|
Keine Kontrolle über Win10 Rechner werde ausgespäht - Virenscanner finden nichts - Neuinstallation erfolglos Liste der Anhänge anzeigen (Anzahl: 1) Hallo zusammen, ich kann meinen Rechner/Netzwerk nicht mehr selbst kontrollieren. Meine Rechner starten Dienste, die sie blockieren und rebooten bzw. gehen aus. Das Internet ist sehr langsam und Seiten werden nicht mehr gefunden. Die Proxy Einstellungen gehen immer wieder auf localhost und 127.0.0.1. Die Tastatur welchselt die Spracheinstellung, die Netzwerkadapter kommen und gehen. Ich habe schon mehrere Neuinstallationen gestartet, aber das Verhalten wird nicht besser. Den von Euch empfohlenen FRST kann ich nicht downloaden. Ich habe den Hijacked Report und den des Farbar Minitools in den Anhang gesetzt. Wie gesagt, ich weiss nicht was ich machen soll und hoffe, auf Eure Unterstützung. Vielen Dank und Grüsse ElPirato |
Hi Das W10 Installationsmedium hast du woher? Direkt von Microsoft bezogen, wenn nicht woher genau? Und die Logs bitte NICHT als Anhang.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
Hallo Cosinus, dies ist mein dritter Versuch, daher erst einmal vielen Dank für die schnelle Rückmeldung:-) Code: Logfile of Trend Micro HijackThis v2.0.5Code: MiniToolBox by Farbar Version: 30-11-2014 |
Bitte meine Frage nach der Quelle beantworten. |
Sorry Cosinus, die Seite ist ständig weg:-( MS 10 KEy habe ich aus der 8er Version und aus dem Testprogramm von MS. Hier sollte alles korrekt sein! |
Probier mal FSS: Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. |
Ich habe den Eindruck, dass eine Installationsroutine meine Rechner zersägt. Ich bekomme eine Fehlermeldung von meinem Router: Warning! The website contains malware. Visiting this site may harm your computer RT-AC56U Detailed informations: •Description: Sites used by malicious programs, including sites used to host upgrades or store stolen information. •Host: BsRO (00:1D:BA:AE:03:1B) •URL: download.bleepingcomputer.com Wir empfehlen If you are a manager and want to disable this protection, please go to Home Protection for configuration For your client side advanced internet security protection. Trend Micro offer you more advanced home security solution. Please visit the site for free trial or online scan service. LOS Gerade Horrorerlebnis gehabt! Beim 2. Downloadversuch war mein Bildschirm plötzlich schwarz!! Die Tastatur ist nun auch verstellt:-( Kannst Du mir das Programm anders zugänglich machen? Hi Cosinus, ich habe nun über eine andere Seite geschafft:-) Code: Farbar Service Scanner Version: 03-01-2016 |
Wir brauchen unbedingt FRST. Notfalls musst du es von einem anderen Rechner runterladen und auf den Problemrechner per Stick übertragen. Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
Der zweite Rechner :-) FRST Logfile: Code: Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016[CODE] Und nun die addition: Code: Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-01-2016 |
Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Und bitte auch TDSS von Kaspersky: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
Ich werde wahnsinnig! Der REchner pfeift aus allen Löchern und nichts gefunden :headbang: Code: Malwarebytes Anti-Rootkit BETA 1.9.3.1001 |
Vllt verträgt dein Rechner einfach kein W10 :confused: Installier mal testweise auf diesem Rechner ein Ubuntu MATE siehe https://wiki.ubuntuusers.de/Einsteiger/ |
Was ist denn das? Dies hat der andere Rechner erzeugt* Code: Malwarebytes Anti-Rootkit BETA 1.9.3.1001Der Toshiba ist 2 Jahre alt und ist für Win 10 ausgelegt! Der Sony ist 6Jahre alt und konnte dies auch ;-) An Ubunto hatte ich auch schon gedacht, aber die Erstellung des Installationsmediums ist gescheitert:-( 14:48:07.0618 0x0b98 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12 14:48:11.0728 0x0b98 ============================================================ 14:48:11.0728 0x0b98 Current date / time: 2016/01/19 14:48:11.0728 14:48:11.0728 0x0b98 SystemInfo: 14:48:11.0728 0x0b98 14:48:11.0728 0x0b98 OS Version: 10.0.10586 ServicePack: 0.0 14:48:11.0728 0x0b98 Product type: Workstation 14:48:11.0728 0x0b98 ComputerName: HOME 14:48:11.0728 0x0b98 UserName: Administrator 14:48:11.0728 0x0b98 Windows directory: C:\Windows 14:48:11.0728 0x0b98 System windows directory: C:\Windows 14:48:11.0728 0x0b98 Running under WOW64 14:48:11.0728 0x0b98 Processor architecture: Intel x64 14:48:11.0728 0x0b98 Number of processors: 4 14:48:11.0728 0x0b98 Page size: 0x1000 14:48:11.0728 0x0b98 Boot type: Normal boot 14:48:11.0728 0x0b98 ============================================================ 14:48:11.0728 0x0b98 BG loaded 14:48:12.0681 0x0b98 System UUID: {E55538C0-AAB9-E319-B753-149B97C229FC} 14:48:13.0572 0x0b98 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A0 14:48:14.0181 0x0b98 ============================================================ 14:48:14.0181 0x0b98 \Device\Harddisk0\DR0: 14:48:14.0197 0x0b98 MBR partitions: 14:48:14.0197 0x0b98 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000 14:48:14.0197 0x0b98 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0xED81000 14:48:14.0197 0x0b98 ============================================================ 14:48:14.0197 0x0b98 C: <-> \Device\Harddisk0\DR0\Partition2 14:48:14.0197 0x0b98 ============================================================ 14:48:14.0197 0x0b98 Initialize success 14:48:14.0197 0x0b98 ============================================================ 14:48:25.0574 0x0d7c ============================================================ 14:48:25.0574 0x0d7c Scan started 14:48:25.0574 0x0d7c Mode: Manual; SigCheck; TDLFS; 14:48:25.0574 0x0d7c ============================================================ 14:48:25.0574 0x0d7c KSN ping started 14:48:25.0699 0x0d7c KSN ping finished: true 14:48:26.0262 0x0d7c ================ Scan system memory ======================== 14:48:26.0262 0x0d7c System memory - ok 14:48:26.0262 0x0d7c ================ Scan services ============================= 14:48:26.0356 0x0d7c [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys 14:48:26.0356 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\1394ohci.sys. md5: DF1C3D7E6C7929AD83BE22852B5B08CB, sha256: 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F 14:48:26.0356 0x0d7c 1394ohci - detected LockedFile.Multi.Generic ( 1 ) 14:48:28.0731 0x0d7c Detect skipped due to KSN trusted 14:48:28.0731 0x0d7c 1394ohci - ok 14:48:28.0746 0x0d7c [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware C:\Windows\system32\drivers\3ware.sys 14:48:28.0840 0x0d7c 3ware - ok 14:48:28.0856 0x0d7c [ 6B6C39AB2CD7BEB6CFF624522E5449DE, 740D99D2C525FB4F81FB2754281CECEA5FF13DD2120081306728FE33859F28F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:48:28.0856 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ACPI.sys. md5: 6B6C39AB2CD7BEB6CFF624522E5449DE, sha256: 740D99D2C525FB4F81FB2754281CECEA5FF13DD2120081306728FE33859F28F2 14:48:28.0856 0x0d7c ACPI - detected LockedFile.Multi.Generic ( 1 ) 14:48:28.0965 0x0d7c Detect skipped due to KSN trusted 14:48:28.0965 0x0d7c ACPI - ok 14:48:28.0981 0x0d7c [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex C:\Windows\system32\Drivers\acpiex.sys 14:48:29.0012 0x0d7c acpiex - ok 14:48:29.0028 0x0d7c [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr C:\Windows\System32\drivers\acpipagr.sys 14:48:29.0028 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\acpipagr.sys. md5: C498887123327CDFD73A05E7A2780920, sha256: B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA 14:48:29.0028 0x0d7c acpipagr - detected LockedFile.Multi.Generic ( 1 ) 14:48:29.0137 0x0d7c Detect skipped due to KSN trusted 14:48:29.0137 0x0d7c acpipagr - ok 14:48:29.0137 0x0d7c [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys 14:48:29.0137 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\acpipmi.sys. md5: C8DBE6EFFCF014CAA010B9BDDAC833EC, sha256: 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 14:48:29.0137 0x0d7c AcpiPmi - detected LockedFile.Multi.Generic ( 1 ) 14:48:29.0262 0x0d7c Detect skipped due to KSN trusted 14:48:29.0262 0x0d7c AcpiPmi - ok 14:48:29.0278 0x0d7c [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime C:\Windows\System32\drivers\acpitime.sys 14:48:29.0278 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\acpitime.sys. md5: 17039DBEB3B7B9ADCDB4B4533AA9771F, sha256: A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B 14:48:29.0278 0x0d7c acpitime - detected LockedFile.Multi.Generic ( 1 ) 14:48:30.0028 0x0d7c Detect skipped due to KSN trusted 14:48:30.0028 0x0d7c acpitime - ok 14:48:30.0090 0x0d7c [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS 14:48:30.0137 0x0d7c ADP80XX - ok 14:48:30.0168 0x0d7c [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD C:\Windows\system32\drivers\afd.sys 14:48:30.0200 0x0d7c AFD - ok 14:48:30.0200 0x0d7c [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:48:30.0200 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\agp440.sys. md5: 870F1A2C936F92B5D053DF7EC75B352F, sha256: D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 14:48:30.0200 0x0d7c agp440 - detected LockedFile.Multi.Generic ( 1 ) 14:48:30.0309 0x0d7c Detect skipped due to KSN trusted 14:48:30.0309 0x0d7c agp440 - ok 14:48:30.0325 0x0d7c [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys 14:48:30.0387 0x0d7c ahcache - ok 14:48:30.0403 0x0d7c [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter C:\Windows\System32\AJRouter.dll 14:48:30.0434 0x0d7c AJRouter - ok 14:48:30.0434 0x0d7c [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG C:\Windows\System32\alg.exe 14:48:30.0481 0x0d7c ALG - ok 14:48:30.0481 0x0d7c [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys 14:48:30.0481 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\amdk8.sys. md5: B70F0F2F54B4A4DB6E9C830454752F5A, sha256: C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 14:48:30.0481 0x0d7c AmdK8 - detected LockedFile.Multi.Generic ( 1 ) 14:48:30.0575 0x0d7c Detect skipped due to KSN trusted 14:48:30.0575 0x0d7c AmdK8 - ok 14:48:30.0590 0x0d7c [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys 14:48:30.0590 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\amdppm.sys. md5: 35E890482C9728DD5C552B85DA8A5AB2, sha256: 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 14:48:30.0590 0x0d7c AmdPPM - detected LockedFile.Multi.Generic ( 1 ) 14:48:30.0700 0x0d7c Detect skipped due to KSN trusted 14:48:30.0700 0x0d7c AmdPPM - ok 14:48:30.0715 0x0d7c [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:48:30.0715 0x0d7c amdsata - ok 14:48:30.0731 0x0d7c [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 14:48:30.0762 0x0d7c amdsbs - ok 14:48:30.0762 0x0d7c [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:48:30.0778 0x0d7c amdxata - ok 14:48:30.0778 0x0d7c [ 2BBD3A492B93C7E669D01EE88977D7DE, 311EA890E555E144F4B0DDC3112B2EB5CB848DEA4F33A300942494D8989473E0 ] AppID C:\Windows\system32\drivers\appid.sys 14:48:30.0793 0x0d7c AppID - ok 14:48:30.0809 0x0d7c [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:48:30.0840 0x0d7c AppIDSvc - ok 14:48:30.0840 0x0d7c [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo C:\Windows\System32\appinfo.dll 14:48:30.0887 0x0d7c Appinfo - ok 14:48:30.0903 0x0d7c [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt C:\Windows\System32\appmgmts.dll 14:48:30.0934 0x0d7c AppMgmt - ok 14:48:30.0965 0x0d7c [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness C:\Windows\system32\AppReadiness.dll 14:48:31.0012 0x0d7c AppReadiness - ok 14:48:31.0075 0x0d7c [ BF58041024FEF96B48F7D691003B4BCB, FAD25702256AA8E668F082E16C2C05FD7FA907DCA88787BF36121D1B073350C9 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll 14:48:31.0184 0x0d7c AppXSvc - ok 14:48:31.0200 0x0d7c [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:48:31.0215 0x0d7c arcsas - ok 14:48:31.0215 0x0d7c [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac C:\Windows\System32\drivers\asyncmac.sys 14:48:31.0247 0x0d7c AsyncMac - ok 14:48:31.0262 0x0d7c [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi C:\Windows\system32\drivers\atapi.sys 14:48:31.0262 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, sha256: A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 14:48:31.0262 0x0d7c atapi - detected LockedFile.Multi.Generic ( 1 ) 14:48:31.0372 0x0d7c Detect skipped due to KSN trusted 14:48:31.0372 0x0d7c atapi - ok 14:48:31.0403 0x0d7c [ 890BF20BDF500E4E84720EA84448EDDF, EF5EECA20FFB6B78277CE551877479DB79E91DB23B46530C1D0E746F0F51FBBF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll 14:48:31.0434 0x0d7c AudioEndpointBuilder - ok 14:48:31.0465 0x0d7c [ FAC1E762CB49992381691B00D2069B3E, 9973814BB259A370E6A17EDFB785CED9C634721E6D6FE069667B669AE60EB5F6 ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:48:31.0528 0x0d7c Audiosrv - ok 14:48:31.0543 0x0d7c [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:48:31.0575 0x0d7c AxInstSV - ok 14:48:31.0606 0x0d7c [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 14:48:31.0622 0x0d7c b06bdrv - ok 14:48:31.0637 0x0d7c [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys 14:48:31.0637 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BasicDisplay.sys. md5: B4AC08B1D04D0CE085435E5CD0E663C5, sha256: 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC 14:48:31.0637 0x0d7c BasicDisplay - detected LockedFile.Multi.Generic ( 1 ) 14:48:31.0747 0x0d7c Detect skipped due to KSN trusted 14:48:31.0747 0x0d7c BasicDisplay - ok 14:48:31.0762 0x0d7c [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender C:\Windows\System32\drivers\BasicRender.sys 14:48:31.0762 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BasicRender.sys. md5: 25B5BB369DEE2BAE4BF459C978FF9035, sha256: DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA 14:48:31.0762 0x0d7c BasicRender - detected LockedFile.Multi.Generic ( 1 ) 14:48:31.0887 0x0d7c Detect skipped due to KSN trusted 14:48:31.0887 0x0d7c BasicRender - ok 14:48:31.0887 0x0d7c [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\Windows\System32\drivers\bcmfn.sys 14:48:31.0934 0x0d7c bcmfn - ok 14:48:31.0950 0x0d7c [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys 14:48:31.0965 0x0d7c bcmfn2 - ok 14:48:31.0981 0x0d7c [ F8F398A4AF7E0917320BC2B2CD812888, 02B9A6EA0AA750CA9B62AB09E99956C35E252A12B22C2CBFDC4E941ED5870591 ] BDESVC C:\Windows\System32\bdesvc.dll 14:48:32.0028 0x0d7c BDESVC - ok 14:48:32.0043 0x0d7c [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep C:\Windows\system32\drivers\Beep.sys 14:48:32.0059 0x0d7c Beep - ok 14:48:32.0090 0x0d7c [ 8EA08141590CB9331FA773FB430E91E4, 0507499EF423CC9EE9AC18C2B5CBF9965E69481C69DC96E361C2184C53C3F404 ] BFE C:\Windows\System32\bfe.dll 14:48:32.0153 0x0d7c BFE - ok 14:48:32.0200 0x0d7c [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS C:\Windows\System32\qmgr.dll 14:48:32.0278 0x0d7c BITS - ok 14:48:32.0293 0x0d7c [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:48:32.0325 0x0d7c bowser - ok 14:48:32.0340 0x0d7c [ 62C0D7CD771F26198F76F56B81D8A5B5, 3505DA8B68486D393BF7DCE5F463EA7F88387E6F06BC8175F3514BD6AFE25C37 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll 14:48:32.0403 0x0d7c BrokerInfrastructure - ok 14:48:32.0403 0x0d7c [ DA4C9335434E71D6CC86A3CA567769CC, 9FE5EE3CC91CADBF952446E0A9A79A8834B03C8D4C47D6E9257AF64B2C17F518 ] Browser C:\Windows\System32\browser.dll 14:48:32.0450 0x0d7c Browser - ok 14:48:32.0450 0x0d7c [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys 14:48:32.0450 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BthAvrcpTg.sys. md5: CAEC7BC11AF69A181AF7932E636E09E4, sha256: 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 14:48:32.0450 0x0d7c BthAvrcpTg - detected LockedFile.Multi.Generic ( 1 ) 14:48:32.0606 0x0d7c Detect skipped due to KSN trusted 14:48:32.0606 0x0d7c BthAvrcpTg - ok 14:48:32.0622 0x0d7c [ 7F2165B51C19A5F59BCA94E0A1B1E0D3, 09F0A23554761C5559BED50941BCC40519F88003B6D655527F514D5F9D4CB469 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys 14:48:32.0622 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BthEnum.sys. md5: 7F2165B51C19A5F59BCA94E0A1B1E0D3, sha256: 09F0A23554761C5559BED50941BCC40519F88003B6D655527F514D5F9D4CB469 14:48:32.0622 0x0d7c BthEnum - detected LockedFile.Multi.Generic ( 1 ) 14:48:32.0747 0x0d7c Detect skipped due to KSN trusted 14:48:32.0747 0x0d7c BthEnum - ok 14:48:32.0762 0x0d7c [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys 14:48:32.0762 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\bthhfenum.sys. md5: 5F2B4B32E986C058525D3BA2A475A16C, sha256: CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 14:48:32.0762 0x0d7c BthHFEnum - detected LockedFile.Multi.Generic ( 1 ) 14:48:32.0856 0x0d7c Detect skipped due to KSN trusted 14:48:32.0856 0x0d7c BthHFEnum - ok 14:48:32.0872 0x0d7c [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys 14:48:32.0872 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BthHFHid.sys. md5: 5406289E8AE2CB52FC408154E0A64BA7, sha256: 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 14:48:32.0872 0x0d7c bthhfhid - detected LockedFile.Multi.Generic ( 1 ) 14:48:32.0997 0x0d7c Detect skipped due to KSN trusted 14:48:32.0997 0x0d7c bthhfhid - ok 14:48:33.0028 0x0d7c [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll 14:48:33.0028 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\BthHFSrv.dll. md5: BAB101E7826BE287F79C4BA721621989, sha256: E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 14:48:33.0028 0x0d7c BthHFSrv - detected LockedFile.Multi.Generic ( 1 ) 14:48:33.0153 0x0d7c Detect skipped due to KSN trusted 14:48:33.0153 0x0d7c BthHFSrv - ok 14:48:33.0168 0x0d7c [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys 14:48:33.0168 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\bthmodem.sys. md5: A76F20CCCA31895A1DA78A875E50F946, sha256: ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C 14:48:33.0168 0x0d7c BTHMODEM - detected LockedFile.Multi.Generic ( 1 ) 14:48:33.0278 0x0d7c Detect skipped due to KSN trusted 14:48:33.0278 0x0d7c BTHMODEM - ok 14:48:33.0293 0x0d7c [ 09C3DB1B137B269A822F941D867A6BB6, CC99FBD76DA19D951864D4967EA9F3C048811E9BB7BBB67B724FC82A50B14516 ] BthPan C:\Windows\System32\drivers\bthpan.sys 14:48:33.0293 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\bthpan.sys. md5: 09C3DB1B137B269A822F941D867A6BB6, sha256: CC99FBD76DA19D951864D4967EA9F3C048811E9BB7BBB67B724FC82A50B14516 14:48:33.0293 0x0d7c BthPan - detected LockedFile.Multi.Generic ( 1 ) 14:48:33.0419 0x0d7c Detect skipped due to KSN trusted 14:48:33.0419 0x0d7c BthPan - ok 14:48:33.0512 0x0d7c [ 40811857B266F02D75DE654AE92D98C9, 964A50FA4A6B0D62B9D8135B2FB9D7222216F99230849CD5478278B06ACD9A5B ] BTHPORT C:\Windows\System32\drivers\BTHport.sys 14:48:33.0512 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BTHport.sys. md5: 40811857B266F02D75DE654AE92D98C9, sha256: 964A50FA4A6B0D62B9D8135B2FB9D7222216F99230849CD5478278B06ACD9A5B 14:48:33.0528 0x0d7c BTHPORT - detected LockedFile.Multi.Generic ( 1 ) 14:48:33.0637 0x0d7c Detect skipped due to KSN trusted 14:48:33.0637 0x0d7c BTHPORT - ok 14:48:33.0653 0x0d7c [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv C:\Windows\system32\bthserv.dll 14:48:33.0715 0x0d7c bthserv - ok 14:48:33.0715 0x0d7c [ F001B81D47CEBF96E60CE971FFCC45C4, EE419B557C52B0F1704B5D58E7FA9A996B33E78CC02EA4CA1D28CAB8CFD77D95 ] BTHUSB C:\Windows\System32\drivers\BTHUSB.sys 14:48:33.0715 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BTHUSB.sys. md5: F001B81D47CEBF96E60CE971FFCC45C4, sha256: EE419B557C52B0F1704B5D58E7FA9A996B33E78CC02EA4CA1D28CAB8CFD77D95 14:48:33.0715 0x0d7c BTHUSB - detected LockedFile.Multi.Generic ( 1 ) 14:48:33.0825 0x0d7c Detect skipped due to KSN trusted 14:48:33.0825 0x0d7c BTHUSB - ok 14:48:33.0903 0x0d7c [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys 14:48:33.0965 0x0d7c btmhsf - ok 14:48:33.0965 0x0d7c [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys 14:48:33.0965 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\buttonconverter.sys. md5: BF89BDBA5D3A0B4256D3F6FC8D31880D, sha256: 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 14:48:33.0965 0x0d7c buttonconverter - detected LockedFile.Multi.Generic ( 1 ) 14:48:34.0075 0x0d7c Detect skipped due to KSN trusted 14:48:34.0075 0x0d7c buttonconverter - ok 14:48:34.0090 0x0d7c [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg C:\Windows\System32\drivers\capimg.sys 14:48:34.0153 0x0d7c CapImg - ok 14:48:34.0169 0x0d7c [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:48:34.0200 0x0d7c cdfs - ok 14:48:34.0200 0x0d7c [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc C:\Windows\System32\CDPSvc.dll 14:48:34.0247 0x0d7c CDPSvc - ok 14:48:34.0262 0x0d7c [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom C:\Windows\System32\drivers\cdrom.sys 14:48:34.0262 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\cdrom.sys. md5: 82D97776BF982AA143BDC7DFB5054EA8, sha256: 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C 14:48:34.0262 0x0d7c cdrom - detected LockedFile.Multi.Generic ( 1 ) 14:48:34.0372 0x0d7c Detect skipped due to KSN trusted 14:48:34.0372 0x0d7c cdrom - ok 14:48:34.0387 0x0d7c [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc C:\Windows\System32\certprop.dll 14:48:34.0465 0x0d7c CertPropSvc - ok 14:48:34.0465 0x0d7c [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass C:\Windows\System32\drivers\circlass.sys 14:48:34.0465 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\circlass.sys. md5: 0505C1D991D0F9D47F3353BB98597C7E, sha256: 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A 14:48:34.0465 0x0d7c circlass - detected LockedFile.Multi.Generic ( 1 ) 14:48:34.0840 0x0d7c Detect skipped due to KSN trusted 14:48:34.0840 0x0d7c circlass - ok 14:48:34.0872 0x0d7c [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS C:\Windows\system32\drivers\CLFS.sys 14:48:34.0903 0x0d7c CLFS - ok 14:48:34.0934 0x0d7c [ BE10905777246CA6AA74F48FE9236517, D51B13FB176D82665C91B59B3C6E229CE746E20ED1BB20DADF6184C7A29E69AF ] ClipSVC C:\Windows\System32\ClipSVC.dll 14:48:34.0965 0x0d7c ClipSVC - ok 14:48:34.0981 0x0d7c [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt C:\Windows\System32\drivers\CmBatt.sys 14:48:34.0981 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\CmBatt.sys. md5: 95832B049E2833B9F5189823CDF946C7, sha256: 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D 14:48:34.0981 0x0d7c CmBatt - detected LockedFile.Multi.Generic ( 1 ) 14:48:35.0075 0x0d7c Detect skipped due to KSN trusted 14:48:35.0075 0x0d7c CmBatt - ok 14:48:35.0122 0x0d7c [ 80977779A19947939D680A4899E829EC, 6D510B1EFA39D79D0A8B3CD4F00937A4DDC1411664B001D4ABC546C98345F630 ] CNG C:\Windows\system32\Drivers\cng.sys 14:48:35.0153 0x0d7c CNG - ok 14:48:35.0153 0x0d7c [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist C:\Windows\system32\DRIVERS\cnghwassist.sys 14:48:35.0169 0x0d7c cnghwassist - ok 14:48:35.0184 0x0d7c [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14:48:35.0215 0x0d7c CompositeBus - ok 14:48:35.0231 0x0d7c COMSysApp - ok 14:48:35.0231 0x0d7c [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv C:\Windows\system32\drivers\condrv.sys 14:48:35.0247 0x0d7c condrv - ok 14:48:35.0278 0x0d7c [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll 14:48:35.0309 0x0d7c CoreMessagingRegistrar - ok 14:48:35.0356 0x0d7c [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 14:48:35.0481 0x0d7c cphs - ok 14:48:35.0497 0x0d7c [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:48:35.0528 0x0d7c CryptSvc - ok 14:48:35.0559 0x0d7c [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC C:\Windows\system32\drivers\csc.sys 14:48:35.0606 0x0d7c CSC - ok 14:48:35.0622 0x0d7c [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService C:\Windows\System32\cscsvc.dll 14:48:35.0700 0x0d7c CscService - ok 14:48:35.0700 0x0d7c [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam C:\Windows\system32\drivers\dam.sys 14:48:35.0715 0x0d7c dam - ok 14:48:35.0747 0x0d7c [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:48:35.0809 0x0d7c DcomLaunch - ok 14:48:35.0825 0x0d7c [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc C:\Windows\system32\dcpsvc.dll 14:48:35.0872 0x0d7c DcpSvc - ok 14:48:35.0887 0x0d7c [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc C:\Windows\System32\defragsvc.dll 14:48:35.0950 0x0d7c defragsvc - ok 14:48:35.0965 0x0d7c [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\Windows\system32\das.dll 14:48:36.0028 0x0d7c DeviceAssociationService - ok 14:48:36.0028 0x0d7c [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll 14:48:36.0075 0x0d7c DeviceInstall - ok 14:48:36.0075 0x0d7c [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker C:\Windows\system32\DevQueryBroker.dll 14:48:36.0122 0x0d7c DevQueryBroker - ok 14:48:36.0137 0x0d7c [ C9478D7DB7BE5D7ACE65CB1167F07320, D5082D09EE62E34A195768040B741E22ACC9421CFF315423D77A63ABF8F5E39E ] Dfsc C:\Windows\system32\Drivers\dfsc.sys 14:48:36.0169 0x0d7c Dfsc - ok 14:48:36.0184 0x0d7c [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp C:\Windows\system32\dhcpcore.dll 14:48:36.0231 0x0d7c Dhcp - ok 14:48:36.0231 0x0d7c [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 14:48:36.0262 0x0d7c diagnosticshub.standardcollector.service - ok 14:48:36.0309 0x0d7c [ 7AE76C7BC60B53999AD07F6A8AFF15C0, 8DC5DA1FAE508D03433C051C877657038BA346707D37FDBC2FE74B4C1F3509A0 ] DiagTrack C:\Windows\system32\diagtrack.dll 14:48:36.0372 0x0d7c DiagTrack - ok 14:48:36.0387 0x0d7c [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk C:\Windows\system32\drivers\disk.sys 14:48:36.0387 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\disk.sys. md5: 4904B152E4942BF700F2D73228B4D477, sha256: 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F 14:48:36.0387 0x0d7c disk - detected LockedFile.Multi.Generic ( 1 ) 14:48:36.0497 0x0d7c Detect skipped due to KSN trusted 14:48:36.0497 0x0d7c disk - ok 14:48:36.0528 0x0d7c [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll 14:48:36.0606 0x0d7c DmEnrollmentSvc - ok 14:48:36.0606 0x0d7c [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc C:\Windows\System32\drivers\dmvsc.sys 14:48:36.0606 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dmvsc.sys. md5: 0197AE4B9790A4E73751CACFAA480126, sha256: 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F 14:48:36.0606 0x0d7c dmvsc - detected LockedFile.Multi.Generic ( 1 ) 14:48:36.0684 0x0d7c Detect skipped due to KSN trusted 14:48:36.0684 0x0d7c dmvsc - ok 14:48:36.0700 0x0d7c [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll 14:48:36.0731 0x0d7c dmwappushservice - ok 14:48:36.0747 0x0d7c [ 570BB222E3AFC4407636B53F6EABFA70, D0194A128370BB0A337B61402F9EEDD6F7942ADB19BF672D0F92DA2DA563D0DD ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:48:36.0778 0x0d7c Dnscache - ok 14:48:36.0794 0x0d7c [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc C:\Windows\System32\dot3svc.dll 14:48:36.0841 0x0d7c dot3svc - ok 14:48:36.0856 0x0d7c [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS C:\Windows\system32\dps.dll 14:48:36.0903 0x0d7c DPS - ok 14:48:36.0903 0x0d7c [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud C:\Windows\System32\drivers\drmkaud.sys 14:48:36.0903 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\drmkaud.sys. md5: 25FA06D3B49D6ADF8E874FFCDCD76B50, sha256: 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F 14:48:36.0903 0x0d7c drmkaud - detected LockedFile.Multi.Generic ( 1 ) 14:48:36.0997 0x0d7c Detect skipped due to KSN trusted 14:48:36.0997 0x0d7c drmkaud - ok 14:48:37.0028 0x0d7c [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll 14:48:37.0075 0x0d7c DsmSvc - ok 14:48:37.0075 0x0d7c [ 120BECF7452992DAEBD3878BFE5B2412, A1FE8FC039835A5B59ABD789F5C1BFEA2C091A29978CE386C9880E13178930E5 ] DsSvc C:\Windows\System32\DsSvc.dll 14:48:37.0122 0x0d7c DsSvc - ok 14:48:37.0169 0x0d7c [ A2512BC5F2ABD84D8B3CB0D76ADB749A, 14A1FBF606ED537B9E1B7A939C010A2BA9D609D147FB89AE52D116E59A21D99E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:48:37.0262 0x0d7c DXGKrnl - ok 14:48:37.0278 0x0d7c [ E716140ACA798A5EC48531F0739A0290, C585F1D9B08A406FE0ED35E07C2F20E793E67F8E153314A449701125C8EA7A4B ] e1iexpress C:\Windows\System32\drivers\e1i63x64.sys 14:48:37.0325 0x0d7c e1iexpress - ok 14:48:37.0341 0x0d7c [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost C:\Windows\System32\eapsvc.dll 14:48:37.0372 0x0d7c Eaphost - ok 14:48:37.0481 0x0d7c [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv C:\Windows\system32\drivers\evbda.sys 14:48:37.0606 0x0d7c ebdrv - ok 14:48:37.0622 0x0d7c [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS C:\Windows\System32\lsass.exe 14:48:37.0637 0x0d7c EFS - ok 14:48:37.0637 0x0d7c [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys 14:48:37.0653 0x0d7c EhStorClass - ok 14:48:37.0669 0x0d7c [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys 14:48:37.0669 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\EhStorTcgDrv.sys. md5: 5B1EAAE3001A7A320C106FC3859F4111, sha256: 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 14:48:37.0669 0x0d7c EhStorTcgDrv - detected LockedFile.Multi.Generic ( 1 ) 14:48:37.0778 0x0d7c Detect skipped due to KSN trusted 14:48:37.0778 0x0d7c EhStorTcgDrv - ok 14:48:37.0794 0x0d7c [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode C:\Windows\System32\embeddedmodesvc.dll 14:48:37.0856 0x0d7c embeddedmode - ok 14:48:37.0872 0x0d7c [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc C:\Windows\system32\EnterpriseAppMgmtSvc.dll 14:48:37.0903 0x0d7c EntAppSvc - ok 14:48:37.0919 0x0d7c [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev C:\Windows\System32\drivers\errdev.sys 14:48:37.0919 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\errdev.sys. md5: 7A2705148A4BB3CA255F81624338B461, sha256: 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F 14:48:37.0919 0x0d7c ErrDev - detected LockedFile.Multi.Generic ( 1 ) 14:48:38.0013 0x0d7c Detect skipped due to KSN trusted 14:48:38.0013 0x0d7c ErrDev - ok 14:48:38.0059 0x0d7c [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem C:\Windows\system32\es.dll 14:48:38.0106 0x0d7c EventSystem - ok 14:48:38.0122 0x0d7c [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat C:\Windows\system32\drivers\exfat.sys 14:48:38.0169 0x0d7c exfat - ok 14:48:38.0184 0x0d7c [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:48:38.0200 0x0d7c fastfat - ok 14:48:38.0231 0x0d7c [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax C:\Windows\system32\fxssvc.exe 14:48:38.0309 0x0d7c Fax - ok 14:48:38.0309 0x0d7c [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc C:\Windows\System32\drivers\fdc.sys 14:48:38.0309 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\fdc.sys. md5: 9D299AE86D671488926126A84DF77BFD, sha256: C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 14:48:38.0309 0x0d7c fdc - detected LockedFile.Multi.Generic ( 1 ) 14:48:38.0403 0x0d7c Detect skipped due to KSN trusted 14:48:38.0403 0x0d7c fdc - ok 14:48:38.0419 0x0d7c [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost C:\Windows\system32\fdPHost.dll 14:48:38.0481 0x0d7c fdPHost - ok 14:48:38.0544 0x0d7c [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub C:\Windows\system32\fdrespub.dll 14:48:38.0575 0x0d7c FDResPub - ok 14:48:38.0575 0x0d7c [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc C:\Windows\system32\fhsvc.dll 14:48:38.0622 0x0d7c fhsvc - ok 14:48:38.0622 0x0d7c [ 8F12AB59336143B680F71B217B495AD2, A28F62F065C68CC1A7EEF0CA52F83C3284B001565D8E154BF8568DE4A525104E ] FileCrypt C:\Windows\system32\drivers\filecrypt.sys 14:48:38.0669 0x0d7c FileCrypt - ok 14:48:38.0669 0x0d7c [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:48:38.0684 0x0d7c FileInfo - ok 14:48:38.0684 0x0d7c [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:48:38.0731 0x0d7c Filetrace - ok 14:48:38.0731 0x0d7c [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk C:\Windows\System32\drivers\flpydisk.sys 14:48:38.0731 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\flpydisk.sys. md5: E99261DD76D1C9E05AF575939CAE5AC5, sha256: A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C 14:48:38.0731 0x0d7c flpydisk - detected LockedFile.Multi.Generic ( 1 ) 14:48:38.0856 0x0d7c Detect skipped due to KSN trusted 14:48:38.0856 0x0d7c flpydisk - ok 14:48:38.0888 0x0d7c [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:48:38.0934 0x0d7c FltMgr - ok 14:48:38.0981 0x0d7c [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache C:\Windows\system32\FntCache.dll 14:48:39.0091 0x0d7c FontCache - ok 14:48:39.0091 0x0d7c [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:48:39.0106 0x0d7c FsDepends - ok 14:48:39.0122 0x0d7c [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:48:39.0138 0x0d7c Fs_Rec - ok 14:48:39.0169 0x0d7c [ 421497634C86EF4B8F86D0EBC076728F, E0D1449555D8849364E00AA747DBC820EF914A9F5B796E35070072FCBC532ADE ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:48:39.0200 0x0d7c fvevol - ok 14:48:39.0200 0x0d7c [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:48:39.0200 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\gagp30kx.sys. md5: B9981A4CB9F728B3312A3885BFAA7204, sha256: 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 14:48:39.0200 0x0d7c gagp30kx - detected LockedFile.Multi.Generic ( 1 ) 14:48:39.0309 0x0d7c Detect skipped due to KSN trusted 14:48:39.0309 0x0d7c gagp30kx - ok 14:48:39.0325 0x0d7c [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys 14:48:39.0325 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vmgencounter.sys. md5: 77555B11B264991DDC26872FFCF1AB97, sha256: D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 14:48:39.0325 0x0d7c gencounter - detected LockedFile.Multi.Generic ( 1 ) 14:48:39.0450 0x0d7c Detect skipped due to KSN trusted 14:48:39.0466 0x0d7c gencounter - ok 14:48:39.0466 0x0d7c [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn C:\Windows\System32\drivers\genericusbfn.sys 14:48:39.0466 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\genericusbfn.sys. md5: F3AC9652D88BF87BA6596CBEA28CE10F, sha256: 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F 14:48:39.0466 0x0d7c genericusbfn - detected LockedFile.Multi.Generic ( 1 ) 14:48:39.0591 0x0d7c Detect skipped due to KSN trusted 14:48:39.0591 0x0d7c genericusbfn - ok 14:48:39.0606 0x0d7c [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys 14:48:39.0653 0x0d7c GPIOClx0101 - ok 14:48:39.0700 0x0d7c [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc C:\Windows\System32\gpsvc.dll 14:48:39.0794 0x0d7c gpsvc - ok 14:48:39.0794 0x0d7c [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv C:\Windows\system32\drivers\gpuenergydrv.sys 14:48:39.0825 0x0d7c GpuEnergyDrv - ok 14:48:39.0841 0x0d7c [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys 14:48:39.0841 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HdAudio.sys. md5: 0F93EBE9071A6BB1548BF0F816EEA24B, sha256: 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 14:48:39.0841 0x0d7c HdAudAddService - detected LockedFile.Multi.Generic ( 1 ) 14:48:39.0950 0x0d7c Detect skipped due to KSN trusted 14:48:39.0950 0x0d7c HdAudAddService - ok 14:48:39.0966 0x0d7c [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys 14:48:39.0981 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\HDAudBus.sys. md5: 84BC034B6BB763733C1949B7B9BAF976, sha256: 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 14:48:39.0981 0x0d7c HDAudBus - detected LockedFile.Multi.Generic ( 1 ) 14:48:40.0106 0x0d7c Detect skipped due to KSN trusted 14:48:40.0106 0x0d7c HDAudBus - ok 14:48:40.0106 0x0d7c [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt C:\Windows\System32\drivers\HidBatt.sys 14:48:40.0106 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\HidBatt.sys. md5: 6B8CB114B8E64C0636EB49F7B914D1FC, sha256: 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 14:48:40.0122 0x0d7c HidBatt - detected LockedFile.Multi.Generic ( 1 ) 14:48:40.0247 0x0d7c Detect skipped due to KSN trusted 14:48:40.0247 0x0d7c HidBatt - ok 14:48:40.0263 0x0d7c [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth C:\Windows\System32\drivers\hidbth.sys 14:48:40.0263 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidbth.sys. md5: D1AD197CCDAAC0CB4819DA1D6EB17BAE, sha256: C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 14:48:40.0263 0x0d7c HidBth - detected LockedFile.Multi.Generic ( 1 ) 14:48:40.0403 0x0d7c Detect skipped due to KSN trusted 14:48:40.0403 0x0d7c HidBth - ok 14:48:40.0403 0x0d7c [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c C:\Windows\System32\drivers\hidi2c.sys 14:48:40.0419 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidi2c.sys. md5: 64909DECCFCC6FB5D9A5BAFDCCB31FEE, sha256: E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E 14:48:40.0419 0x0d7c hidi2c - detected LockedFile.Multi.Generic ( 1 ) 14:48:40.0544 0x0d7c Detect skipped due to KSN trusted 14:48:40.0544 0x0d7c hidi2c - ok 14:48:40.0544 0x0d7c [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt C:\Windows\System32\drivers\hidinterrupt.sys 14:48:40.0544 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidinterrupt.sys. md5: F510F7B7BF61DEAAC04E65C3B65E8D59, sha256: 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 14:48:40.0544 0x0d7c hidinterrupt - detected LockedFile.Multi.Generic ( 1 ) 14:48:40.0669 0x0d7c Detect skipped due to KSN trusted 14:48:40.0669 0x0d7c hidinterrupt - ok 14:48:40.0684 0x0d7c [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr C:\Windows\System32\drivers\hidir.sys 14:48:40.0684 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidir.sys. md5: 90F3ED42D423C942BA5EA54E2FFE7AC7, sha256: BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 14:48:40.0684 0x0d7c HidIr - detected LockedFile.Multi.Generic ( 1 ) 14:48:40.0794 0x0d7c Detect skipped due to KSN trusted 14:48:40.0794 0x0d7c HidIr - ok 14:48:40.0794 0x0d7c [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv C:\Windows\system32\hidserv.dll 14:48:40.0872 0x0d7c hidserv - ok 14:48:40.0888 0x0d7c [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb C:\Windows\System32\drivers\hidusb.sys 14:48:40.0888 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidusb.sys. md5: 128DEDDD61915DBA4D451D91D21F0513, sha256: 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 14:48:40.0888 0x0d7c HidUsb - detected LockedFile.Multi.Generic ( 1 ) 14:48:40.0981 0x0d7c Detect skipped due to KSN trusted 14:48:40.0981 0x0d7c HidUsb - ok 14:48:41.0013 0x0d7c [ 2FEF4D90C0CAED258C93CFF72A8FFD71, 56473D90E9FE52849067D080FD88B29C0BBE76E5266657E2ABD6366B7A4E9474 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:48:41.0075 0x0d7c HomeGroupListener - ok 14:48:41.0106 0x0d7c [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:48:41.0153 0x0d7c HomeGroupProvider - ok 14:48:41.0153 0x0d7c [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:48:41.0169 0x0d7c HpSAMD - ok 14:48:41.0200 0x0d7c [ A403DAE4B083EB96BC6CEDB47639B4F8, 6F5709CEA93789C075E4BE4041EC43C94910617DA4123DEE178E74E4A9B26708 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:48:41.0247 0x0d7c HTTP - ok 14:48:41.0263 0x0d7c [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:48:41.0278 0x0d7c hwpolicy - ok 14:48:41.0278 0x0d7c [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys 14:48:41.0278 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hyperkbd.sys. md5: D668FAB4B0397B426EE3D41683B9A1C0, sha256: 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 14:48:41.0278 0x0d7c hyperkbd - detected LockedFile.Multi.Generic ( 1 ) 14:48:41.0388 0x0d7c Detect skipped due to KSN trusted 14:48:41.0388 0x0d7c hyperkbd - ok 14:48:41.0403 0x0d7c [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys 14:48:41.0403 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\i8042prt.sys. md5: 53FDD9E69189E546DE4740F8C4D8AB2F, sha256: 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D 14:48:41.0403 0x0d7c i8042prt - detected LockedFile.Multi.Generic ( 1 ) 14:48:41.0513 0x0d7c Detect skipped due to KSN trusted 14:48:41.0513 0x0d7c i8042prt - ok 14:48:41.0528 0x0d7c [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\Windows\System32\drivers\iai2c.sys 14:48:41.0591 0x0d7c iai2c - ok 14:48:41.0607 0x0d7c [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 14:48:41.0622 0x0d7c iaLPSS2i_I2C - ok 14:48:41.0638 0x0d7c [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 14:48:41.0669 0x0d7c iaLPSSi_GPIO - ok 14:48:41.0669 0x0d7c [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys 14:48:41.0700 0x0d7c iaLPSSi_I2C - ok 14:48:41.0732 0x0d7c [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys 14:48:41.0763 0x0d7c iaStorAV - ok 14:48:41.0778 0x0d7c [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:48:41.0810 0x0d7c iaStorV - ok 14:48:41.0825 0x0d7c [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus C:\Windows\System32\drivers\ibbus.sys 14:48:41.0857 0x0d7c ibbus - ok 14:48:41.0857 0x0d7c [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys 14:48:41.0872 0x0d7c iBtFltCoex - ok 14:48:41.0888 0x0d7c [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc C:\Windows\System32\tetheringservice.dll 14:48:41.0919 0x0d7c icssvc - ok 14:48:41.0919 0x0d7c IEEtwCollectorService - ok 14:48:42.0075 0x0d7c [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 14:48:42.0294 0x0d7c igfx - ok 14:48:42.0341 0x0d7c [ 12F8D27ED8623DDDC09A549EDADCBAC9, D3A3F0588D9CAF1027D8BC14601E2A6AB7E5924A2C23C90D38A9E14538DB02A9 ] IKEEXT C:\Windows\System32\ikeext.dll 14:48:42.0419 0x0d7c IKEEXT - ok 14:48:42.0435 0x0d7c [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide C:\Windows\system32\drivers\intelide.sys 14:48:42.0435 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: ECDB27420D3A98424666904525A8562A, sha256: BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A 14:48:42.0435 0x0d7c intelide - detected LockedFile.Multi.Generic ( 1 ) 14:48:42.0544 0x0d7c Detect skipped due to KSN trusted 14:48:42.0544 0x0d7c intelide - ok 14:48:42.0544 0x0d7c [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep C:\Windows\system32\drivers\intelpep.sys 14:48:42.0544 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelpep.sys. md5: 8FF1978643EFD219C5BA49690191D701, sha256: 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA 14:48:42.0560 0x0d7c intelpep - detected LockedFile.Multi.Generic ( 1 ) 14:48:42.0669 0x0d7c Detect skipped due to KSN trusted 14:48:42.0669 0x0d7c intelpep - ok 14:48:42.0685 0x0d7c [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm C:\Windows\System32\drivers\intelppm.sys 14:48:42.0685 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\intelppm.sys. md5: B61B60F36E1C8022FA8166ABF0F66B07, sha256: 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 14:48:42.0685 0x0d7c intelppm - detected LockedFile.Multi.Generic ( 1 ) 14:48:42.0779 0x0d7c Detect skipped due to KSN trusted 14:48:42.0779 0x0d7c intelppm - ok 14:48:42.0794 0x0d7c [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos C:\Windows\system32\drivers\ioqos.sys 14:48:42.0857 0x0d7c IoQos - ok 14:48:42.0872 0x0d7c [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:48:42.0904 0x0d7c IpFilterDriver - ok 14:48:42.0935 0x0d7c [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:48:43.0013 0x0d7c iphlpsvc - ok 14:48:43.0013 0x0d7c [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys 14:48:43.0013 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\IPMIDrv.sys. md5: 4F527ECB5EAB47D8EAF34A469666C469, sha256: 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 14:48:43.0013 0x0d7c IPMIDRV - detected LockedFile.Multi.Generic ( 1 ) 14:48:43.0122 0x0d7c Detect skipped due to KSN trusted 14:48:43.0122 0x0d7c IPMIDRV - ok 14:48:43.0138 0x0d7c [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:48:43.0185 0x0d7c IPNAT - ok 14:48:43.0185 0x0d7c [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:48:43.0216 0x0d7c IRENUM - ok 14:48:43.0216 0x0d7c [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:48:43.0216 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 531994A6D9399D9B74BE12B5BB58A81E, sha256: 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 14:48:43.0216 0x0d7c isapnp - detected LockedFile.Multi.Generic ( 1 ) 14:48:43.0325 0x0d7c Detect skipped due to KSN trusted 14:48:43.0325 0x0d7c isapnp - ok 14:48:43.0357 0x0d7c [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys 14:48:43.0357 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\msiscsi.sys. md5: 68D5354A4A9692EEC24664C60F47D4A2, sha256: 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD 14:48:43.0357 0x0d7c iScsiPrt - detected LockedFile.Multi.Generic ( 1 ) 14:48:43.0450 0x0d7c Detect skipped due to KSN trusted 14:48:43.0450 0x0d7c iScsiPrt - ok 14:48:43.0466 0x0d7c [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys 14:48:43.0466 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\kbdclass.sys. md5: 701D7DB13B0815E7076EF4CB4CE981F8, sha256: 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 14:48:43.0466 0x0d7c kbdclass - detected LockedFile.Multi.Generic ( 1 ) 14:48:43.0591 0x0d7c Detect skipped due to KSN trusted 14:48:43.0591 0x0d7c kbdclass - ok 14:48:43.0591 0x0d7c [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys 14:48:43.0591 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\kbdhid.sys. md5: 884EBBDDBF5968003B40185BD96FF0E6, sha256: E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 14:48:43.0591 0x0d7c kbdhid - detected LockedFile.Multi.Generic ( 1 ) 14:48:43.0700 0x0d7c Detect skipped due to KSN trusted 14:48:43.0700 0x0d7c kbdhid - ok 14:48:43.0716 0x0d7c [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic C:\Windows\System32\drivers\kdnic.sys 14:48:43.0716 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\kdnic.sys. md5: 6B3A0C7902811E6372643447E41F7048, sha256: 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 14:48:43.0716 0x0d7c kdnic - detected LockedFile.Multi.Generic ( 1 ) 14:48:43.0810 0x0d7c Detect skipped due to KSN trusted 14:48:43.0810 0x0d7c kdnic - ok 14:48:43.0810 0x0d7c [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso C:\Windows\system32\lsass.exe 14:48:43.0857 0x0d7c KeyIso - ok 14:48:43.0857 0x0d7c [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:48:43.0872 0x0d7c KSecDD - ok 14:48:43.0888 0x0d7c [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:48:43.0904 0x0d7c KSecPkg - ok 14:48:43.0904 0x0d7c [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:48:43.0935 0x0d7c ksthunk - ok 14:48:43.0950 0x0d7c [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm C:\Windows\system32\msdtckrm.dll 14:48:44.0013 0x0d7c KtmRm - ok 14:48:44.0013 0x0d7c [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:48:44.0060 0x0d7c LanmanServer - ok 14:48:44.0107 0x0d7c [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:48:44.0138 0x0d7c LanmanWorkstation - ok 14:48:44.0154 0x0d7c [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc C:\Windows\System32\lfsvc.dll 14:48:44.0185 0x0d7c lfsvc - ok 14:48:44.0185 0x0d7c [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager C:\Windows\system32\LicenseManagerSvc.dll 14:48:44.0232 0x0d7c LicenseManager - ok 14:48:44.0232 0x0d7c [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio C:\Windows\system32\drivers\lltdio.sys 14:48:44.0263 0x0d7c lltdio - ok 14:48:44.0279 0x0d7c [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:48:44.0325 0x0d7c lltdsvc - ok 14:48:44.0325 0x0d7c [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:48:44.0357 0x0d7c lmhosts - ok 14:48:44.0372 0x0d7c [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:48:44.0388 0x0d7c LSI_SAS - ok 14:48:44.0404 0x0d7c [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i C:\Windows\system32\drivers\lsi_sas2i.sys 14:48:44.0419 0x0d7c LSI_SAS2i - ok 14:48:44.0419 0x0d7c [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i C:\Windows\system32\drivers\lsi_sas3i.sys 14:48:44.0435 0x0d7c LSI_SAS3i - ok 14:48:44.0435 0x0d7c [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys 14:48:44.0450 0x0d7c LSI_SSS - ok 14:48:44.0482 0x0d7c [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM C:\Windows\System32\lsm.dll 14:48:44.0560 0x0d7c LSM - ok 14:48:44.0575 0x0d7c [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv C:\Windows\system32\drivers\luafv.sys 14:48:44.0607 0x0d7c luafv - ok 14:48:44.0622 0x0d7c [ 88B38A7435DFA9B7E8F94F5D5FE999D2, FF4EBB6CE013D0EA62FEDA5FBBD1205D9A6F684E701F40039A95A4EF4145DC16 ] MapsBroker C:\Windows\System32\moshost.dll 14:48:44.0638 0x0d7c MapsBroker - ok 14:48:44.0654 0x0d7c [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 14:48:44.0669 0x0d7c MBAMProtector - ok 14:48:44.0716 0x0d7c [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe 14:48:44.0763 0x0d7c MBAMScheduler - ok 14:48:44.0794 0x0d7c [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe 14:48:44.0841 0x0d7c MBAMService - ok 14:48:44.0857 0x0d7c [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 14:48:44.0872 0x0d7c MBAMSwissArmy - ok 14:48:44.0872 0x0d7c [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 14:48:44.0888 0x0d7c MBAMWebAccessControl - ok 14:48:44.0888 0x0d7c [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas C:\Windows\system32\drivers\megasas.sys 14:48:44.0904 0x0d7c megasas - ok 14:48:44.0919 0x0d7c [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr C:\Windows\system32\drivers\megasr.sys 14:48:44.0951 0x0d7c megasr - ok 14:48:44.0966 0x0d7c [ C7DFCC5470DBBE00114723A233701CF8, 8E00E8975BD3ABDD7F774E76FE33024EE09755DFC3C46F880E4EAA7F7D8393B6 ] MEIx64 C:\Windows\System32\drivers\TeeDriverW8x64.sys 14:48:44.0997 0x0d7c MEIx64 - ok 14:48:44.0997 0x0d7c [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\Windows\System32\MessagingService.dll 14:48:45.0044 0x0d7c MessagingService - ok 14:48:45.0076 0x0d7c [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus C:\Windows\System32\drivers\mlx4_bus.sys 14:48:45.0107 0x0d7c mlx4_bus - ok 14:48:45.0107 0x0d7c [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS C:\Windows\system32\drivers\mmcss.sys 14:48:45.0138 0x0d7c MMCSS - ok 14:48:45.0138 0x0d7c [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem C:\Windows\system32\drivers\modem.sys 14:48:45.0169 0x0d7c Modem - ok 14:48:45.0169 0x0d7c [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor C:\Windows\System32\drivers\monitor.sys 14:48:45.0169 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\monitor.sys. md5: 78FEC1BDB168370F131BFBFEA0A04E9D, sha256: E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B 14:48:45.0185 0x0d7c monitor - detected LockedFile.Multi.Generic ( 1 ) 14:48:45.0294 0x0d7c Detect skipped due to KSN trusted 14:48:45.0294 0x0d7c monitor - ok 14:48:45.0310 0x0d7c [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass C:\Windows\System32\drivers\mouclass.sys 14:48:45.0310 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mouclass.sys. md5: D1CC0833CFBC4222A95CAA5D0C8C78FF, sha256: 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D 14:48:45.0310 0x0d7c mouclass - detected LockedFile.Multi.Generic ( 1 ) 14:48:45.0435 0x0d7c Detect skipped due to KSN trusted 14:48:45.0435 0x0d7c mouclass - ok 14:48:45.0435 0x0d7c [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid C:\Windows\System32\drivers\mouhid.sys 14:48:45.0435 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mouhid.sys. md5: C2E05EC6B80BCF5AE362DA873E1BCE64, sha256: 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B 14:48:45.0451 0x0d7c mouhid - detected LockedFile.Multi.Generic ( 1 ) 14:48:45.0560 0x0d7c Detect skipped due to KSN trusted 14:48:45.0560 0x0d7c mouhid - ok 14:48:45.0576 0x0d7c [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:48:45.0622 0x0d7c mountmgr - ok 14:48:45.0622 0x0d7c [ 98DA127D0AB8B6CB5773546AF60D9217, BB07F34552342CA40E843F80AA32C928C29EF81789605E53C795EFD564F2DA7F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:48:45.0685 0x0d7c MozillaMaintenance - ok 14:48:45.0685 0x0d7c [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:48:45.0732 0x0d7c mpsdrv - ok 14:48:45.0747 0x0d7c [ 3B3906F069DB567C3D092F195FEA5F87, 1EAD704AD8E81D083FE3D458B529F8ECBE99569EFD20F7B520339F054E2F6515 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:48:45.0826 0x0d7c MpsSvc - ok 14:48:45.0826 0x0d7c [ 37C9EC0398BFC22C616711E41AE157D5, C8DD6B6B47513696CD4BD376C5D9F82C0F52F5A351FFAFE149E3B13C4684D40E ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:48:45.0872 0x0d7c MRxDAV - ok 14:48:45.0888 0x0d7c [ 61F9F27A8C3D7BCD287FE98A440421CE, 773208951BD0B8C0B9510F4C317484D5FCF36D09310D4E20F2BDB85D61088BA5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:48:45.0919 0x0d7c mrxsmb - ok 14:48:45.0919 0x0d7c [ CCAD845F4D21D0E0E0468205EE865473, 8F93B61F407BCE5910A7A9F01F8A51FDB7A3C4F03E59C144C1D4FD974D10C2D4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:48:45.0966 0x0d7c mrxsmb10 - ok 14:48:45.0966 0x0d7c [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:48:45.0997 0x0d7c mrxsmb20 - ok 14:48:45.0997 0x0d7c [ A934DF064C503A31683DD7EECDBD327A, 3ED943A2CFE9BB00898A4FCE08D3A5C814FE6E546FC10E9F30E6C2619B1AD162 ] MsBridge C:\Windows\system32\drivers\bridge.sys 14:48:46.0029 0x0d7c MsBridge - ok 14:48:46.0044 0x0d7c [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC C:\Windows\System32\msdtc.exe 14:48:46.0076 0x0d7c MSDTC - ok 14:48:46.0091 0x0d7c [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:48:46.0107 0x0d7c Msfs - ok 14:48:46.0122 0x0d7c [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys 14:48:46.0122 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\msgpiowin32.sys. md5: B3358F380BA3F29F56BE0F7734C24D5F, sha256: 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 14:48:46.0122 0x0d7c msgpiowin32 - detected LockedFile.Multi.Generic ( 1 ) 14:48:46.0216 0x0d7c Detect skipped due to KSN trusted 14:48:46.0216 0x0d7c msgpiowin32 - ok 14:48:46.0232 0x0d7c [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:48:46.0279 0x0d7c mshidkmdf - ok 14:48:46.0294 0x0d7c [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys 14:48:46.0326 0x0d7c mshidumdf - ok 14:48:46.0326 0x0d7c [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:48:46.0326 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: 59307FEAFC9E72EEEC56B7FD7D294F4C, sha256: 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA 14:48:46.0326 0x0d7c msisadrv - detected LockedFile.Multi.Generic ( 1 ) 14:48:46.0420 0x0d7c Detect skipped due to KSN trusted 14:48:46.0420 0x0d7c msisadrv - ok 14:48:46.0435 0x0d7c [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:48:46.0498 0x0d7c MSiSCSI - ok 14:48:46.0498 0x0d7c msiserver - ok 14:48:46.0513 0x0d7c [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV C:\Windows\system32\DRIVERS\MSKSSRV.sys 14:48:46.0529 0x0d7c MSKSSRV - ok 14:48:46.0544 0x0d7c [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp C:\Windows\system32\drivers\mslldp.sys 14:48:46.0560 0x0d7c MsLldp - ok 14:48:46.0576 0x0d7c [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK C:\Windows\system32\DRIVERS\MSPCLOCK.sys 14:48:46.0591 0x0d7c MSPCLOCK - ok 14:48:46.0607 0x0d7c [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM C:\Windows\system32\DRIVERS\MSPQM.sys 14:48:46.0623 0x0d7c MSPQM - ok 14:48:46.0638 0x0d7c [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:48:46.0669 0x0d7c MsRPC - ok 14:48:46.0669 0x0d7c [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios C:\Windows\System32\drivers\mssmbios.sys 14:48:46.0669 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mssmbios.sys. md5: E887FFDD6734C496407E9219225CB6FF, sha256: 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D 14:48:46.0669 0x0d7c mssmbios - detected LockedFile.Multi.Generic ( 1 ) 14:48:46.0795 0x0d7c Detect skipped due to KSN trusted 14:48:46.0795 0x0d7c mssmbios - ok 14:48:46.0795 0x0d7c [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE C:\Windows\system32\DRIVERS\MSTEE.sys 14:48:46.0841 0x0d7c MSTEE - ok 14:48:46.0857 0x0d7c [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys 14:48:46.0857 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\MTConfig.sys. md5: 4FA0483896FC16583851EFB733FCB083, sha256: BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 14:48:46.0857 0x0d7c MTConfig - detected LockedFile.Multi.Generic ( 1 ) 14:48:46.0966 0x0d7c Detect skipped due to KSN trusted 14:48:46.0966 0x0d7c MTConfig - ok 14:48:46.0982 0x0d7c [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup C:\Windows\system32\Drivers\mup.sys 14:48:47.0013 0x0d7c Mup - ok 14:48:47.0013 0x0d7c [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis C:\Windows\system32\drivers\mvumis.sys 14:48:47.0029 0x0d7c mvumis - ok 14:48:47.0045 0x0d7c [ 536A0806CE2061A2157E65D4D8ABF30C, F9893F66505E3F748365CD4625B34357531804BDFE33E57285C0106C03F7916C ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:48:47.0091 0x0d7c NativeWifiP - ok 14:48:47.0107 0x0d7c [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc C:\Windows\System32\ncasvc.dll 14:48:47.0154 0x0d7c NcaSvc - ok 14:48:47.0170 0x0d7c [ 7467BD76D6ED5981E6C3DBFEB50F0F4D, 237E1C2E15D5F3BAC49B09E1CD0EAE56A6998AE1FF560A4F7A7EFFEB46884798 ] NcbService C:\Windows\System32\ncbservice.dll 14:48:47.0216 0x0d7c NcbService - ok 14:48:47.0216 0x0d7c [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll 14:48:47.0263 0x0d7c NcdAutoSetup - ok 14:48:47.0279 0x0d7c [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr C:\Windows\System32\drivers\ndfltr.sys 14:48:47.0279 0x0d7c ndfltr - ok 14:48:47.0326 0x0d7c [ AFAECF904F1C343EBD50F91BC8D0DBE8, FABAE70F62895708415B8E176A880D2D20D46D9A14C3D41D371B905CE4D64BA0 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:48:47.0373 0x0d7c NDIS - ok ************************************************************* Ende Teil1 ************************************************************* |
Sorrs, ich habe vergessen zu schreiben, das dies nun das fehlerfreie Log vom Toschiba ist. Hier also der zweite Teil vom Kaspersky TDSSKiller Code: 14:48:47.0373 0x0d7c [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap C:\Windows\system32\drivers\ndiscap.sys |
Was willst du jetzt mit Logs von anderen Rechnern, das ist doch völlig Quatsch, wir wollen wissen was mit dem spinnenden System ist, nicht mit irgendwelchen anderen. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:16 Uhr. |
Copyright ©2000-2025, Trojaner-Board