ) 12:29:30.0005 0x1600 ============================================================ 12:29:30.0005 0x1600 Scan finished 12:29:30.0005 0x1600 ============================================================ 12:29:30.0005 0x0470 Detected object count: 0 12:29:30.0005 0x0470 Actual detected object count: 0 12:29:50.0535 0x1578 Deinitialize success ][/CODE] Code:
ATTFilter 12:30:23.0272 0x1470 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:30:29.0372 0x1470 ============================================================
12:30:29.0372 0x1470 Current date / time: 2015/03/31 12:30:29.0372
12:30:29.0372 0x1470 SystemInfo:
12:30:29.0372 0x1470
12:30:29.0372 0x1470 OS Version: 6.1.7601 ServicePack: 1.0
12:30:29.0372 0x1470 Product type: Workstation
12:30:29.0372 0x1470 ComputerName: STEFFEN-PC
12:30:29.0372 0x1470 UserName: Steffen
12:30:29.0372 0x1470 Windows directory: C:\Windows
12:30:29.0372 0x1470 System windows directory: C:\Windows
12:30:29.0372 0x1470 Processor architecture: Intel x86
12:30:29.0372 0x1470 Number of processors: 2
12:30:29.0372 0x1470 Page size: 0x1000
12:30:29.0372 0x1470 Boot type: Normal boot
12:30:29.0372 0x1470 ============================================================
12:30:31.0103 0x1470 KLMD registered as C:\Windows\system32\drivers\78456187.sys
12:30:40.0744 0x1470 KLMD registered as C:\Windows\system32\drivers\84929018.sys
12:30:41.0384 0x0828 Deinitialize success
Code:
ATTFilter 12:30:23.0272 0x1470 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:30:29.0372 0x1470 ============================================================
12:30:29.0372 0x1470 Current date / time: 2015/03/31 12:30:29.0372
12:30:29.0372 0x1470 SystemInfo:
12:30:29.0372 0x1470
12:30:29.0372 0x1470 OS Version: 6.1.7601 ServicePack: 1.0
12:30:29.0372 0x1470 Product type: Workstation
12:30:29.0372 0x1470 ComputerName: STEFFEN-PC
12:30:29.0372 0x1470 UserName: Steffen
12:30:29.0372 0x1470 Windows directory: C:\Windows
12:30:29.0372 0x1470 System windows directory: C:\Windows
12:30:29.0372 0x1470 Processor architecture: Intel x86
12:30:29.0372 0x1470 Number of processors: 2
12:30:29.0372 0x1470 Page size: 0x1000
12:30:29.0372 0x1470 Boot type: Normal boot
12:30:29.0372 0x1470 ============================================================
12:30:31.0103 0x1470 KLMD registered as C:\Windows\system32\drivers\78456187.sys
12:30:40.0744 0x1470 KLMD registered as C:\Windows\system32\drivers\84929018.sys
12:30:41.0384 0x0828 Deinitialize success
12:32:58.0976 0x0dcc TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:32:59.0163 0x0dcc ============================================================
12:32:59.0163 0x0dcc Current date / time: 2015/03/31 12:32:59.0163
12:32:59.0163 0x0dcc SystemInfo:
12:32:59.0163 0x0dcc
12:32:59.0163 0x0dcc OS Version: 6.1.7601 ServicePack: 1.0
12:32:59.0163 0x0dcc Product type: Workstation
12:32:59.0163 0x0dcc ComputerName: STEFFEN-PC
12:32:59.0163 0x0dcc UserName: Steffen
12:32:59.0163 0x0dcc Windows directory: C:\Windows
12:32:59.0163 0x0dcc System windows directory: C:\Windows
12:32:59.0163 0x0dcc Processor architecture: Intel x86
12:32:59.0163 0x0dcc Number of processors: 2
12:32:59.0163 0x0dcc Page size: 0x1000
12:32:59.0163 0x0dcc Boot type: Normal boot
12:32:59.0163 0x0dcc ============================================================
12:32:59.0179 0x0dcc BG loaded
12:32:59.0709 0x0dcc System UUID: {46E0A9DE-26BC-4181-AEFA-41A238A50B07}
12:33:00.0739 0x0dcc Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:33:00.0801 0x0dcc ============================================================
12:33:00.0801 0x0dcc \Device\Harddisk0\DR0:
12:33:00.0895 0x0dcc MBR partitions:
12:33:00.0895 0x0dcc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:33:00.0895 0x0dcc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:33:00.0895 0x0dcc ============================================================
12:33:01.0082 0x0dcc C: <-> \Device\Harddisk0\DR0\Partition2
12:33:01.0207 0x0dcc E: <-> \Device\Harddisk0\DR0\Partition1
12:33:01.0207 0x0dcc ============================================================
12:33:01.0207 0x0dcc Initialize success
12:33:01.0207 0x0dcc ============================================================
12:33:19.0556 0x0dd0 ============================================================
12:33:19.0556 0x0dd0 Scan started
12:33:19.0556 0x0dd0 Mode: Manual; SigCheck; TDLFS;
12:33:19.0556 0x0dd0 ============================================================
12:33:19.0556 0x0dd0 KSN ping started
12:33:21.0959 0x0dd0 KSN ping finished: true
12:33:25.0718 0x0dd0 ================ Scan system memory ========================
12:33:25.0718 0x0dd0 System memory - ok
12:33:25.0718 0x0dd0 ================ Scan services =============================
12:33:25.0921 0x0dd0 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:33:26.0015 0x0dd0 1394ohci - ok
12:33:26.0015 0x0dd0 Suspicious service (NoAccess): 98730404f2d3d842
12:33:26.0077 0x0dd0 [ 6EC2346C82F95E3BFBD2EFE50E2C8AF9, 253271FFE32145DC09A9AFFF380E356871AC61F23CF2F3BE58415DB18E38B5CF ] 98730404f2d3d842 C:\Windows\System32\Drivers\98730404f2d3d842.sys
12:33:26.0077 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\98730404f2d3d842.sys. md5: 6EC2346C82F95E3BFBD2EFE50E2C8AF9, sha256: 253271FFE32145DC09A9AFFF380E356871AC61F23CF2F3BE58415DB18E38B5CF
12:33:26.0108 0x0dd0 98730404f2d3d842 - detected Rootkit.Win32.Necurs.gen ( 0 )
12:33:28.0636 0x0dd0 98730404f2d3d842 ( Rootkit.Win32.Necurs.gen ) - infected
12:33:28.0636 0x0dd0 Force sending object to P2P due to detect: 98730404f2d3d842
12:33:31.0397 0x0dd0 Object send P2P result: true
12:33:33.0846 0x0dd0 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:33:33.0862 0x0dd0 ACPI - ok
12:33:33.0908 0x0dd0 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:33:33.0971 0x0dd0 AcpiPmi - ok
12:33:34.0064 0x0dd0 [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:33:34.0096 0x0dd0 AdobeFlashPlayerUpdateSvc - ok
12:33:34.0158 0x0dd0 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:33:34.0189 0x0dd0 adp94xx - ok
12:33:34.0205 0x0dd0 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:33:34.0236 0x0dd0 adpahci - ok
12:33:34.0267 0x0dd0 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:33:34.0283 0x0dd0 adpu320 - ok
12:33:34.0330 0x0dd0 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:33:34.0486 0x0dd0 AeLookupSvc - ok
12:33:34.0548 0x0dd0 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
12:33:34.0610 0x0dd0 AFD - ok
12:33:34.0642 0x0dd0 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:33:34.0657 0x0dd0 agp440 - ok
12:33:34.0688 0x0dd0 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:33:34.0704 0x0dd0 aic78xx - ok
12:33:34.0735 0x0dd0 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
12:33:34.0766 0x0dd0 ALG - ok
12:33:34.0798 0x0dd0 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
12:33:34.0813 0x0dd0 aliide - ok
12:33:34.0844 0x0dd0 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:33:34.0860 0x0dd0 amdagp - ok
12:33:34.0876 0x0dd0 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
12:33:34.0876 0x0dd0 amdide - ok
12:33:34.0907 0x0dd0 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:33:34.0954 0x0dd0 AmdK8 - ok
12:33:34.0985 0x0dd0 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:33:35.0016 0x0dd0 AmdPPM - ok
12:33:35.0047 0x0dd0 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:33:35.0063 0x0dd0 amdsata - ok
12:33:35.0094 0x0dd0 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:33:35.0125 0x0dd0 amdsbs - ok
12:33:35.0156 0x0dd0 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:33:35.0156 0x0dd0 amdxata - ok
12:33:35.0188 0x0dd0 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
12:33:35.0234 0x0dd0 AppID - ok
12:33:35.0266 0x0dd0 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:33:35.0344 0x0dd0 AppIDSvc - ok
12:33:35.0422 0x0dd0 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
12:33:35.0484 0x0dd0 Appinfo - ok
12:33:35.0531 0x0dd0 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:33:35.0546 0x0dd0 arc - ok
12:33:35.0562 0x0dd0 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:33:35.0578 0x0dd0 arcsas - ok
12:33:35.0702 0x0dd0 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:33:35.0843 0x0dd0 aspnet_state - ok
12:33:35.0874 0x0dd0 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:33:35.0983 0x0dd0 AsyncMac - ok
12:33:35.0999 0x0dd0 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
12:33:36.0014 0x0dd0 atapi - ok
12:33:36.0217 0x0dd0 [ 712D8A95E45B070114C5309ADA7358FF, 1F0285CFB9982637186531489743798511BA75B612B202231E9BC1CF5372C0BB ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:33:36.0404 0x0dd0 atikmdag - ok
12:33:36.0467 0x0dd0 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:33:36.0514 0x0dd0 AudioEndpointBuilder - ok
12:33:36.0560 0x0dd0 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:33:36.0576 0x0dd0 Audiosrv - ok
12:33:36.0997 0x0dd0 [ B90962C56D37665500E3B2510844F57E, D3A97436CACA7FD2E6EF6B07536F26665C06F6251472FAB96E923039412E6E85 ] AVKProxy C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
12:33:37.0060 0x0dd0 AVKProxy - ok
12:33:37.0278 0x0dd0 [ 56C6F2D7F1D515B4B534217443D3B67F, CB9E94EE515EE7C426B34EC40DFDEF27893C3379C011B2FF6EEF318A34BCF482 ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
12:33:37.0309 0x0dd0 AVKService - ok
12:33:37.0684 0x0dd0 [ 460DF58F2B393689EA6B87288BA7DFC5, D0330FC768B98DB4E76132CB40044E600AFE83964E63845C2534254EA5B15DA2 ] AVKWCtl C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
12:33:37.0762 0x0dd0 AVKWCtl - ok
12:33:37.0793 0x0dd0 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:33:37.0886 0x0dd0 AxInstSV - ok
12:33:37.0949 0x0dd0 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:33:37.0996 0x0dd0 b06bdrv - ok
12:33:38.0042 0x0dd0 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:33:38.0105 0x0dd0 b57nd60x - ok
12:33:38.0167 0x0dd0 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
12:33:38.0198 0x0dd0 BDESVC - ok
12:33:38.0214 0x0dd0 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
12:33:38.0261 0x0dd0 Beep - ok
12:33:38.0323 0x0dd0 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
12:33:38.0386 0x0dd0 BFE - ok
12:33:38.0464 0x0dd0 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
12:33:38.0526 0x0dd0 BITS - ok
12:33:38.0557 0x0dd0 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:33:38.0573 0x0dd0 blbdrive - ok
12:33:38.0604 0x0dd0 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:33:38.0635 0x0dd0 bowser - ok
12:33:38.0666 0x0dd0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:33:38.0682 0x0dd0 BrFiltLo - ok
12:33:38.0698 0x0dd0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:33:38.0713 0x0dd0 BrFiltUp - ok
12:33:38.0744 0x0dd0 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
12:33:38.0776 0x0dd0 Browser - ok
12:33:38.0807 0x0dd0 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:33:38.0869 0x0dd0 Brserid - ok
12:33:38.0885 0x0dd0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:33:38.0916 0x0dd0 BrSerWdm - ok
12:33:38.0916 0x0dd0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:33:38.0932 0x0dd0 BrUsbMdm - ok
12:33:38.0947 0x0dd0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:33:38.0978 0x0dd0 BrUsbSer - ok
12:33:38.0978 0x0dd0 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:33:39.0010 0x0dd0 BTHMODEM - ok
12:33:39.0056 0x0dd0 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
12:33:39.0119 0x0dd0 bthserv - ok
12:33:39.0166 0x0dd0 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:33:39.0212 0x0dd0 cdfs - ok
12:33:39.0259 0x0dd0 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:33:39.0290 0x0dd0 cdrom - ok
12:33:39.0337 0x0dd0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
12:33:39.0384 0x0dd0 CertPropSvc - ok
12:33:39.0400 0x0dd0 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:33:39.0446 0x0dd0 circlass - ok
12:33:39.0478 0x0dd0 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
12:33:39.0493 0x0dd0 CLFS - ok
12:33:39.0556 0x0dd0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:33:39.0571 0x0dd0 clr_optimization_v2.0.50727_32 - ok
12:33:39.0634 0x0dd0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:33:39.0836 0x0dd0 clr_optimization_v4.0.30319_32 - ok
12:33:39.0868 0x0dd0 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:33:39.0899 0x0dd0 CmBatt - ok
12:33:39.0930 0x0dd0 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:33:39.0946 0x0dd0 cmdide - ok
12:33:39.0992 0x0dd0 [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG C:\Windows\system32\Drivers\cng.sys
12:33:40.0039 0x0dd0 CNG - ok
12:33:40.0055 0x0dd0 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:33:40.0070 0x0dd0 Compbatt - ok
12:33:40.0102 0x0dd0 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:33:40.0133 0x0dd0 CompositeBus - ok
12:33:40.0148 0x0dd0 COMSysApp - ok
12:33:40.0164 0x0dd0 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:33:40.0180 0x0dd0 crcdisk - ok
12:33:40.0226 0x0dd0 [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:33:40.0289 0x0dd0 CryptSvc - ok
12:33:40.0351 0x0dd0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
12:33:40.0414 0x0dd0 DcomLaunch - ok
12:33:40.0445 0x0dd0 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
12:33:40.0492 0x0dd0 defragsvc - ok
12:33:40.0538 0x0dd0 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:33:40.0570 0x0dd0 DfsC - ok
12:33:40.0648 0x0dd0 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:33:40.0710 0x0dd0 Dhcp - ok
12:33:40.0741 0x0dd0 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
12:33:40.0804 0x0dd0 discache - ok
12:33:40.0835 0x0dd0 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:33:40.0850 0x0dd0 Disk - ok
12:33:40.0897 0x0dd0 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:33:40.0944 0x0dd0 Dnscache - ok
12:33:40.0975 0x0dd0 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
12:33:41.0022 0x0dd0 dot3svc - ok
12:33:41.0069 0x0dd0 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
12:33:41.0131 0x0dd0 DPS - ok
12:33:41.0178 0x0dd0 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:33:41.0225 0x0dd0 drmkaud - ok
12:33:41.0303 0x0dd0 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:33:41.0334 0x0dd0 DXGKrnl - ok
12:33:41.0365 0x0dd0 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
12:33:41.0412 0x0dd0 EapHost - ok
12:33:41.0584 0x0dd0 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:33:41.0755 0x0dd0 ebdrv - ok
12:33:41.0786 0x0dd0 [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS C:\Windows\System32\lsass.exe
12:33:41.0833 0x0dd0 EFS - ok
12:33:41.0927 0x0dd0 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:33:42.0005 0x0dd0 ehRecvr - ok
12:33:42.0036 0x0dd0 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
12:33:42.0098 0x0dd0 ehSched - ok
12:33:42.0176 0x0dd0 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:33:42.0192 0x0dd0 elxstor - ok
12:33:42.0223 0x0dd0 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:33:42.0254 0x0dd0 ErrDev - ok
12:33:42.0317 0x0dd0 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
12:33:42.0348 0x0dd0 EventSystem - ok
12:33:42.0379 0x0dd0 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
12:33:42.0426 0x0dd0 exfat - ok
12:33:42.0457 0x0dd0 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:33:42.0504 0x0dd0 fastfat - ok
12:33:42.0582 0x0dd0 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
12:33:42.0644 0x0dd0 Fax - ok
12:33:42.0676 0x0dd0 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:33:42.0707 0x0dd0 fdc - ok
12:33:42.0738 0x0dd0 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
12:33:42.0800 0x0dd0 fdPHost - ok
12:33:42.0832 0x0dd0 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
12:33:42.0847 0x0dd0 FDResPub - ok
12:33:42.0863 0x0dd0 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:33:42.0878 0x0dd0 FileInfo - ok
12:33:42.0894 0x0dd0 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:33:42.0941 0x0dd0 Filetrace - ok
12:33:42.0972 0x0dd0 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:33:43.0003 0x0dd0 flpydisk - ok
12:33:43.0034 0x0dd0 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:33:43.0066 0x0dd0 FltMgr - ok
12:33:43.0144 0x0dd0 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
12:33:43.0190 0x0dd0 FontCache - ok
12:33:43.0253 0x0dd0 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:33:43.0268 0x0dd0 FontCache3.0.0.0 - ok
12:33:43.0300 0x0dd0 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:33:43.0300 0x0dd0 FsDepends - ok
12:33:43.0315 0x0dd0 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:33:43.0331 0x0dd0 Fs_Rec - ok
12:33:43.0378 0x0dd0 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:33:43.0393 0x0dd0 fvevol - ok
12:33:43.0440 0x0dd0 [ B45F1DF1CCE34E2AF422F0ED78CD70EF, 2B0E705B2274B5801FE70C2A44D9B73BB2D5659BBBB03631737EC55E8D90E997 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
12:33:43.0487 0x0dd0 FWLANUSB - ok
12:33:43.0518 0x0dd0 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:33:43.0549 0x0dd0 gagp30kx - ok
12:33:43.0580 0x0dd0 [ 6E755F8DA0790AA6924B8BE91CC99A4B, 7804DC14E6CC1775DB4A7833D0B8FC73C8AA1A2A81F65811FC26FC773FB50670 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
12:33:43.0596 0x0dd0 GDBehave - ok
12:33:43.0955 0x0dd0 [ FE489997ABB4335371188561E22E08C7, 8F7859E2228464664B410FCC9224C727784A2EC115D618BF0889BFFEC96D97C2 ] GDFwSvc C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
12:33:44.0033 0x0dd0 GDFwSvc - ok
12:33:44.0080 0x0dd0 [ 0B644EB2DA939985D674B653FA446933, BE4517F73A6A20433403100F6B30EDDB194EB243772C8D4AB0C5FB732793FF74 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
12:33:44.0111 0x0dd0 GDMnIcpt - ok
12:33:44.0158 0x0dd0 [ B7D00C0B098A27937B249E50398D0A73, FD2EF6B9FB85E7A8FB92051C11EB7A3DCD334F9BEAE7F0F242972C06A94BD799 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
12:33:44.0173 0x0dd0 GDPkIcpt - ok
12:33:44.0298 0x0dd0 [ 846972E3EBB10D2F39A69B5E6CF08313, 7E2EC3BBF066C3C40F75F2533D1AB2307C3331FA460243A4F4B31A61714C159E ] GDScan C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
12:33:44.0329 0x0dd0 GDScan - ok
12:33:44.0376 0x0dd0 [ 3B6E35FDA3AB07A081CA1D0BCB205F19, F0C92BC0152A427D11EA9B1389DA7CDE2BB1DBAE12EE8D9C781E7A215F511D61 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
12:33:44.0392 0x0dd0 gdwfpcd - ok
12:33:44.0454 0x0dd0 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
12:33:44.0501 0x0dd0 gpsvc - ok
12:33:44.0532 0x0dd0 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:33:44.0579 0x0dd0 hcw85cir - ok
12:33:44.0626 0x0dd0 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:33:44.0626 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: A5EF29D5315111C80A5C1ABAD14C8972, sha256: A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A
12:33:44.0626 0x0dd0 HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
12:33:47.0106 0x0dd0 Detect skipped due to KSN trusted
12:33:47.0106 0x0dd0 HdAudAddService - ok
12:33:47.0137 0x0dd0 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:33:47.0184 0x0dd0 HDAudBus - ok
12:33:47.0215 0x0dd0 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:33:47.0215 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 1D58A7F3E11A9731D0EAAAA8405ACC36, sha256: 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215
12:33:47.0215 0x0dd0 HidBatt - detected LockedFile.Multi.Generic ( 1 )
12:33:49.0696 0x0dd0 Detect skipped due to KSN trusted
12:33:49.0696 0x0dd0 HidBatt - ok
12:33:49.0711 0x0dd0 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:33:49.0742 0x0dd0 HidBth - ok
12:33:49.0774 0x0dd0 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:33:49.0774 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: CF50B4CF4A4F229B9F3C08351F99CA5E, sha256: B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F
12:33:49.0774 0x0dd0 HidIr - detected LockedFile.Multi.Generic ( 1 )
12:33:52.0270 0x0dd0 Detect skipped due to KSN trusted
12:33:52.0270 0x0dd0 HidIr - ok
12:33:52.0316 0x0dd0 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
12:33:52.0379 0x0dd0 hidserv - ok
12:33:52.0488 0x0dd0 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:33:52.0488 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 10C19F8290891AF023EAEC0832E1EB4D, sha256: E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853
12:33:52.0488 0x0dd0 HidUsb - detected LockedFile.Multi.Generic ( 1 )
12:34:02.0503 0x0dd0 Object is SCO, delete is not allowed
12:34:02.0503 0x0dd0 HidUsb ( LockedFile.Multi.Generic ) - warning
12:34:10.0475 0x0dd0 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
12:34:10.0537 0x0dd0 hkmsvc - ok
12:34:10.0615 0x0dd0 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:34:10.0678 0x0dd0 HomeGroupListener - ok
12:34:10.0787 0x0dd0 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:34:10.0865 0x0dd0 HomeGroupProvider - ok
12:34:10.0958 0x0dd0 [ 6AD5573C959D466C1BB6360C3CE21FEF, 7CA95C1D756C2223C16B9DF517FCDBBBAAAE3C6FD85F1EE8DA8628ECBD24E93E ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
12:34:10.0974 0x0dd0 HookCentre - ok
12:34:11.0068 0x0dd0 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:34:11.0068 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 295FDC419039090EB8B49FFDBB374549, sha256: 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7
12:34:11.0068 0x0dd0 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
12:34:16.0964 0x0dd0 Detect skipped due to KSN trusted
12:34:16.0964 0x0dd0 HpSAMD - ok
12:34:17.0136 0x0dd0 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:34:17.0136 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 871917B07A141BFF43D76D8844D48106, sha256: 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987
12:34:17.0152 0x0dd0 HTTP - detected LockedFile.Multi.Generic ( 1 )
12:34:19.0632 0x0dd0 Detect skipped due to KSN trusted
12:34:19.0632 0x0dd0 HTTP - ok
12:34:19.0694 0x0dd0 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:34:19.0694 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: 0C4E035C7F105F1299258C90886C64C5, sha256: CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4
12:34:19.0694 0x0dd0 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
12:34:23.0704 0x0dd0 Detect skipped due to KSN trusted
12:34:23.0704 0x0dd0 hwpolicy - ok
12:34:23.0844 0x0dd0 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:34:23.0844 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: F151F0BDC47F4A28B1B20A0818EA36D6, sha256: 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79
12:34:23.0844 0x0dd0 i8042prt - detected LockedFile.Multi.Generic ( 1 )
12:34:26.0309 0x0dd0 Detect skipped due to KSN trusted
12:34:26.0309 0x0dd0 i8042prt - ok
12:34:26.0449 0x0dd0 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:34:26.0449 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 5CD5F9A5444E6CDCB0AC89BD62D8B76E, sha256: 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0
12:34:26.0449 0x0dd0 iaStorV - detected LockedFile.Multi.Generic ( 1 )
12:34:28.0914 0x0dd0 Detect skipped due to KSN trusted
12:34:28.0914 0x0dd0 iaStorV - ok
12:34:29.0023 0x0dd0 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:34:29.0086 0x0dd0 idsvc - ok
12:34:29.0117 0x0dd0 IEEtwCollectorService - ok
12:34:29.0148 0x0dd0 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:34:29.0148 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 4173FF5708F3236CF25195FECD742915, sha256: 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D
12:34:29.0148 0x0dd0 iirsp - detected LockedFile.Multi.Generic ( 1 )
12:34:31.0940 0x0dd0 Detect skipped due to KSN trusted
12:34:31.0940 0x0dd0 iirsp - ok
12:34:32.0018 0x0dd0 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
12:34:32.0081 0x0dd0 IKEEXT - ok
12:34:32.0112 0x0dd0 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
12:34:32.0112 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: A0F12F2C9BA6C72F3987CE780E77C130, sha256: 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034
12:34:32.0112 0x0dd0 intelide - detected LockedFile.Multi.Generic ( 1 )
12:34:34.0608 0x0dd0 Detect skipped due to KSN trusted
12:34:34.0608 0x0dd0 intelide - ok
12:34:34.0639 0x0dd0 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:34:34.0639 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: 3B514D27BFC4ACCB4037BC6685F766E0, sha256: F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A
12:34:34.0639 0x0dd0 intelppm - detected LockedFile.Multi.Generic ( 1 )
12:34:37.0120 0x0dd0 Detect skipped due to KSN trusted
12:34:37.0120 0x0dd0 intelppm - ok
12:34:37.0166 0x0dd0 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:34:37.0213 0x0dd0 IPBusEnum - ok
12:34:37.0229 0x0dd0 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:34:37.0229 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 709D1761D3B19A932FF0238EA6D50200, sha256: 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823
12:34:37.0229 0x0dd0 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
12:34:39.0709 0x0dd0 Detect skipped due to KSN trusted
12:34:39.0709 0x0dd0 IpFilterDriver - ok
12:34:39.0787 0x0dd0 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:34:39.0850 0x0dd0 iphlpsvc - ok
12:34:39.0881 0x0dd0 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:34:39.0881 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 4BD7134618C1D2A27466A099062547BF, sha256: 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964
12:34:39.0896 0x0dd0 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
12:34:42.0361 0x0dd0 Detect skipped due to KSN trusted
12:34:42.0377 0x0dd0 IPMIDRV - ok
12:34:42.0408 0x0dd0 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:34:42.0408 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: A5FA468D67ABCDAA36264E463A7BB0CD, sha256: EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63
12:34:42.0408 0x0dd0 IPNAT - detected LockedFile.Multi.Generic ( 1 )
12:34:44.0873 0x0dd0 Detect skipped due to KSN trusted
12:34:44.0873 0x0dd0 IPNAT - ok
12:34:44.0904 0x0dd0 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:34:44.0904 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 42996CFF20A3084A56017B7902307E9F, sha256: 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D
12:34:44.0904 0x0dd0 IRENUM - detected LockedFile.Multi.Generic ( 1 )
12:34:47.0369 0x0dd0 Detect skipped due to KSN trusted
12:34:47.0369 0x0dd0 IRENUM - ok
12:34:47.0400 0x0dd0 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:34:47.0400 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 1F32BB6B38F62F7DF1A7AB7292638A35, sha256: 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F
12:34:47.0400 0x0dd0 isapnp - detected LockedFile.Multi.Generic ( 1 )
12:34:49.0880 0x0dd0 Detect skipped due to KSN trusted
12:34:49.0880 0x0dd0 isapnp - ok
12:34:49.0927 0x0dd0 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:34:49.0927 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: EB34CE31FABD4DC4343FD2AD16D2CAF9, sha256: D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C
12:34:49.0927 0x0dd0 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
12:34:52.0392 0x0dd0 Detect skipped due to KSN trusted
12:34:52.0392 0x0dd0 iScsiPrt - ok
12:34:52.0439 0x0dd0 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:34:52.0439 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: ADEF52CA1AEAE82B50DF86B56413107E, sha256: A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2
12:34:52.0439 0x0dd0 kbdclass - detected LockedFile.Multi.Generic ( 1 )
12:34:54.0919 0x0dd0 Detect skipped due to KSN trusted
12:34:54.0919 0x0dd0 kbdclass - ok
12:34:54.0966 0x0dd0 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:34:54.0966 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 9E3CED91863E6EE98C24794D05E27A71, sha256: 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F
12:34:54.0966 0x0dd0 kbdhid - detected LockedFile.Multi.Generic ( 1 )
12:34:57.0446 0x0dd0 Detect skipped due to KSN trusted
12:34:57.0446 0x0dd0 kbdhid - ok
12:34:57.0462 0x0dd0 [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso C:\Windows\system32\lsass.exe
12:34:57.0478 0x0dd0 KeyIso - ok
12:34:57.0509 0x0dd0 [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:34:57.0509 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: EF88BAC2B489D9C46F4E41ACF0219CD0, sha256: BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A
12:34:57.0509 0x0dd0 KSecDD - detected LockedFile.Multi.Generic ( 1 )
12:34:59.0974 0x0dd0 Detect skipped due to KSN trusted
12:34:59.0974 0x0dd0 KSecDD - ok
12:35:00.0005 0x0dd0 [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:35:00.0005 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 49D70660EE8266988C1F99A0297A1430, sha256: D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4
12:35:00.0005 0x0dd0 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
12:35:02.0485 0x0dd0 Detect skipped due to KSN trusted
12:35:02.0485 0x0dd0 KSecPkg - ok
12:35:02.0532 0x0dd0 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:35:02.0579 0x0dd0 KtmRm - ok
12:35:02.0610 0x0dd0 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:35:02.0672 0x0dd0 LanmanServer - ok
12:35:02.0719 0x0dd0 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:35:02.0782 0x0dd0 LanmanWorkstation - ok
12:35:02.0844 0x0dd0 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:35:02.0844 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: F7611EC07349979DA9B0AE1F18CCC7A6, sha256: 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E
12:35:02.0860 0x0dd0 lltdio - detected LockedFile.Multi.Generic ( 1 )
12:35:05.0324 0x0dd0 Detect skipped due to KSN trusted
12:35:05.0324 0x0dd0 lltdio - ok
12:35:05.0418 0x0dd0 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:35:05.0496 0x0dd0 lltdsvc - ok
12:35:05.0512 0x0dd0 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:35:05.0558 0x0dd0 lmhosts - ok
12:35:05.0590 0x0dd0 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:35:05.0590 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: EB119A53CCF2ACC000AC71B065B78FEF, sha256: 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9
12:35:05.0590 0x0dd0 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
12:35:08.0070 0x0dd0 Detect skipped due to KSN trusted
12:35:08.0070 0x0dd0 LSI_FC - ok
12:35:08.0117 0x0dd0 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:35:08.0117 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 8ADE1C877256A22E49B75D1CC9161F9C, sha256: 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7
12:35:08.0117 0x0dd0 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
12:35:10.0597 0x0dd0 Detect skipped due to KSN trusted
12:35:10.0597 0x0dd0 LSI_SAS - ok
12:35:10.0613 0x0dd0 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:35:10.0613 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: DC9DC3D3DAA0E276FD2EC262E38B11E9, sha256: A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC
12:35:10.0628 0x0dd0 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
12:35:20.0644 0x0dd0 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
12:35:20.0644 0x0dd0 Force sending object to P2P due to detect: LSI_SAS2
12:35:32.0874 0x0dd0 Object send P2P result: true
12:35:35.0308 0x0dd0 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:35:35.0308 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0A036C7D7CAB643A7F07135AC47E0524, sha256: 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8
12:35:35.0308 0x0dd0 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
12:35:37.0788 0x0dd0 Detect skipped due to KSN trusted
12:35:37.0788 0x0dd0 LSI_SCSI - ok
12:35:37.0819 0x0dd0 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
12:35:37.0819 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 6703E366CC18D3B6E534F5CF7DF39CEE, sha256: 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4
12:35:37.0819 0x0dd0 luafv - detected LockedFile.Multi.Generic ( 1 )
12:35:40.0315 0x0dd0 Detect skipped due to KSN trusted
12:35:40.0315 0x0dd0 luafv - ok
12:35:40.0456 0x0dd0 [ AB73A39A5E45F465B02C11C500BB0278, 6863B27DA7A0808F232B93CB74ACA09751B6F63FD9FB26EB3FA0282636CE9807 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:35:40.0471 0x0dd0 MBAMProtector - ok
12:35:40.0596 0x0dd0 [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
12:35:40.0658 0x0dd0 MBAMScheduler - ok
12:35:40.0768 0x0dd0 [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
12:35:40.0846 0x0dd0 MBAMService - ok
12:35:40.0892 0x0dd0 [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:35:40.0924 0x0dd0 MBAMSwissArmy - ok
12:35:40.0955 0x0dd0 [ 2A1B51A1FE8DC4DC0D52EC700CB02CEF, BF689A361F941F91B63D5F8E54925550333C068F65E59E4DBF0A7B66B8C7EDD6 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:35:40.0970 0x0dd0 MBAMWebAccessControl - ok
12:35:41.0002 0x0dd0 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:35:41.0033 0x0dd0 Mcx2Svc - ok
12:35:41.0064 0x0dd0 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:35:41.0064 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: 0FFF5B045293002AB38EB1FD1FC2FB74, sha256: 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374
12:35:41.0064 0x0dd0 megasas - detected LockedFile.Multi.Generic ( 1 )
12:35:43.0560 0x0dd0 Detect skipped due to KSN trusted
12:35:43.0560 0x0dd0 megasas - ok
12:35:43.0591 0x0dd0 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:35:43.0591 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: DCBAB2920C75F390CAF1D29F675D03D6, sha256: 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB
12:35:43.0591 0x0dd0 MegaSR - detected LockedFile.Multi.Generic ( 1 )
12:35:46.0196 0x0dd0 Detect skipped due to KSN trusted
12:35:46.0196 0x0dd0 MegaSR - ok
12:35:46.0228 0x0dd0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
12:35:46.0274 0x0dd0 MMCSS - ok
12:35:46.0290 0x0dd0 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
12:35:46.0290 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: F001861E5700EE84E2D4E52C712F4964, sha256: F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE
12:35:46.0290 0x0dd0 Modem - detected LockedFile.Multi.Generic ( 1 )
12:35:48.0770 0x0dd0 Detect skipped due to KSN trusted
12:35:48.0770 0x0dd0 Modem - ok
12:35:48.0802 0x0dd0 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:35:48.0802 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: 79D10964DE86B292320E9DFE02282A23, sha256: 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72
12:35:48.0817 0x0dd0 monitor - detected LockedFile.Multi.Generic ( 1 )
12:35:51.0282 0x0dd0 Detect skipped due to KSN trusted
12:35:51.0282 0x0dd0 monitor - ok
12:35:51.0329 0x0dd0 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:35:51.0329 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: FB18CC1D4C2E716B6B903B0AC0CC0609, sha256: F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E
12:35:51.0329 0x0dd0 mouclass - detected LockedFile.Multi.Generic ( 1 )
12:35:53.0809 0x0dd0 Detect skipped due to KSN trusted
12:35:53.0809 0x0dd0 mouclass - ok
12:35:53.0872 0x0dd0 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:35:53.0872 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: 2C388D2CD01C9042596CF3C8F3C7B24D, sha256: B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703
12:35:53.0872 0x0dd0 mouhid - detected LockedFile.Multi.Generic ( 1 )
12:35:56.0352 0x0dd0 Detect skipped due to KSN trusted
12:35:56.0352 0x0dd0 mouhid - ok
12:35:56.0446 0x0dd0 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:35:56.0446 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: FC8771F45ECCCFD89684E38842539B9B, sha256: 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A
12:35:56.0446 0x0dd0 mountmgr - detected LockedFile.Multi.Generic ( 1 )
12:35:58.0988 0x0dd0 Detect skipped due to KSN trusted
12:35:58.0988 0x0dd0 mountmgr - ok
12:35:59.0051 0x0dd0 [ AE7DAFFEC2CDF695C95925C4C1F8EC02, 9F6F4FDE4678FD506CEBB4BAC29A4B30CDD391F1554B33530009F69F5EE8DB3A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:35:59.0082 0x0dd0 MozillaMaintenance - ok
12:35:59.0098 0x0dd0 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
12:35:59.0098 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: 2D699FB6E89CE0D8DA14ECC03B3EDFE0, sha256: D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420
12:35:59.0098 0x0dd0 mpio - detected LockedFile.Multi.Generic ( 1 )
12:36:01.0562 0x0dd0 Detect skipped due to KSN trusted
12:36:01.0562 0x0dd0 mpio - ok
12:36:01.0609 0x0dd0 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:36:01.0609 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: AD2723A7B53DD1AACAE6AD8C0BFBF4D0, sha256: 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2
12:36:01.0609 0x0dd0 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
12:36:04.0090 0x0dd0 Detect skipped due to KSN trusted
12:36:04.0090 0x0dd0 mpsdrv - ok
12:36:04.0168 0x0dd0 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:36:04.0230 0x0dd0 MpsSvc - ok
12:36:04.0277 0x0dd0 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:36:04.0277 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 03F899F521D2AAED1C55008F734DF252, sha256: 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5
12:36:04.0277 0x0dd0 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
12:36:06.0757 0x0dd0 Detect skipped due to KSN trusted
12:36:06.0757 0x0dd0 MRxDAV - ok
12:36:06.0804 0x0dd0 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:36:06.0804 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 5D16C921E3671636C0EBA3BBAAC5FD25, sha256: 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C
12:36:06.0804 0x0dd0 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
12:36:09.0284 0x0dd0 Detect skipped due to KSN trusted
12:36:09.0284 0x0dd0 mrxsmb - ok
12:36:09.0331 0x0dd0 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:36:09.0331 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 6D17A4791ACA19328C685D256349FEFC, sha256: 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668
12:36:09.0331 0x0dd0 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
12:36:11.0796 0x0dd0 Detect skipped due to KSN trusted
12:36:11.0796 0x0dd0 mrxsmb10 - ok
12:36:11.0827 0x0dd0 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:36:11.0827 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: B81F204D146000BE76651A50670A5E9E, sha256: 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17
12:36:11.0827 0x0dd0 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
12:36:14.0323 0x0dd0 Detect skipped due to KSN trusted
12:36:14.0323 0x0dd0 mrxsmb20 - ok
12:36:14.0354 0x0dd0 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
12:36:14.0354 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: 012C5F4E9349E711E11E0F19A8589F0A, sha256: 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584
12:36:14.0354 0x0dd0 msahci - detected LockedFile.Multi.Generic ( 1 )
12:36:16.0819 0x0dd0 Detect skipped due to KSN trusted
12:36:16.0819 0x0dd0 msahci - ok
12:36:16.0866 0x0dd0 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:36:16.0866 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: 55055F8AD8BE27A64C831322A780A228, sha256: C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304
12:36:16.0866 0x0dd0 msdsm - detected LockedFile.Multi.Generic ( 1 )
12:36:19.0346 0x0dd0 Detect skipped due to KSN trusted
12:36:19.0346 0x0dd0 msdsm - ok
12:36:19.0487 0x0dd0 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
12:36:19.0534 0x0dd0 MSDTC - ok
12:36:19.0549 0x0dd0 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:36:19.0549 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: DAEFB28E3AF5A76ABCC2C3078C07327F, sha256: 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF
12:36:19.0549 0x0dd0 Msfs - detected LockedFile.Multi.Generic ( 1 )
12:36:22.0030 0x0dd0 Detect skipped due to KSN trusted
12:36:22.0030 0x0dd0 Msfs - ok
12:36:22.0045 0x0dd0 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:36:22.0045 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: 3E1E5767043C5AF9367F0056295E9F84, sha256: B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70
12:36:22.0045 0x0dd0 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
12:36:32.0060 0x0dd0 mshidkmdf ( LockedFile.Multi.Generic ) - warning
12:36:32.0060 0x0dd0 Force sending object to P2P due to detect: mshidkmdf
12:36:36.0912 0x0dd0 Object send P2P result: true
12:36:42.0388 0x0dd0 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:36:42.0388 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: 0A4E5757AE09FA9622E3158CC1AEF114, sha256: ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54
12:36:42.0403 0x0dd0 msisadrv - detected LockedFile.Multi.Generic ( 1 )
12:36:44.0868 0x0dd0 Detect skipped due to KSN trusted
12:36:44.0868 0x0dd0 msisadrv - ok
12:36:44.0915 0x0dd0 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:36:44.0977 0x0dd0 MSiSCSI - ok
12:36:44.0977 0x0dd0 msiserver - ok
12:36:45.0024 0x0dd0 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:36:45.0024 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 8C0860D6366AAFFB6C5BB9DF9448E631, sha256: 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77
12:36:45.0024 0x0dd0 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
12:36:47.0504 0x0dd0 Detect skipped due to KSN trusted
12:36:47.0504 0x0dd0 MSKSSRV - ok
12:36:47.0520 0x0dd0 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:36:47.0520 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: 3EA8B949F963562CEDBB549EAC0C11CE, sha256: 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D
12:36:47.0520 0x0dd0 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
12:36:50.0000 0x0dd0 Detect skipped due to KSN trusted
12:36:50.0000 0x0dd0 MSPCLOCK - ok
12:36:50.0016 0x0dd0 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:36:50.0016 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: F456E973590D663B1073E9C463B40932, sha256: 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11
12:36:50.0016 0x0dd0 MSPQM - detected LockedFile.Multi.Generic ( 1 )
12:36:52.0496 0x0dd0 Detect skipped due to KSN trusted
12:36:52.0496 0x0dd0 MSPQM - ok
12:36:52.0528 0x0dd0 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:36:52.0528 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 0E008FC4819D238C51D7C93E7B41E560, sha256: 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2
12:36:52.0543 0x0dd0 MsRPC - detected LockedFile.Multi.Generic ( 1 )
12:36:55.0008 0x0dd0 Detect skipped due to KSN trusted
12:36:55.0008 0x0dd0 MsRPC - ok
12:36:55.0055 0x0dd0 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:36:55.0055 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: FC6B9FF600CC585EA38B12589BD4E246, sha256: F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A
12:36:55.0055 0x0dd0 mssmbios - detected LockedFile.Multi.Generic ( 1 )
12:36:57.0535 0x0dd0 Detect skipped due to KSN trusted
12:36:57.0535 0x0dd0 mssmbios - ok
12:36:57.0582 0x0dd0 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:36:57.0582 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: B42C6B921F61A6E55159B8BE6CD54A36, sha256: 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C
12:36:57.0582 0x0dd0 MSTEE - detected LockedFile.Multi.Generic ( 1 )
12:37:00.0109 0x0dd0 Detect skipped due to KSN trusted
12:37:00.0109 0x0dd0 MSTEE - ok
12:37:00.0125 0x0dd0 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:37:00.0125 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 33599130F44E1F34631CEA241DE8AC84, sha256: E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B
12:37:00.0125 0x0dd0 MTConfig - detected LockedFile.Multi.Generic ( 1 )
12:37:02.0590 0x0dd0 Detect skipped due to KSN trusted
12:37:02.0590 0x0dd0 MTConfig - ok
12:37:02.0621 0x0dd0 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
12:37:02.0621 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: 159FAD02F64E6381758C990F753BCC80, sha256: E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598
12:37:02.0621 0x0dd0 Mup - detected LockedFile.Multi.Generic ( 1 )
12:37:05.0101 0x0dd0 Detect skipped due to KSN trusted
12:37:05.0101 0x0dd0 Mup - ok
12:37:05.0164 0x0dd0 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
12:37:05.0210 0x0dd0 napagent - ok
12:37:05.0273 0x0dd0 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:37:05.0273 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 26384429FCD85D83746F63E798AB1480, sha256: 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB
12:37:05.0273 0x0dd0 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
12:37:07.0753 0x0dd0 Detect skipped due to KSN trusted
12:37:07.0753 0x0dd0 NativeWifiP - ok
12:37:07.0831 0x0dd0 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:37:07.0831 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 8C9C922D71F1CD4DEF73F186416B7896, sha256: 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7
12:37:07.0831 0x0dd0 NDIS - detected LockedFile.Multi.Generic ( 1 )
12:37:10.0296 0x0dd0 Detect skipped due to KSN trusted
12:37:10.0296 0x0dd0 NDIS - ok
12:37:10.0499 0x0dd0 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:37:10.0499 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 0E1787AA6C9191D3D319E8BAFE86F80C, sha256: F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278
12:37:10.0499 0x0dd0 NdisCap - detected LockedFile.Multi.Generic ( 1 )
12:37:12.0979 0x0dd0 Detect skipped due to KSN trusted
12:37:12.0995 0x0dd0 NdisCap - ok
12:37:13.0010 0x0dd0 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:37:13.0010 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: E4A8AEC125A2E43A9E32AFEEA7C9C888, sha256: 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55
12:37:13.0010 0x0dd0 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
12:37:15.0475 0x0dd0 Detect skipped due to KSN trusted
12:37:15.0475 0x0dd0 NdisTapi - ok
12:37:15.0522 0x0dd0 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:37:15.0522 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: D8A65DAFB3EB41CBB622745676FCD072, sha256: 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7
12:37:15.0522 0x0dd0 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
12:37:18.0002 0x0dd0 Detect skipped due to KSN trusted
12:37:18.0002 0x0dd0 Ndisuio - ok
12:37:18.0034 0x0dd0 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:37:18.0034 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 38FBE267E7E6983311179230FACB1017, sha256: CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14
12:37:18.0034 0x0dd0 NdisWan - detected LockedFile.Multi.Generic ( 1 )
12:37:20.0514 0x0dd0 Detect skipped due to KSN trusted
12:37:20.0514 0x0dd0 NdisWan - ok
12:37:20.0545 0x0dd0 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:37:20.0545 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: A4BDC541E69674FBFF1A8FF00BE913F2, sha256: 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA
12:37:20.0545 0x0dd0 NDProxy - detected LockedFile.Multi.Generic ( 1 )
12:37:23.0026 0x0dd0 Detect skipped due to KSN trusted
12:37:23.0026 0x0dd0 NDProxy - ok
12:37:23.0072 0x0dd0 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:37:23.0072 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 80B275B1CE3B0E79909DB7B39AF74D51, sha256: 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796
12:37:23.0072 0x0dd0 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
12:37:25.0553 0x0dd0 Detect skipped due to KSN trusted
12:37:25.0553 0x0dd0 NetBIOS - ok
12:37:25.0600 0x0dd0 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:37:25.0600 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 280122DDCF04B378EDD1AD54D71C1E54, sha256: F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0
12:37:25.0600 0x0dd0 NetBT - detected LockedFile.Multi.Generic ( 1 )
12:37:28.0064 0x0dd0 Detect skipped due to KSN trusted
12:37:28.0064 0x0dd0 NetBT - ok
12:37:28.0080 0x0dd0 [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] Netlogon C:\Windows\system32\lsass.exe
12:37:28.0111 0x0dd0 Netlogon - ok
12:37:28.0142 0x0dd0 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
12:37:28.0220 0x0dd0 Netman - ok
12:37:28.0283 0x0dd0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0345 0x0dd0 NetMsmqActivator - ok
12:37:28.0361 0x0dd0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0376 0x0dd0 NetPipeActivator - ok
12:37:28.0439 0x0dd0 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
12:37:28.0486 0x0dd0 netprofm - ok
12:37:28.0532 0x0dd0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0564 0x0dd0 NetTcpActivator - ok
12:37:28.0564 0x0dd0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:28.0579 0x0dd0 NetTcpPortSharing - ok
12:37:28.0626 0x0dd0 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:37:28.0626 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 1D85C4B390B0EE09C7A46B91EFB2C097, sha256: 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348
12:37:28.0626 0x0dd0 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
12:37:31.0106 0x0dd0 Detect skipped due to KSN trusted
12:37:31.0106 0x0dd0 nfrd960 - ok
12:37:31.0153 0x0dd0 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:37:31.0184 0x0dd0 NlaSvc - ok
12:37:31.0216 0x0dd0 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:37:31.0216 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1DB262A9F8C087E8153D89BEF3D2235F, sha256: A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101
12:37:31.0216 0x0dd0 Npfs - detected LockedFile.Multi.Generic ( 1 )
12:37:33.0680 0x0dd0 Detect skipped due to KSN trusted
12:37:33.0680 0x0dd0 Npfs - ok
12:37:33.0727 0x0dd0 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
12:37:33.0758 0x0dd0 nsi - ok
12:37:33.0790 0x0dd0 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:37:33.0790 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E9A0A4D07E53D8FEA2BB8387A3293C58, sha256: 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A
12:37:33.0790 0x0dd0 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
12:37:36.0270 0x0dd0 Detect skipped due to KSN trusted
12:37:36.0270 0x0dd0 nsiproxy - ok
12:37:36.0364 0x0dd0 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:37:36.0364 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: C8DFF8D07755A66C7A4A738930F0FEAC, sha256: A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA
12:37:36.0364 0x0dd0 Ntfs - detected LockedFile.Multi.Generic ( 1 )
12:37:46.0379 0x0dd0 Object is SCO, delete is not allowed
12:37:46.0379 0x0dd0 Ntfs ( LockedFile.Multi.Generic ) - warning
12:37:49.0826 0x0dd0 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
12:37:49.0826 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: F9756A98D69098DCA8945D62858A812C, sha256: 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045
12:37:49.0826 0x0dd0 Null - detected LockedFile.Multi.Generic ( 1 )
12:37:52.0291 0x0dd0 Detect skipped due to KSN trusted
12:37:52.0291 0x0dd0 Null - ok
12:37:52.0369 0x0dd0 [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
12:37:52.0369 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvm62x32.sys. md5: B5E37E31C053BC9950455A257526514B, sha256: 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B
12:37:52.0369 0x0dd0 NVENETFD - detected LockedFile.Multi.Generic ( 1 )
12:37:54.0850 0x0dd0 Detect skipped due to KSN trusted
12:37:54.0850 0x0dd0 NVENETFD - ok
12:37:55.0286 0x0dd0 [ B69E6F70CE1151C8D62ABC9DEF64DFBE, B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:37:55.0286 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: B69E6F70CE1151C8D62ABC9DEF64DFBE, sha256: B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B
12:37:55.0318 0x0dd0 nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
12:37:57.0798 0x0dd0 Detect skipped due to KSN trusted
12:37:57.0798 0x0dd0 nvlddmkm - ok
12:37:57.0829 0x0dd0 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:37:57.0829 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: B3E25EE28883877076E0E1FF877D02E0, sha256: 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C
12:37:57.0829 0x0dd0 nvraid - detected LockedFile.Multi.Generic ( 1 )
12:38:00.0310 0x0dd0 Detect skipped due to KSN trusted
12:38:00.0310 0x0dd0 nvraid - ok
12:38:00.0356 0x0dd0 [ C44EE36DD84FA95EB81D79C374756003, 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
12:38:00.0356 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: C44EE36DD84FA95EB81D79C374756003, sha256: 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682
12:38:00.0356 0x0dd0 nvsmu - detected LockedFile.Multi.Generic ( 1 )
12:38:02.0836 0x0dd0 Detect skipped due to KSN trusted
12:38:02.0836 0x0dd0 nvsmu - ok
12:38:02.0867 0x0dd0 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:38:02.0867 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: 4380E59A170D88C4F1022EFF6719A8A4, sha256: 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2
12:38:02.0867 0x0dd0 nvstor - detected LockedFile.Multi.Generic ( 1 )
12:38:05.0347 0x0dd0 Detect skipped due to KSN trusted
12:38:05.0347 0x0dd0 nvstor - ok
12:38:05.0456 0x0dd0 [ E4284FCF99FEA13A7E1836F87AE356F6, 541C40DD3483810632320E8F23427BB52593D156E876C6023BE7F7A8589383E8 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:38:05.0488 0x0dd0 nvsvc - ok
12:38:05.0628 0x0dd0 [ 03E60E0BFA53ED15DC984FA34B44BB0F, 50ABF2E303B9A2B6DDD0DB411C24C3CD6CC30AFA664B5682CF9189F96548CC10 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:38:05.0690 0x0dd0 nvUpdatusService - ok
12:38:05.0722 0x0dd0 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:38:05.0722 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 5A0983915F02BAE73267CC2A041F717D, sha256: D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8
12:38:05.0722 0x0dd0 nv_agp - detected LockedFile.Multi.Generic ( 1 )
12:38:08.0186 0x0dd0 Detect skipped due to KSN trusted
12:38:08.0186 0x0dd0 nv_agp - ok
12:38:08.0218 0x0dd0 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:38:08.0218 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 08A70A1F2CDDE9BB49B885CB817A66EB, sha256: 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63
12:38:08.0218 0x0dd0 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
12:38:10.0698 0x0dd0 Detect skipped due to KSN trusted
12:38:10.0698 0x0dd0 ohci1394 - ok
12:38:10.0760 0x0dd0 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:38:10.0776 0x0dd0 ose - ok
12:38:10.0823 0x0dd0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:38:10.0901 0x0dd0 p2pimsvc - ok
12:38:10.0948 0x0dd0 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
12:38:10.0994 0x0dd0 p2psvc - ok
12:38:11.0026 0x0dd0 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:38:11.0026 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 2EA877ED5DD9713C5AC74E8EA7348D14, sha256: 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE
12:38:11.0026 0x0dd0 Parport - detected LockedFile.Multi.Generic ( 1 )
12:38:13.0506 0x0dd0 Detect skipped due to KSN trusted
12:38:13.0506 0x0dd0 Parport - ok
12:38:13.0537 0x0dd0 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:38:13.0537 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 3F34A1B4C5F6475F320C275E63AFCE9B, sha256: 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B
12:38:13.0537 0x0dd0 partmgr - detected LockedFile.Multi.Generic ( 1 )
12:38:16.0018 0x0dd0 Detect skipped due to KSN trusted
12:38:16.0018 0x0dd0 partmgr - ok
12:38:16.0049 0x0dd0 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:38:16.0049 0x0dd0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parvdm.sys. md5: EB0A59F29C19B86479D36B35983DAADC, sha256: AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8
12:38:16.0049 0x0dd0 Parvdm - detected LockedFile.Multi.Generic ( 1 )
12:38:18.0514 0x0dd0 Detect skipped due to
|
| Themen zu G data blockiert , keine Systemwiederherstellung möglich , Taskmanager funktioniert nicht |
| angeblich, ausführen, blockiert, data, ellung, funktionier, funktioniert, funktioniert nicht, g data, installier, installiert, kurzem, link, mail, neuinstallierung, nicht mehr, ratlos, rechner, retten, rätsel, sperrt, starte, systemwiederherstellung, taskma, taskmanager |
Baum-Darstellung